ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Protect Your WordPress Sites: Free WordPress Security Plugins

Updated on April 19, 2012

WordPress is Cheap and Easy to Use

The great thing about using WordPress is that it is like HubPages you don't need a lot of technical knowledge to use the platform and you also don't have to spend any money to use it.

I decided to start publishing my own websites after the Google Panda Slap hit HubPages and the earnings and readership for my hubs dropped. My reason for branching out away from HubPages was to diversify so that all my eggs weren't all in the same basket. Because of this I decided not to move any of the content I already had on HubPages as I believed that my earnings and readership levels would recover and they did.

Basic Protection for WordPress Sites

I've been using WordPress on my sites for well over a year now and I'm very happy using this platform but there is one area which I'd not really given any thought to and that was security.

I'd only taken three very basic steps to protect my sites which were to

  • back up my sites every week
  • ensure I didn't use admin as the username for any of the sites
  • use a computer generated password

WordPress Plug Ins Installed on Recommendations

I'm not going to explain what WordPress is in this hub or what the difference is between and as this hub is aimed at people who are already using WordPress but who may not have installed any security plug ins to protect their sites.

I'm not a techie, I'm just one of these people who pick up bits and pieces of knowledge and information from here and there. The three, free security plug-ins I'm going to tell you about in this article were recommended to me by a friend and I think they were recommended to him by someone else.

Most of the plug ins I've installed have been by recommendation although I have found one or two myself.

The three, free plug ins are:

  • Limit Log In Attempts - 5 out of 5 Star rating
  • Secure WordPress - 4 out of 5 Star rating
  • WordPress Firewall 2 - 4.9(?) out of 5 Star rating

Free WordPress Security Plug In: Limit Log In Attempts

This plug in does exactly what its name infers, it limits unsuccessful log in attempts. Until now I had not realized that WordPress allows unlimited log in attempts which means that it is vulnerable to a brute force attack. This also why it is important to ensure that you do not use admin as your username and you use a strong password.

Limit Log In Attempts blocks an Internet address from making further attempts after a specified limit is reached and it is fully customizable from the Settings page shown below. You decide how many attempts to allow and how long to lock out for. You then have the option to move to a longer lock out after how ever many lock outs you chose. You also decide at what interval retries are reset.

The plug in can also log the number of retries for each IP and send email notifications so that you are aware that your site has been targeted.


Free WordPress Security Plug In: Secure WordPress

This is quite a technical plug in as it works by removing all of the things that a hacker looks for in the code on your website.

I don't pretend to understand all of the features but without this plugin a hacker is able to determine quite a lot of information about your site such as what version of WordPress you have installed and what updates you've made. This information is useful in determining whether you are using a version of WordPress which the hacker knows of a weakness in.

I've included a screenshot of the configuration page below so that the more technically minded can see what it does. I've just kept the default settings!


Free WordPress Security Plug In: WordPress Firewall 2

We are used to the fact that we need a firewall to protect our computers from attack. WordPress Firewall 2 provides the same sort of protection for your WordPress sites.

This plug in is able to stop the most obvious attacks by blacklisting and whitelisting phrases dependent upon which fields the phrases appear.

I've left the settings on the Options page as preset and shown in the screen print below.


What WordPress Plug Ins Do You Use

If you have any WordPress sites why not share details of some of the plug ins that you are using on your sites and why you use them in the Comments below.


    0 of 8192 characters used
    Post Comment

    • Amber Allen profile imageAUTHOR

      Amber Allen 

      6 years ago

      Hi STEVEW13

      I'm glad you've found the information I've provided useful.

      It is quite alarming to see the number of daily hacking attempts on each of my sites.


    • STEVEW13 profile image

      Steve Wright 

      6 years ago from Norwich, England

      Awesome hub, very insightful and very useful, thank you so much for the tips!

    • Amber Allen profile imageAUTHOR

      Amber Allen 

      6 years ago

      Hi nikkijohntan

      Thanks for reading my hub and commenting.

      Which account has been banned without giving you any explanation?


    • nikkijohntan profile image

      Nikki John 

      6 years ago from USA

      I think this is one of the best technical post which i had ever seen. This post will surely help me to create an account and make a blog post or start making websites. But 1 question i have that my account is banned without any information. can you suggest me some reasons.

    • Amber Allen profile imageAUTHOR

      Amber Allen 

      6 years ago

      Hi Don

      Thanks for being the first to comment. The ink was hardly dry!

      I learnt a lot about WordPress from YouTube videos but I keep things fairly simple. I did buy a custom theme which makes it easy for me to change layouts and color scheme with some limitations.

      I didn't consider using Blogger because I was told that the ownership of domain name remained with Blogger. I also wanted to be more independent.

      Hopefully as Blogger is owned by Google their security is the best that money can buy but I don't know for sure.


    • Don Simkovich profile image

      Don Simkovich 

      6 years ago from Pasadena, CA

      What a useful hub, Amber. Voted up and useful. Even though it's "easy" there's still a bit to learn using Wordpress. Do you use basic templates and then customize them? Have you tried Blogger? A Google property. I used blogger which I know people look down their noses on; however, I think it's improved and wonder if it, too, is quite easy to hack.


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)