Cheat sheets

WordPress security plugins for your WordPress website [2016]

The best Wordpress Security plugins of 2016.

Share this with people that should know this:

WordPress is one of the most attacked content management systems, so it is wise to use WordPress security plugins and hardening techniques to secure your WordPress website against external attackers.

The WordPress security plugins which have been listed in this post will allow you to secure your WordPress environment in such a way that it will be harder for cybercriminals and hackers to hack your WordPress website.

Please do note that not a single software product is 100% secure, the same goes for WordPress – it is always wise to check your logs for suspicious behavior, and if you can block the suspicious behavior, then certainly do so.

WordPress security plugins 2016

We have decided to take a look at WordPress security plugins which are maintained and still active.


The first thing you would want to get right is the comment function on your website. You can use external comment services like Disqus which will reduce the amount of spam. It will also allow you to earn a revenue. If you are no fan of Disqus, then it is wise to use the Captcha service from Google. The Captcha plugin from Google will force spammers to perform a Captcha check. This Captcha service is maintained by Google.

Download the WordPress security plugin against spam here:

Google Captcha (reCAPTCHA) plugin allows you to implement a super security Captcha into web forms. This plugin can be used for login, registration, password recovery, comments forms.

Or use the Disqus plugin for your WordPress comments;

The Disqus comment system replaces your WordPress comment system with your comments hosted and powered by Disqus.


There is no WordPress security plugin for strong passphrases, and it is not needed either. It is strongly recommended that you use a strong passphrase instead of a strong password. Passphrases are harder to brute force and they are especially hard to guess when special characters are used.

Change the WP-Login page

The WP-Login page is often used by automated scanners which try to brute force themselves into weak WordPress environments. In order to protect yourself against these type of automated attacks, it is recommended to change the WP-login page with one of the WordPress security plugins shown below;

Rename wp-login.php is a very light plugin that lets you easily and safely change wp-login.php to anything you want. It doesn’t literally rename or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website.


And the final security plugin which we recommend is the Wordfence security plugin. The Wordfence security plugin can be downloaded via the link below;

Wordfence starts by checking if your site is already infected. We do a deep server-side scan of your source code comparing it to the Official WordPress repository for core, themes and plugins. Then Wordfence secures

Share this with people that should know this: