Having already recommended Loginizer to prevent ‘Bruteforce’ attacks, I now have another recommendation: ‘All in One WordPress Firewall’
‘All in One WP Security & Firewall’ from Tips and Tricks HQ is a very popular and up-to-date WordPress Firewall plugin. This certainly meets our requirements as a ‘safe’ option. It has all the features of Loginizer when it comes to Bruteforce, but that’s not all. As the name suggests, this has firewall settings which are simple to use, but it’s features are many and various. Too many to go into here, so a certain amount of playing about with the settings is recommended. One nice feature is the dashboard which displays a gauge indicating how protected your site is. Under this are four buttons which you should click to set up your critical features. Each time you add a feature, your security rating goes up on the gauge.
The four basic settings in the wordpress firewall dashboard:
- Admin username – if you are still using ADMIN as your WP username – stop it!
- Login Lockdown – your Bruteforce settings preventing dubious logins trying to work out your usernames and passwords
- File Permission – List of file permissions highlighting possible threats and allowing a one-button click for recommended settings
- Basic WordPress Firewall – Lots of ‘under the hood’ settings you might want to enable to keep your site safe from various threats
I recommend browsing through all the settings and seeing how high you can get your security strength. You should however, pay particular attention to the warnings that come with some of the settings. If you over-tweak your site, you may end up not being able to login yourself…
All-in One has 15 subsections under the main dashboard menu, so you may need to slog through a number of pages. You can also relax in the knowledge that you are reducing the risk to your site with every setting you activate. Be aware that it can be extremely expensive to have rock-solid security, however you can certainly reduce your risk for just a little work (and no cost).
You could delete Loginizer (if you have it) as this plugin does the same job, and so much more. I would recommend reviewing your plugins frequently. I also advise sorting out any plugins that don’t seem current (in case they have security issues). Finally, I would check to make sure you don’t have multiple plugins doing the same job.