Your website’s security is important.

To help keep your site secure, we’ve put together a short list of security plugins for WordPress that we have used and recommend. Some work for a specific purpose, while others have a variety of options available in one package. The plugin that works best for your site will depend on your security needs.


WPS Hide Login a simple plugin that changes the URL of your login to the administration of your website. It creates a field in your settings that you can type in anything you would like (within reason).

For example, instead of typing your admin URL – to login to your cool website’s administration dashboard, it can be changed to

By changing this URL, you make it harder for brute force login bots to attack your page. Anything trying to login into the /wp-admin page will be redirected to a 404 error page.  This prevents wasting processing time on the attempted logins by the same bots.

PRO: This is a very light plugin that can save your server the stress of processing bogus login attempts.
CON: Forgetting what you selected the login to be, so write it down somewhere safe.


If moving the login is not your style, this plugin will limit the number of attempts that can be made from a specific IP logging into your website.

Limit Login Attempts Reloaded keeps track of  IPs and will ban or blacklist them after a set number of failed login attempts. This keeps scripted attacks short so your website performance can be maintained. You can set the number of allowed failed attempts and also manually enter in IPs to whitelist or blacklist.

PRO: A simple plugin for a specific task of protecting from Brute Force attacks.
CON: You need to be careful not to trigger this lockout yourself. If you set your IP blacklist ban too low, it can lock out yourself and your office – basically anyone using your IP.


Sucuri WordPress Security protects your site and alerts you to any strange behaviors or codes found during a scan. Sucuri is known for their industry leading website scanner that detects hacked scripts inserted in websites.

This plugin installs the scanner along with website hardening options.  The base part of the plugin is free, but it can be upgraded to high-end protection with the Sucuri Firewall service.

PRO: This is the easiest way to add a daily scanner to your website. With the alerts and hardening tied into it, this makes it a powerful plugin.
CON: It does not offer any brute force or other protections that the larger security packages offer.


In the security plugin market, iThemes, formerly WP Security, has been available for years. Their package offers all of the plugins we mentioned so far and much, much more. The base version offers brute force protections, two-factor authentication, file change detection, database backups, strengthening rules, and login hiding. They also have a Pro version that includes a site scanner, logging, version management, and more.

PRO: This is a comprehensive security plugin, especially the Pro version.
CON: It is on the bulky side of plugins vs performance. While it has many options to keep your website safe, it can also start bogging down the website a bit with the logging, scans, and alerts.


If there was one security plugin to run that includes the kitchen sink, it would be this one.

This security plugin has numerous security features including a scan of your website, login security, protection against brute force attacks, firewall installation, country blocking, two factor authentication, live traffic monitoring, and more.  Both a free and premium version are available, though many of the features are provided in the free version.

PRO: Even the free version has about every security option for WordPress at your disposal.
CON: This can be difficult to set up and confusing to novice users. It is also very cumbersome to your web server and affects the performance of your website.

Installing a reliable WordPress security plugin is just the first step to offering full site protection. Dependable website hosting combined with a strong security plugin protects your website from numerous types of attacks. Trustworthy website hosting provides continuous protection without the risk of negatively affecting your website’s performance with too many bulky plugins.

Not sure if your website is secure? Our website hosting and security experts will work with you to determine the best options for your hosting and security plan. Give us a call at (217) 222-1451 or fill out our contact form to get started!