Questions about security; need plugin?

I just attended a talk about security issues on websites and protecting yourself. They talked about things like security plugins, such as WordFence. I’m wondering if anyone recommends that I install such a plugin, and if so, which one. I have a multisite install on reclaim hosting. Thanks in advance!

Wordfence is very good and works on multisite. It helped with some issues we had at TRU.

There are a lot of settings and it can generate a ton of email notifications especially for update reminders (check those settings too).

I tend to not install it until there is an issue I am concerned about; I try to be ultra conservative with the number of plugins activated because that can put a hit on performance (like if I do use JetPack I de-activate a lot of the modules, usually I just want the stats).

At a minimum make sure you have the Limit Login Attempts plugin on (Thats one Reclaim installs by default I think). If you keep your WP sites updated that goes a long way too.

1 Like

Completely agree with @cogdog. We do often recommend Wordfence. Once of the first things I do is turn off email notifications for things like login attempts which gets very noisy. What I like about it is that there’s a setting for the scan to check your plugins and themes against the repository versions so if any suspicious files have been added it will flag that.

For those who want to have an external service handle monitoring and cleanup we recently helped a customer setup Sucuri on their site and it’s a nice service, but comes at a premium for that peace of mind.

Yes, I have to second (third?) what @cogdog and timmmyboy have said. I’ve used WordFence on all the sites for couple years and it’s been very helpful. It can, though, as @cogdog said generate a lot of email messages. I set up a separate email account/address to keep it from overwhelming the other stuff in my email. I suppose a Gmail filter would do the same.

Another, but not duplicative, useful plugin is BruteForce Protect. It protects against, surprise, brute force multiple attempts to login. It used to be an independent plugin but Automattic bought it and it’s now a module in the free JetPack plugin.


Thanks, @cogdog, @timmmmyboy, @econproph! I do have the Limit Login Attempts plugin, and I will look into WordFence. The problem is that this site is my professional identity…a career advancement is riding on it at the moment, and I just realized that I have very little in the way of protection from hackers. It would be embarrassing and a very time-consuming thing to have to redo it!

And I do have JetPack so I can activate Brute Force Protect.