You may not know, but as I’m writing this sentence, the ticker over at Internet Live Stats just ticked over 34,800 sites that were hacked during the day. It’s only around 35,000 of the roughly 1.01 billion (and counting) websites on the Internet, but that could potentially be 35,000 business put out of operation because of some malware or a DDoS attack. It could be your business offline right now.

That’s why you need to take the utmost responsibility and care when it comes to your website(s) — and why you should protect it like it’s the last burger on Earth. For any small business owner, website security is something they engage in, but rather don’t take seriously; they’d probably rather focus on operating their business. Whereas, website security is possibly the most important thing you should get right before you even build a website!

I’ve gotten gritty and rolled up my sleeves today, to surf the web and dig out some important information about the best and most famous website security tools and plugins around. All of the information that you need to know about the best website security tools is summarised in this article, and if you need anything more, there are links beneath each of them.

Free:

• Pricing: FREE Plugin / Premium service (for “no more than” $5/month)
• WP Rating: 4.9 / 5 stars; over 12.5 million downloads
• Features: Free Plugin
  • Blocking Features:
    • Real-time blocking of known attackers
    • Blocks entire malicious networks
    • Rates limit or blocks website security threats
    • Blocks or throttles users and robots who break your website security rules
  • Login Security:
    • Two-Factor Authentication using password and cell phone
    • Enforces strong passwords among administrators, publishers, and users
    • Checks user and admin password strength
    • Locks out brute force hacks and stop WordPress from revealing info
  • Security Scanning
    • Scans for the HeartBleed vulnerability
    • Scans core files, themes, and plugins + checks integrity against WordPress.org repository versions
    • See how files have changed
    • Scans for signatures of over 44,000 known malware variants that are known website security threats
    • Scans for unknown backdoors that create website security holes
    • Continuously scans for malware and phishing URLs
    • Scans for heuristics of backdoors, trojans, suspicious code, and other website security issues
  • WordPress Firewall
    • Includes a firewall to block common website security threats
  • Monitoring Features
    • Shows traffic in real-time
    • Shows which geographic area website security threats originate from
    • Allows you to monitor your DNS security
    • Monitors disk space (for DDoS attacks)
• Links:
  • https://wordpress.org/plugins/wordfence/
  • https://www.wordfence.com/

• Pricing: FREE Plugin / Pro service (from $80-$247/year)
• WP Rating: 4.7/5 stars; over 700,000 downloads
• Features: Free Plugin
  • Protect:
    • Scans site to instantly report where vulnerabilities exist and fixes them in seconds
    • Bans troublesome user agents, bots, and other hosts
    • Bans hosts and users with too many invalid login attempts
    • Strengthens server security
    • Enforces strong passwords for all accounts
    • Force SSL for any page or post
    • Detects and blocks attacks to your filesystem and database
  • Detect:
    • Detects bots and other searches for vulnerabilities
    • Monitors filesystem for unauthorized changes
    • Scans for malware & blacklists on your site
    • Receive email notifications
  • Obscure:
    • Changes URLs for WordPress dashboard areas
    • Turns off ability to login for a given time
    • Removes theme, plugin, and core update notifications from users who do not have permission to update them
    • Remove Windows Live Write header info
    • Removes RSD header info
    • Renames “admin” account
    • Change the ID on the user with ID 1
    • Changes the WordPress database table prefix
    • Changes wp-content path
    • Removes login error messages
  • Recover
    • Regular backups of database
• Links:
  • https://wordpress.org/plugins/better-wp-security/
  • https://ithemes.com/security/

• Pricing: FREE / Premium services (from $20-$200/month)
• Features: Free Plugin
  • Content Delivery Network
    • Distribute your content around the world so it’s closer to your visitors
  • Optimization
    • Web pages with ad servers and third party widgets load faster on both mobile and computers
  • Security
    • Automatic learning of new attacks
    • Ridiculously easy website security, settings + configuration
    • Threat reports and details
    • Block list / trust list
    • Protect SSH / Telnet / FTP ports
    • One-click SSL
  • DNS
    • Global coverage
    • Instant DNS updates
    • Built-in security
    • No query limits, easy management, and robust API
  • Apps
    • One-click installs
    • Automatic updates
    • Works with any platform or application
    • Limits website security risks
    • Top-notch performance
• Links:
  • https://www.cloudflare.com/
  • https://www.cloudflare.com/overview/

Paid:

• Pricing: $16.66-$41.66/month
• Features:
  • Professional Website Security Analysts
  • Malware Detection
  • Malware Cleanup
  • Brute Force Protection and Prevention
  • Blacklist Repair
  • Repair Dirty SEO
  • Website Security Monitoring
  • DDoS Migration
  • Vulnerability Exploitation Prevention
  • Malware Prevention
  • Zero Day Response Mechanism
  • Performance Optimization
  • Simple Configuration
• Links:
  • https://sucuri.net/
  • https://sucuri.net/website-antivirus/

• Pricing: Quote needed
• Features/Products:
  • SiteLock SMART (Scanning + Malware Removal)
    • Finds and automatically removes malware found on your website; also helps prevent search engine blacklisting
  • TrueCode Static Application Security Testing (SAST)
    • Finds common vulnerabilities by analyzing all of your applications’ source codes without actually executing them
  • SiteLock Infinity
    • Scans your website repeatedly to detect and patch vulnerabilities and remove malware as soon as it hits
  • DDoS Protection
    • Offers defense against from DDoS attacks, as well as Infrastructure, DNS and Web App DDoS defence
  • TrueShield web application firewall (WAF)
    • Protects websites from malicious traffic and blocks harmful requests
  • TrueSpeed Content Delivery Network (CDN)
    • Increases your website speed, while using less bandwidth
  • SiteLock PCI Compliance Program
    • Guides business owners through the self-assessment questionnaire process of becoming PCI-compliant
    • Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment
• Links:
  • https://www.sitelock.com/
  • https://www.sitelock.com/compare.php

Bonus

reCAPTCHA

Even if you don’t intend to install a plugin/service for your WordPress website(s), there’s always the bare minimum that you can do to ensure that your website isn’t being taken advantage of — Google’s reCAPTCHA. These are the website security checks you see when filling out online forms, logging into accounts, or sending emails through websites. You know, the ones that ask you to type in a code, tick a box, or choose the images that have giraffes in them, etc.

• Price: FREE
• Features:
  • Protect your website from spam and abuse while letting real people pass through with ease
• Links:
  • https://www.google.com/recaptcha/