Finding the perfect security plugin for your website is important, but it’s also crucial you find the proper one that suits your needs. WordPress plugins are a dime a dozen, so we’ll be discussing how to narrow your options and what to look for in a reliable plugin so you can safely install it on your website. Some of the most frequent issues with poorly managed plugins include eating up memory in excess, 500 internal server errors, downtime, white pages, and slow response times.
Be minimal, quality over quantity!
As someone with experience as a hosting specialist it became very common for site owners to lose their footing when creating their site due to the plugins installed, and how many were installed in total. Some of the Top Ways Websites get Hacked by Spammers is due to plugin exploits. Bug fixes are included in updates, yet if the developer or site administrator isn’t regularly installing updates that increase the chances of infection from taking place. Utilizing the Principle of Least Privilege will also be beneficial in lowering the risks of infection.
It’s also not uncommon for site administrators to install multiple security plugins and use them together, thinking that this will improve their security. However, this is not unlike installing multiple antivirus programs on the same computer. Since these plugins are all trying to do similar things at the same time, this can cause all sorts of problems, most notably finding yourself locked out of your wp-admin dashboard. Throwing more software at a problem is no substitute for having a good security posture and following the best principles for a safe and secure website.
Compatibility & Reliability
Finding a security plugin to fit your website needs can be a tedious process, but we’ll go over some of the more noteworthy things to consider when doing your research on one. The first thing to consider with security plugins is how many active installs there are. A more niche security plugin may not have as many active installs for an array of reasons, which could be some of the following:
- Is the plugin frequently updated? Looking over the Changelog will help you find out when the plugin was last updated. It’s usually wise to ensure a plugin is at least updated within the last 2 months or so.
- How do the reviews look? User-submitted reviews are always helpful for not only the developer and their improvements but future plugin users as well. If reviews are less than satisfactory, it may be best to stay clear.
- Developer reputation. Developers regularly release new products, so looking at the reviews for each of their plugins will help determine if their plugin is reliable for your needs or not.
- Are they regularly engaging with their community? Some plugins are left in the dust, with seemingly no response to customer support-related issues. If this is the case it’s something to consider when narrowing your security plugin options.
- Does the plugin have a history of any vulnerabilities? The last thing you’d want is for your security plugin to be the point of entry for the attackers. A quick Google search for plugin name + vulnerability will shed some light on any past issues. Resources such as wpscan.com are also very helpful in this respect.
- A lot of plugins will provide both free and paid options. For instance, Sucuri’s free WordPress scanner will provide a variety of features for scanning the front-end of the site. However, we offer a complete Website Security Platform for paid users as well. A lot of security plugins will provide both free and paid versions of their services as well, so it’s important to consider what they’re providing in terms of free and paid features, and the overall costs fitting into your website budget.
- Having an optimal interface will be helpful for an average site administrator, as you don’t want things too cluttered or disorganized.
When in doubt, try it out.
Sometimes you may not know which plugin you like the most until you try it out for yourself. Before installing ones you’re still on the fence about I recommend making a backup of the site first, in case anything goes haywire.
The main takeaway in installing plugins is to be thorough in your research, and don’t trust the first one you see. Developing a quality plugin can take a lot of time, and a developer passionate about their craft will make sure their time creating one is meaningful. This brings us to our last point, contributions made to WordPress developers such as reviews, donations, and overall feedback are always appreciated.
Be wary of assuming that a security plugin is going to be a panacea for your website’s needs. There is no substitute for maintaining a good security posture. Things like using robust passwords, keeping software up to date, and limiting access control will go just as far, if not further than any security plugin could offer. Many infections that we see could be stopped just with some basic additional authentication on your admin panel. See our other post on basic WordPress hardening for some other helpful tips on securing your website.