A couple of months ago, the web hosting account of my client was hacked and all three WordPress websites hosted on that hosting were badly flooded with malware. This all happened due to XSS vulnerability later found in a WordPress plugin. The attackers gained full backdoor access to via injected code inside different PHP files and they also added hidden administrator users to wordpress databases.
It is undoubtedly an extremely boring and cumbersome job to remove malware from a web hosting account that hosts multiple WordPress installations. You have to reinstall WordPress core, themes and plugins (updated) for all WordPress websites. It is essential to delete any PHP file found in ‘uploads’ folder to make sure that malware is not present there.
After you have cleared WordPress of all malware pieces, you have to make sure that your site is not going to be hacked again. It’s quite common that once your site is infected, there may be channels through which hackers can access to your site even if you think you have removed all the malware programs. How? It’s possible because once having accessed to your site, they get acquainted with the structure, themes and plugins etc. So it becomes a necessity to safeguard your WordPress against future infiltrations.
I tested a number of security plugins exhaustively and found two of them were not only the best ones but also what I was looking for. I am listing them here. I ask you to give these two plugins a try with proper configurations. I am quite sure that if hackers try to barge in your WordPress again, the bottom will fall out of their plans.
WP Cerber Security
As I just wrote that I tested a lot of plugins but which impressed me most was WP Cerber Security. As far as my personal opinion is concerned, I think this is the most powerful WordPress security plugin which keeps hackers and spammers at bay. The easiest way to break in WordPress is backdoor access to WordPress and never forget that once your WordPress is hacked, it’s kind of hacked forever as even after the cleaning, hackers can find a way to your WordPress via backdoor. Hackers install malicious PHP files in different WordPress directories and if any of these PHP files succeeds in dodging your cleaning, hackers execute the left PHP file and either create an admin user or manipulate the site by injecting code in different WordPress files.
Cerber security puts a prompt check on such PHP file executions and simultaneously blocks IP address of such users. Its artificial intelligence system keeps a close watch on any malicious activity like trying to run PHP files, access directly to WordPress core files or search a page which does not even exist. Sensing any such activities, Cerber Security immediately blocks them and leaves no room for hackers.
You can restrict WordPress Rest API access with the help of Cerber Security. Enabling the WordPress Rest API makes your website highly vulnerable and through it, hackers can control your site in many different ways. Not long ago, a nasty bug was found nested in WordPress 4.7 Rest API, which was allowing any visitor to modify posts. Later this security hole was patched up by WordPress. But later means later. There may be no idea how many websites will have suffered by then. Cerber Security comes with an option to give Rest API access to only trusted plugins.
Cerber Security lets you set custom login link and if someone tries to access login page via such as /wp-admin /login /admin /wp-login.php etc, Cerber Security will block it in the blink of an eye (for a duration set by admin).
Main features of Cerber Security
- Limit login attempts
- Option block entire subnet
- Block IP/subnet if a non-existed username is requested
- Optionally Display simple 404 error page for blocked users to reduce server load
- Disable wp-login.php and set custom login link
- Disbale /wp-admin redirect
- Citadel mode to prevent aggressive bruite force attack – After certain failed login attempts (default is 200 in 30 minutes) Disable login for all except whitlisted IPs
- Optionally send suspicious acitivity report to Cerber lab
- Automatically add administrator subnet in whitlist
- Add additional subnet in whitelist
- Block user enumeration – Block access to user pages like /?author=n and user data via REST API
- Disable anonymous access to admin scripts like load-scripts.php and load-style.php
- Disable REST API (add exceptions for trusted services like Yoast, Jetpack etc.)
- Disbale XML-RPC, feeds
- Powerful spam prevention system
- Detailed traffic activity tracker with IP WHOIS check
- Site diagnostic scanner that helps advanced user to find vulnerabilities in different WordPress files
Wordfence security is another comprehensive security solution plugin for WordPress. It is equipped with all the advanced features to safeguard and diagnose WordPress installation. Like Cerber, this plugin offers WordPress hardening options, brute force protection, real-time traffic inspection, website scanner, a powerful firewall that blocks malicious traffic before they access your website. They have their own cloud based threat detection system and Wordfence firewall blocks any IP if any malicious activity is detected.
Wordfence offers real-time traffic feed and notifies for file changes. what’s more, it offers a file restoration option so that you could get a cleaned version of the infected file.
Wordfence Firewall safeguards many known vulnerabilities in different plugins like Slider Revolution, many known XSS vulnerabilities, sql injection vulnerabilities, Ninja Forms and Fastest cache file_upload vulnerability etc.
Main Features of Wordfence Security
- Limit logins attempts
- Block attempts with invalid username/non-existence usernames
- Wordfence lab has database of leaked password in data breaches and they offer an option to prevent adding any leaked password if admin try to use that password
- Strong password enforcement
- Hide login errors
- Block user enumeration
- Automatically block fake googlebots
- A really meaningful malware scanner that truly detects malware infected files
- A real-time traffic inspector that notify you about file changes and any unusual unknown file creation
- Notify for plugin updates
- Notify about the installed plugins not updated from several years
- Vulnerability detector
- Ability to detect malware hidden rarely in image files
- Spam comment filtering
- Disable php execution in uploads directory
- + many more features
Can both plugins can be used parallelly?
I can say “Yes”. I used both plugins on one website and it posed no problem at all. But here I’d like to add that with different circumstances it is quite possible that using both plugins on one website may create some problem in your website So it is advisable to choose one plugin at a time.
Guys. Do use these plugins to keep hakcers away from your WordPress. These plugins makes your WordPress safer and faster.