Do I have to pay for a security plugin for my blog

Hi Guys,

I am just launching my first website. I was wondering if I have to pay for a security plugin from day one or not.

Thanks in advance,

 

Hi there,

I think, its better if you can install a security plugin for your wordpress site, here is a list

https://www.wpbeginner.com/plugins/best-wordpress-security-plugins-compared/

 

Install the Wordfence WordPress security plugin.

 

@snaroliya provided a good link. I use Sucuri and Wordfence from the list. I also use either Cerber or NinjaFirewall. The reason for the bloat and potential negative impact on speed and performance is that the free versions of the products bridge the gap needed by the paid versions.

As for your question, because of the many variables, there is no right or wrong answer. Arguably, I'll start with the best and most intense answer: Yes, you should pay for a security plugin at the beginning. Waiting could mean that someone could put a persistent backdoor on your site now and "attack" it later after you put a lot of time into your site, populate it with important data, etc.

Next is a softer approach which I don't suggest is to list all the features you need and/or the pro versions provide and combine plugins to reduce your attack surface - you will never be completely secure, so the most coverage (to performance ratio) is important. The reason I don't recommend this approach is to cover some gaps you have to go outside WordPress if you want to be alerted to vulnerabilities.

My best advice is to experiment with both methods until you feel comfortable with the coverage and notifications. With that said, always back your data regardless of how much you pay or how many free plugins you deploy. When you back, make sure it's not just in one place ether.

 

There are a lot of free WP security plugins like iThemes Security, Wordfence or All in One WP Security so I wouldn't pay for a premium service.
Even more important is to choose a quality hosting service which has secure server configurations and their server-side software is up to date. That will give you a good start and keep your site safe.

 

• First make sure that your hosting provider provides compartmentalization of sites, to prevent neighbor infected sites to access your site files. Look for CloudLinux
• Make sure you keep your app and plugins updated
• Wordfence can consume lot of of memory resources, that your hosting provider may not like. Once someone suggested to disable "live traffic view". Try out BBQ plugin, which should be good enough
• Enforce FTPS while accessing sites or ssh if available. Dont use FTP
• Hide wp-login url with something that only you know. Prevents brute forcing
• Use https for WP login
• Make sure you have an offsite backup

The above should be enough for a start.

 

the guys above basically covered all the main points. Updates, backups offsite on your computer or cloud storage. You can use Sucuri and WordFence or ithemes security, hide your wp-login, and ensure you have a good host. SiteGround, Kinsta, WXP, InMotion, WPEngine, FlyWheel. You might be paying a premium but in the end it will be worth it.