WordPress has an unbelievable market share—60 percent of the websites on the Internet, whether simple blogs or Fortune 500 sites, are based on the WordPress CMS (that’s roughly 24 million sites). Its ubiquity means that WordPress actually has incredibly high security standards. If you occasionally hear something in the news about a WordPress security breach, it’s in the news not because security issues are common, but because of WordPress’s ubiquity and importance.
On top of all the built-in security of the WordPress CMS, the hosting company can implement a number of safety features. At CanSpace Solutions, we already have a Web Application Firewall (WAF) in front of all WordPress sites. The WAF’s basic job is to block all malicious traffic before it even reaches your website, thereby resolving the majority of issues before they could ever turn into a problem.
As of late, a number of companies have come up with plugins that add an extra layer of security to the WordPress platform. But do you actually need one of these?
Our take on this is that if you host your site on CanSpace and are good about following some WordPress security best practices, then you can probably get away without any additional security software. For websites for whom security is of the utmost importance, extra security measures might make sense, but at these levels, security tends to be customized rather than via a standard plugin.
Note: Every website should be using some kind of backup software, and we consider this separately from other security-oriented plugins.
With all that being said, if an extra security plugin gives you peace of mind, then it certainly doesn’t hurt to try one.
One recommendation if you want to dip your toes into the WordPress security plugin world is Sucuri Scanner. This free plugin is highly rated and is recommended by some key WordPress tutorial websites.
After the plugin is installed and activated, you can access all its features from the admin panel. One of the first thing’s you’ll have to do is to generate a free API key, which in turn enables a bunch of other features such as audit logging, integrity checking, email alerts, and others.
Most of the security features are accessed via the “Hardening” panel. It has options for:
- Website Firewall Protection
- Verify WordPress Version (checks for updates)
- Verify PHP Version (checks for updates)
- Block PHP Files in Uploads and WP-Content Directories
These options are representative of the ones you would get with any security plugin. For the most part, you can choose the default configuration and just turn the plugin on. It even has a feature that sends you an email alert whenever suspicious activity occurs on your site.
This particular plugin does make you pay for the extra feature of a Web Application Firewall, but lucky for you, as we mentioned before, one of these is included free with your hosting plan from CanSpace Solutions.
Do you have a question about WordPress security or how a particular WordPress security plugin would work for your site? We’re here to help, so get in touch with us!