Security plugins – overview

There are some WP security plugins you can use to improve your page’s security.


I would say there are 3 absolutely “must have” plugins:

If you want / must to stick only to free versions then use all 3 of them and set them according to my texts.


Other plugins which can help you if you do not want to use any of general security plugins mentioned above:

  • BBQ – block bad queries
  • Login LockDown – limit login attempts from given IP range (Settings/ Login LockDown)
  • Login Security Solution  – (Settings/ Login Security Solution)
  • Disable XML-RPC Pingback  – only install and activate
  • Disable XML-RPC – only install and activate
  • Anti-Malware and Brute-Force Security by ELI


And other very helpful plugins in special situations:

  • Change db prefix – if you need to change table prefix after install – because leaving prefix “wp_” is bad idea.
  • iThemes Security (formerly Better WP Security) – to scan themes for hard-coded links or back doors