WordPress Security And Firewalls

Without a shadow of a doubt, WordPress is miles away the most popular content management system (CMS) in the world. Last year, the ManageWP Blog released some research that reported that a whopping 74.6 million sites out there depend upon WordPress, with roughly 50% of those hosted on the free WordPress.com.

There is good reason for this. WordPress’s popularity undoubtedly comes down its usability. It’s one of the fastest, user-friendliest and streamlined CMS platforms available on the market.

And so it should come as no surprise then that something as widely-used as this – from amateur bloggers to professional website developers – has become an extremely common target for hackers and spammers and many other malicious parties.

Indeed, recently there has been a lot of coverage in the online press about an increase in hijacks, as well as a number of holes being discovered in some very popular WordPress plugins.

WordPress Vulnerabilities Abound

The security company Sucuri last year discovered a series of striking vulnerabilities in 4 very popular plugins for WordPress.

These were:

It was reported that, combined, these plugins had been downloaded more than 20 million times, leaving a similar number of accounts dangerously exposed.

WordPress Security

Let me put the record straight before we continue. WordPress is actually very secure in itself, and the WordPress team working behind the scenes obviously do everything they can to try and keep ahead of any bugs or holes that they discover – as of course do the developers behind the various plugins.

However, no system is ever 100% secure, and it is the job of hackers and spammers to try and find vulnerabilities and then exploit them.

One of the most effective measures that you can take to try and ensure that your WordPress site is as protected as possible is to make sure that you are always, always, always running the latest version of WordPress and any plugins that you have attached to it (in this vein, I should also reassure you that all of the vulnerabilities that Sucuri discovered in the above mentioned plugins have now been patched, and if you are running the latest version of them then you should be absolutely fine).

That being said, keeping your software constantly updated is still not enough when it comes to WordPress security, and you will still need to take some extra measures yourself to protect your own account to bolster the efforts that the various developers are continuously making.

And so below we’ve put together a short list of some of the very best WordPress security plugins and services that you should consider utilizing right away to make sure that your site is as protected as possible.


The services that Sucuri offer are second to none. Servicing over 250,000 domains, the Sucuri team protect against 33 million attacks a month.

The list of security features that Sucuri offers is extensive:

  • Security Analysis
  • Malware Scanning, Detection and Cleanup
  • Website Blacklist Removal and Repair
  • Repairing of Blackhat SEO
  • Security Monitoring
  • DDoS Mitigation
  • Hack and Attack Prevention
  • Malware Prevention
  • Zero Day Response Mechanism
  • Performance Optimization
  • Platform Agnostic Simple Configuration

If you’re running a website for your business, then you need these services. The privacy and protection of your sensitive data – and, perhaps more importantly, your client’s data – is of utmost concern, and the security of it means everything to your business.

As such, you should, as a first line of defence, also implement a firewall – and Sucuri can also do this for you as well.

Sucuri Firewall

The Sucuri Firewall will ring-fence your website, protecting it from malware, spam, hackers and blacklists. Firewalls work by putting up a barrier that is designed to keep destructive forces away from your computer and your network that come from the internet.

Whenever information tries to come into your computer, the firewall filters it and only allows it through if it is deemed safe.

Typically they use one, two or all three of the below methods to control the traffic that flows in and out of your network and/or computer.

  • Packet Filtering – where small chunks of data are analysed against a set of filters.
  • Proxy Service – where any information that is retrieved from the internet is done so via the firewall and then sent to the requesting system (and vice versa).
  • Stateful Inspection – this where the contents of each packet is not actually examined in itself, but rather that key parts of it are compared to a database of trusted information. If the information compared results in a reasonable match then the packet is allowed through – and if it doesn’t then it is discarded.


WordFence is a very sophisticated security plugin for WordPress that constantly monitors the web for cyber attacks. Learning from what it finds, it then uses this information to build up new defences in real-time for your site.

The services that WordFence offers include:

  • Advanced Comment Spam Filter
  • Checks if Site IP is Generating Spam
  • Remote Scans
  • Country Blocking
  • Repair Damaged Files
  • Scans Content For Bad URLs
  • Real-time View of Hackers and Crawlers
  • Malware Monitoring
  • Backdoor Monitoring
  • Firewall Protection
  • Blocking of Fake Googlebots
  • Blocking of Brute Force Attacks
  • View Top Content Leeches
  • Monitoring of Disk Space
  • Enforcement of Strong Passwords
  • Checking of Existing Passwords
  • Scanning For DNS Changes
  • Tracking of IPs to their Source

Put simply, WordFence is a top WordPress security tool and should definitely be part of every site’s defence arsenal.

For a further list of effective security plugins for WordPress, check out 201 Digital for a list of the top 10.


You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *