1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Do I have to pay for a security plugin for my blog

Discussion in 'WordPress' started by mathiex, Feb 26, 2019.

  1. #1
    Hi Guys,
    SEMrush
    I am just launching my first website. I was wondering if I have to pay for a security plugin from day one or not.

    Thanks in advance,
     
    mathiex, Feb 26, 2019 IP
    SEMrush
  2. snaroliya

    snaroliya Member

    Messages:
    48
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    45
    #2
    Hi there,

    I think, its better if you can install a security plugin for your wordpress site, here is a list

    https://www.wpbeginner.com/plugins/best-wordpress-security-plugins-compared/
     
    snaroliya, Feb 26, 2019 IP
  3. dcristo

    dcristo Illustrious Member

    Messages:
    19,711
    Likes Received:
    1,180
    Best Answers:
    7
    Trophy Points:
    470
    Articles:
    7
    #3
    Install the Wordfence WordPress security plugin.
     
    dcristo, Feb 26, 2019 IP
  4. AttaboyRoi

    AttaboyRoi Member

    Messages:
    26
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    33
    #4
    @snaroliya provided a good link. I use Sucuri and Wordfence from the list. I also use either Cerber or NinjaFirewall. The reason for the bloat and potential negative impact on speed and performance is that the free versions of the products bridge the gap needed by the paid versions.

    As for your question, because of the many variables, there is no right or wrong answer. Arguably, I'll start with the best and most intense answer: Yes, you should pay for a security plugin at the beginning. Waiting could mean that someone could put a persistent backdoor on your site now and "attack" it later after you put a lot of time into your site, populate it with important data, etc.

    Next is a softer approach which I don't suggest is to list all the features you need and/or the pro versions provide and combine plugins to reduce your attack surface - you will never be completely secure, so the most coverage (to performance ratio) is important. The reason I don't recommend this approach is to cover some gaps you have to go outside WordPress if you want to be alerted to vulnerabilities.

    My best advice is to experiment with both methods until you feel comfortable with the coverage and notifications. With that said, always back your data regardless of how much you pay or how many free plugins you deploy. When you back, make sure it's not just in one place ether.
     
    AttaboyRoi, Mar 3, 2019 IP
    dcristo likes this.
  5. VegasHero

    VegasHero Active Member

    Messages:
    24
    Likes Received:
    1
    Best Answers:
    1
    Trophy Points:
    51
    #5
    There are a lot of free WP security plugins like iThemes Security, Wordfence or All in One WP Security so I wouldn't pay for a premium service.
    Even more important is to choose a quality hosting service which has secure server configurations and their server-side software is up to date. That will give you a good start and keep your site safe.
     
    VegasHero, Mar 12, 2019 IP
  6. bountysite

    bountysite Member Premium Member

    Messages:
    42
    Likes Received:
    1
    Best Answers:
    1
    Trophy Points:
    33
    #6
    • First make sure that your hosting provider provides compartmentalization of sites, to prevent neighbor infected sites to access your site files. Look for CloudLinux
    • Make sure you keep your app and plugins updated
    • Wordfence can consume lot of of memory resources, that your hosting provider may not like. Once someone suggested to disable "live traffic view". Try out BBQ plugin, which should be good enough
    • Enforce FTPS while accessing sites or ssh if available. Dont use FTP
    • Hide wp-login url with something that only you know. Prevents brute forcing
    • Use https for WP login
    • Make sure you have an offsite backup
    The above should be enough for a start.
     
    bountysite, Mar 12, 2019 IP
  7. jayroberts

    jayroberts Peon

    Messages:
    16
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    1
    #7
    the guys above basically covered all the main points. Updates, backups offsite on your computer or cloud storage. You can use Sucuri and WordFence or ithemes security, hide your wp-login, and ensure you have a good host. SiteGround, Kinsta, WXP, InMotion, WPEngine, FlyWheel. You might be paying a premium but in the end it will be worth it.
     
    jayroberts, Jun 4, 2019 IP