WordFence security plugin is the best when it comes to WordPress security plugins. This top-class security and performance plugin performs a deep server scan of your WordPress site’s source code and compares the same with the Official WordPress repository. Powered by the constantly updated Threat Defense Feed, it, therefore, scans all your WordPress data i.e. files, themes, and plugins. It currently sports 1 million installs and has been rated 4.9 out of 5. This security plugin is 100% free, open-source and offers quick alerts when the site security is compromised. This helps the users by blocking common security threats like fake Googlebots, malicious scans from hackers and botnets. It offers real-time visibility into traffic and offers a Premium API key to the users for providing premium support, country blocking, scheduled scans and password auditing.
Other features of WordFence include:
- The freedom to view traffic in real time including robots, humans, 404 errors, logins and logouts and who is consuming most of your content. See the geographic area security threats originate from.
- Multi-Site Security
- Caching Features
- Compare core WordPress files against originals in repository
- Compare plugins and open source themes against WordPress.org originals
- Scan files outside your WordPress installation
- It scans your site for the HeartBleed vulnerability
- Scan for known malware files
- This plugin can also scan file contents to see if they contain a malware, Trojan, virus, backdoor, known dangerous URL or known vulnerability
- Scan files posts a comment for URLs in Google’s Safe Browsing List
- Even scan for weak passwords
- Scan DNS for unauthorized changes
- Checks your disk space to prevent DDoS attack
- Checks for out of date themes, plugins and core files
- Includes the fastest WordPress caching engine available, Falcon Engine
- Locking out users after a specified number of failures are detected
- Immediately lock out invalid usernames
- IPv6 Compatible
- Major Theme and Plugins Supported
- Constant updating
There’s both a free and premium version of the plugin, and even the free one has a lot of features included. You need to sign up for a Wordfence account and when you are done, you’ll see the API keys you have purchased by clicking the “Get API Keys” button in the dashboard. Just select one of your keys and click to reveal them on the far left of the list. Now, you can block IP addresses, and even entire countries, set up a schedule for scans, and two-step verification, and even view the traffic on your website in real-time. This plugin contains all you can think of. It’s easy to set up, as long as you avoid making any errors along the way. Also, the free version has so many advanced features that you will feel complete.