Further articles of the series
Security Plugins for WordPress: #1 Security is important
Security Plugins for WordPress: #2 Wordfence Security
Security Plugins for WordPress: #3 iThemes Security
Security Plugins for WordPress: #4 NinjaFirewall
Security Plugins for WordPress: #5 Sucuri Security
Security Plugins for WordPress: #6 All In One WP Security
Security Plugins for WordPress: #7 VaultPress
WordPress is attack target number 1
Very few people usually worry about security. A typical example are the backups of webspace and your own computer, because if you really want to be sure that your data will never be lost, you have to spend money and make appropriate copies that are mirrored externally. Effort and costs keep many people away from the topic of security, but especially with WordPress it becomes more and more important. The CMS has established itself as the number one user, but has also become the number one hacker target. The reason for this is simple, because with automated attacks on WordPress systems, the attackers reach many blogs at once, which all use the same substructure. So once a gap is found, it can be exploited not only on one website, but on all of them using WordPress. Finding out which website is using WordPress is also very easy, the code is known, which is rarely the case with special in-house developments. So WordPress is currently a target and the more users use WordPress, the more attacks will follow.
Why WordPress security is important
WordPress is therefore a frequent target for attacks and most of the attacks are now fully automated. Sometimes it's just about integrating spam and links, sometimes it's about reading out the database, sometimes there are SQL injections or attacks on single WordPress files. So why is security so important? Very simple, because once attackers have gained access and integrated malicious code, it is almost impossible to cleanly remove it. Most of the time, a backup is no longer helpful, WordPress has to be completely reinstalled and probably some content will be missing in the end, because it was already infected.
But much worse is that malicious code in WordPress is usually not very noticeable. It is integrated into plugins, themes, or in files of WordPress itself, i.e. hidden in places nobody suspects or discovers or in places that simply cannot be controlled. Theoretically, your WordPress installation could be infected by now without you noticing anything. This is another reason why security is so important for the CMS, because the corresponding security plugins log and block attacks, scan the content for malicious code and more. Acting is better than reacting, or as they say. So it is better to provide security before than to try to extinguish the burning house afterwards.
Bots, spammers, hacks and the performance
Another point on the subject of WordPress Security is performance. All the attacks caused by bots and aggressive crawlers also put a strain on your server. All the accesses and actions that are automated reduce the performance of your website. But if you block all these attacks and the evil crawlers and bots, you will ideally get performance back. The automatic accesses then decrease, but at the same time the performance for the real users increases. So even if a security plugin often eats up a lot of performance itself, the performance gain is much higher in the ideal case.
Unfortunately, this is not the case with some plugins, but others actually ensure that significantly fewer resources are consumed and the overall performance of the server increases again. This is of course not only the case with DDoS attacks so, which can often be completely blocked by security plugins and thus run into nothing, this is also the case with all "normal" attacks, which also inconspicuously devour the resources of your server. You won't notice the performance gain much in the end, but especially at peak times you will notice it clearly. Security brings with WordPress in the ideal case also performance.
WordPress Security Plugins in test
The big problem with WordPress Security is that there is not one plugin or option, but countless. Some of them are premium, others want to provide security for free, others advertise through their cooperation with large companies or prominent developers. Keeping an overview is again very difficult, actually it is almost impossible. On top of that, security is a delicate matter.
So which developer do I trust, who delivers permanent and solid updates, which plugin has security holes and who really means well with me or who just wants my money for supposedly more security? Beside such basic questions, it goes on technically. Which security plugin for WordPress scans what exactly and how much performance does it use or does it bring back performance by blocking the attacks? So many questions that can usually only be answered in a complex test. In the last few months I have looked at all major security plugins for WordPress, examined them closely, tested them in detail, checked their performance and much more. My results now result in this article series. It contains several tips and tricks, but also reviews of the most important WordPress security plugins. Have fun reading.