Antivirus for WordPress. The only working antivirus for WordPress


Fraudsters may try to attack the site in order to hack the admin panel, steal user passwords, change the site code, gain access to confidential information, place hidden links or otherwise harm the resource. Because of such attacks, you can lose customers, positions in search results, reputation, or even the site itself.

WordPress itself is a fairly secure engine, but basic protection is not enough.

Infection statistics for 2017

Special plugins will help increase the security of a site; they will not make the site completely invulnerable to any attacks, but will hinder attackers.

Plugins to protect your WordPress site

All In One WP Security & Firewall

The plugin protects user accounts, code files, and makes it safer to log into the site through personal accounts, makes database backups.

What the plugin does:

  • adds a captcha to the registration page and to the site login form to protect against spam;
  • blocks entry to users with a specific IP temporarily or permanently and gives a temporary block after several unsuccessful attempts to enter;
  • allows you to view user account activity;
  • makes database backups automatically;
  • creates backup copies of the original .htaccess and wp-config.php files;
  • detects vulnerabilities in accounts, for example, with the same name and login;
  • generates complex passwords;
  • disables editing of some files from the admin panel to protect PHP code;
  • closes access to the readme.html, license.txt and wp-config-sample.php files;
  • installs firewalls to protect against malicious scripts.



Plugin control panel

It's clear about setting up the plugin:

All In One WP Security & Firewall is translated into Russian, installation is free.

BulletProof Security

The plugin scans malicious code, protects authorization on the site, does not let spam through, and makes backup copies.

What the plugin does:

  • protects wp-config.php, php.ini and php5.ini files via the .htaccess file;
  • turns on the mode technical work;
  • checks rights to edit folders and files in the admin panel;
  • does not allow spam through using the JTC-Lite function;
  • creates backup copies automatically or manually, sends archives by e-mail;
  • Maintains error logs and a security log.

Read more about security features on the plugin page.


Malicious code scanner

The plugin has been translated into Russian. It is free, there is a premium version with advanced site protection and attack prevention capabilities.

Wordfence Security

Protects the CMS from hacking and malware attacks by protecting site logins, scanning for code changes, login attempts, and notifications of suspicious activity.

What the plugin does:

  • compares the main themes and plugins with what is in the WordPress.org repository and reports any discrepancies to the site owner;
  • performs antivirus functions, checks the site for vulnerabilities;
  • checks messages and comments for suspicious content and links.

There are other features available in the free version.

The premium version gives a little more:

  • checks whether a site or IP is blacklisted for spam or sites with security problems;
  • includes two-factor authentication for login;
  • compiles a blacklist and blocks all requests from IPs from the database.

Read more about security features on the plugin page.


Security scanner

Not translated into Russian, the basic version can be downloaded for free.

Disable XML-RPC Pingback

The site closes a possible XML-RPC vulnerability through which scammers can attack other sites and slow down your resource.

What the plugin does:

  • Removes pingback.ping and pingback.extensions.getPingbacks from the XML-RPC interface;
  • removes X-Pingback from HTTP headers.

Installing the plugin

Plugin on English language, installation is free.

iThemes Security

The old name is Better WP Security. The plugin protects when logging into the admin panel and performs antivirus functions.

What the plugin does:

  • includes two-factor authentication when logging into the admin panel;
  • scans the site code and alerts if it finds suspicious changes;
  • monitors the site for automated attacks and blocks them;
  • generates complex passwords;
  • monitors the activity of user accounts;
  • enables Google reCAPTCHA when entering the site;
  • makes it possible to create temporary access in the admin panel;
  • Restricts editing files in the admin panel.

Read more about security features on the plugin page.


Plugin settings

Translated into Russian and available for free.

Sucuri Security

A comprehensive plugin that monitors changes in site files and performs antivirus functions.

What the plugin does:

  • checks the site code for suspicious changes and sends notifications;
  • scans for malware and denies access;
  • creates a blacklist of IPs and prohibits them from interacting with the site;
  • records the IP of visitors who unsuccessfully try to enter the site and blocks them for a limited time;
  • automatically scans the site for viruses and sends reports by e-mail.

In the premium version, it creates a firewall for additional protection against attacks. Read more about security features on the plugin page.


Reports of suspicious activity

The plugin has not been translated into Russian, but is available for free download.

Keyy Two Factor Authentication

A plugin for protecting the admin panel from intruders, making access to the admin panel more convenient and faster.

What the plugin does:

  • protects the site from hacking;
  • stores a secure password on the device; it does not need to be entered when logging in;
  • allows you to access the admin area using your fingerprint;
  • allows administrators of several sites to switch between panels in one click.
Example of work

The plugin has not been translated, but is available for free.

WWPass Two-Factor Authentication

Plugin for protection against intruders entering the admin panel.

What the plugin does:

  • adds a QR code to scan when trying to log into the admin area;
  • gives access to free use of PassHub password manager.
Example of how the plugin works

A free download of the English version is available.

If attackers managed to do something to the site and need to restore it to its previous state, backups will help. Hosters usually make backups periodically, but just in case, it’s better to make backups yourself. Some plugins from the collection can make copies, and there are also individual solutions for backups.

Plugins for website backups on WordPress

BackWPup – WordPress Backup Plugin

Plugin for creating backups and restoring previous versions of the site.

What the plugin does:

  • makes backups of the entire website with content;
  • exports WordPress XML;
  • collects installed plugins into a file;
  • sends copies to external cloud storage, email or transfers via FTP.

The paid PRO version encrypts archives with backups and restores backups in a couple of clicks.


Backup archive management

Available for free, there is a paid PRO version, but not translated into Russian.

UpdraftPlus WordPress Backup Plugin

What the plugin does:

  • copies and restores data in one click;
  • makes automatic backups on a schedule;
  • checks and restores databases;
  • sends backups to the cloud, Google Drive and other storage locations of your choice.

The extended version gives you more choice of storage locations for copies and other additional features.


Setting up backup storage

Not translated into Russian, available for free.

VaultPress

Another plugin for backup and reliable storage of copies.

What the plugin does:

  • daily automatically copies all site files with content and comments;
  • restores a site from a copy by clicking;
  • protects the site from attacks and malware.

Works for free for one site, stores data for 30 days. For an additional fee, you can monitor multiple sites from one panel and store data longer.


Working panel

The plugin is not translated into Russian, but is available for installation for free.

Websites need protection from intruders to prevent them from gaining access to classified information, use your resource to attack other sites, send letters to clients and disrupt the stable operation of the resource. Plugins put obstacles in the way of scammers, protect user data and site code, and backup systems will roll back the site to its previous state if the attackers did manage to cause damage.

There are many WordPress security plugins that claim to have antivirus functionality. And many of them are actually solved by a number of potential vulnerabilities in this CMS. For example, Wordfence Security, AntiVirus, Anti-Malware and dozens of similar ones.

But they are completely unsuitable as an antivirus. After all, these are plugins. Any antivirus that “locks” certain parts of the file system copes with them. Free antivirus- this is generally a myth. Constantly updating the virus database, scanning from a third-party server, and other necessities will obviously consume developer resources. So any person installing another free WordPress antivirus plugin is clearly deceiving himself and creating the illusion of security.

When my sites were infected, I started digging into treatment tools. There were really few real plugins, not plugins. Only one of them worked for me. Moreover, he more or less solved the problems and still honestly carries out daily scanning. This…

VirusDai - why does it work?

  • This is a cloud antivirus, it does not reside in the folder with your website
  • Automatic virus treatment
  • Makes backups of files before treatment and stores them at home
  • Built-in file system
  • Large live project: doing business with CloudLinus, Reg.ru and others

How to connect a website to an antivirus?

In the form that appears, enter the domain address and click “Continue.” Next you need to connect the VirusDie server to yours, for this we suggest synchronizing. There are 2 options:

  • Manually. Download the PHP file for synchronization and add it to the root folder of the site yourself.
  • Automatically. Specify FTP access (server, login and password).
  1. How often to scan the site: once every 6 or 12 hours or once a day
  2. Enable/disable firewall
  3. Connect with expert service with a virus-free guarantee

In principle, that’s it, scanning starts immediately. You can do this manually by clicking the green circle. If problems were identified during scanning, VirusDai will try to cure it. If it can’t (it happened to me - 1/50) - it will point to the infected lines of code in the file manager and try to identify the type of infection.

Daily scan

How much does security cost?

Connection of one site for a year = 1499 rubles. After 3 sites at this price, you can connect the next ones for 249 rubles. For example: 1499 x 3 + 249 x 7 = 6240 rubles per year for 10 sites.

There is expert service for 4900 (6 months) and 9990 (12 months) rubles. There they will measure your blood pressure and make sure you don't choke on an olive pit.

Wordfence Security performs a deep and thorough scan of the site for vulnerabilities both in the Wordpress core itself and in themes and plugins.

It uses WHOIS services to monitor connections and is capable of blocking entire networks thanks to built-in firewall. When new attacks are detected (even if they were subjected to another site with WordFence installed), automatic update a set of firewall rules to most effectively counter threats.

Wordfence Security is free and open source, but an optional subscription will further protect your site by updating your firewall, malware signatures, and IP blacklist in real time.

Premium subscription cost: up to $99 per year (significant discounts available when purchasing multiple keys or for a longer period)

AntiVirus

AntiVirus works in the same way as a regular antivirus - it performs a daily scan of the entire site (including themes and databases), sending a report to a specified e-mail. Scanning and cleaning traces is also performed when removing plugins.

If suspicious or dangerous activity is detected, notifications are sent to the same email address and are displayed in the admin panel.

Quttera Web Malware Scanner

Very powerful scanner, which searches for vulnerabilities such as malicious scripts, Trojans, backdoors, worms, spyware, exploits, malicious iframes, redirects, obfuscations and other unwanted or dangerous code changes. In addition, the plugin checks whether your site is blacklisted.

Cost: free, but advanced features such as eliminating detected vulnerabilities and cleaning malicious files are provided at on a paid basis(from $119 per year)

Anti-Malware

Anti-Malware scans and neutralizes known this moment vulnerabilities, including backdoor scripts. Automatically updates anti-virus databases, allowing you to detect the latest viruses and exploits. The built-in firewall blocks the introduction of the SoakSoak virus and other exploits into sliders and some other plugins.

WP Antivirus Site Protection

WP Antivirus Site Protection scans all security-critical files, including themes, plugins, and uploaded files in the uploads folder. Any malware and viruses found will be immediately removed or moved to quarantine.

Exploit Scanner

Exploit Scanner does not remove suspicious code - it leaves this dirty work to the administrator. But on the other hand, he performs well the no less important and more labor-intensive operation of his search. And be sure he will find it, whether it is in the database or in ordinary files.

Centrora Security

The Centrora Security plugin is designed according to the “Swiss knife” principle - it is a comprehensive tool for comprehensive website protection against all types of threats. He has built-in firewall, a backup module and a number of scanners that check access rights, search for malicious code, spam, SQL injections and other vulnerabilities.

The WordPress content management system, due to its enormous popularity, also attracts ill-wishers. In addition, the “engine” is distributed free of charge, so it is even more exposed to the risk of security breaches. WordPress itself is quite secure software product. “Holes” begin to open when the user installs plugins and themes.

Insecurity of plugins and themes

Unfortunately, you cannot always be sure that themes or plugins are safe and harmless. Their paid versions have very specific developers who value their reputation. As a result, their products are of higher quality, and the likelihood of receiving any malicious code with them is quite low. But, as our life experience suggests, there are exceptions to any rule. Some add completely harmless code to ensure feedback, while others do it for completely different purposes. Even in the “engine” itself, vulnerabilities are sometimes discovered that allow an attacker to inject his code into its core.

Virus protection plugins

Fortunately, there are a number of useful solutions for WordPress that can completely scan your resource for all kinds of vulnerabilities and malicious code and, if detected, indicate their specific location or completely neutralize them. Let's look at several fairly high-quality and reliable plugins to protect your WordPress site.

Sucuri Security

The free Sucuri Security plugin is a leading security tool and is used by a huge number of WordPress users. The solution provides sites with several types and levels of protection, including the following:

  • scanning all files for malicious code;
  • monitoring file integrity;
  • logging all security-related operations;
  • identification and notification of the risk of a site being blacklisted ESET, Norton, AVG and etc.;
  • automatic execution of certain actions if a hack is detected.

Wordfence Security

Wordfence Security is a solution that performs a deep scan of a web resource for vulnerabilities and malicious code not only in theme and plugin files, but also in the engine core itself.

The plugin uses WHOIS-services for monitoring connections. Thanks to its built-in firewall, it is capable of blocking entire networks. As soon as a network attack is detected, the firewall ruleset is automatically updated to most effectively counter the threats.

AntiVirus

The AntiVirus plugin is engaged in daily scanning of all site files (including themes, database) and sending email- report to a given address. Besides, AntiVirus It also scans and cleans traces when removing plugins.

Quttera Web Malware Scanner

The scanning and detection list of the powerful Quttera Web Malware Scanner includes the following vulnerabilities:

  • malicious scripts;
  • Trojan worms;
  • spyware;
  • backdoors;
  • exploits;
  • redirects;
  • malicious iframes;
  • obfuscation, etc.

In addition to this list, the plugin checks for site presence on blacklists.

Anti-Malware Security and Brute-Force Firewall

Addition Anti-Malware Security and Brute-Force Firewall l designed to scan and neutralize currently known vulnerabilities, including scripts backdoor. The plugin's anti-virus databases are automatically updated, allowing you to detect the latest viruses and exploits. The plugin has a built-in firewall that blocks network threats.

A special feature of the plugin is that it provides additional protection for the site (protection from brute-force-, DDoS-attacks, as well as checking the integrity of the WordPress core). To do this, you just need to register on gotmls.net.

WP Antivirus Site Protection

WP Antivirus Site Protection scans all security-critical site files, including themes, plugins and downloads in the folder uploads. Any malicious code or viruses found will be immediately removed or quarantined.

Exploit Scanner

The Exploit Scanner plugin deals exclusively with identifying suspicious code (site files and database). As soon as anything is discovered, the site administrator will be notified immediately.

Centrora WordPress Security

The comprehensive solution Centrora WordPress Security is a multi-faceted tool for protecting a web resource from all types of threats. It includes following functions:

  • search for malicious code, spam, SQL-injections;
  • presence of a firewall;
  • Availability of an access rights scanner;
  • performing a backup.

Please click on one of the buttons to find out whether you liked the article or not.

I like it I don't like it

Using a security plugin protects your WordPress site from malware, attacks, and hacking attempts. This article contains the best WordPress security plugins that are recommended to be used to protect your site.

Why Use a WordPress Security Plugin

Every week, about 18.5 million websites are infected with malware. The average website is attacked 44 times every day, including WordPress and other CMS websites.

A security breach on your website can cause serious damage to your business:

  • Hackers can steal your data or data belonging to your users and customers.
  • A hacked website can be used to distribute malicious code, infecting unsuspecting users.
  • You may lose data, lose access to your website, or the site may be blocked.
  • Your website could be destroyed or damaged, which could impact your SEO rankings and brand reputation.

You can scan your WordPress site for security breaches at any time. However, cleaning up a hacked WordPress site without professional help can be quite difficult for novice webmasters.

To avoid hacking, you must follow site security recommendations. One of important steps The best way to protect your WordPress site is to use a security plugin. These plugins help simplify WordPress security and also block attacks on your site.

Let's take a look at some of the best WordPress security plugins and how they protect your site.

Note!

Note. You only need to use one plugin from this list. Having multiple active security plugins can lead to errors.

Note. You only need to use one plugin from this list. Having multiple active security plugins can lead to errors.

1. Sucuri

Sucuri is a leader in WordPress security. The developers offer a basic, free Sucuri Security plugin that helps you strengthen your security and scans your site for common threats.

But the real value lies in the paid plans, which come with better WordPress firewall protection. The firewall helps block malicious attacks when accessing WordPress.

Sucuri Internet Firewall filters out bad traffic before it reaches your server. It also serves static content from its own CDN servers. Apart from security, their DNS layer firewall with CDN gives you amazing performance boost and makes your site faster.

Most importantly, Sucuri offers to clean your WordPress site if it becomes infected with malware at no extra cost.

See also:

2. Wordfence

Wordfence is another popular WordPress security plugin. The developers offer free version its plugin, which comes with a powerful malware scanner. The plugin detects and evaluates threats.

The plugin automatically scans your site for common threats, but you can also run a full scan at any time. You will be alerted if any signs of a security breach are detected. You will also receive instructions on how to resolve them.

Wordfence comes with a built-in WordPress firewall. However, this firewall runs on your server before loading WordPress. This makes it less efficient than a DNS-level firewall such as Sucuri.

3. iThemes Security

iThemes Security is a WordPress security plugin from the developers of the popular BackupBuddy plugin. Like all of their products, iThemes Security offers a great, clean user interface with tons of options.

It comes with file integrity checks, enhanced security, login restrictions, strong password enforcement, 404 error detection, attack protection, and more.

iThemes Security does not include a website firewall. It also does not include its own malware scanner, but instead uses the Sitecheck Sucuri malware scanner.

4. All In One WP Security

All In One WP Security is a powerful WordPress security checker, monitoring and firewall plugin. It makes it easy to apply basic WordPress security best practices to your website.

The plugin includes login blocking features to prevent attacks on your site, IP address filtering, file integrity monitoring, user account monitoring, scanning for suspicious input patterns in databases, and much more.

It also comes with a basic website level firewall that can detect some common patterns and block them. However, it is not always effective and you will often have to manually enter suspicious IP addresses into the blacklist.

5. Anti-Malware Security

Anti-Malware Security is another useful anti-malware and WordPress security plugin. The plugin comes with actively maintained definitions that help you find the most common threats.

The plugin allows you to easily scan all files and folders on your WordPress site for malicious code, backdoors, malware, and other known malicious attack patterns.

The plugin requires you to create a free account on the plugin website. After this you will have access to latest definitions, as well as some premium features such as attack protection.

Nuance: as long as the plugin runs thorough tests, it will often show a large number of false positives. Coordinating each of them with the source file is quite a painstaking job.

6. BulletProof Security

BulletProof Security isn't the prettiest WordPress security plugin on the market, but it's still useful with some great features. It comes with a setup wizard. The settings panel also includes links to extensive documentation. This will help you understand how security checks and settings work.

The plugin comes with a software scanner that checks the integrity of WordPress files and folders. It includes login security, timeout session disabling, security logs, and a database backup utility. You can also set up notifications by e-mail in security logs and receive warnings when a user is blocked.