3.1 Why You Need a WordPress Security Plugin and Some of the Options

Hello, and welcome back to this tuts plus course on Essential WordPress Plugins. In this part of the course we're going to move on to looking at security. And before we install a security plugin, I'll explain to you why WordPress security is so important and what you can do to make your site more secure. So let's get started by having a look at some of the resources on the WordPress website about security. Now you may be thinking, if security is so important for WordPress and it's not baked into the system. Why do I want to use WordPress anyway? Why should I be using a system that's inherently insecure? Now firstly, I'd like to counter that by saying WordPress isn't inherently insecure. It used to be some years ago, but because it's so widely used now and so popular, it's a lot more secure. The developers of WordPress and the community that supports it have taken significant steps to make WordPress as secure as they possibly can. However, the fact that WordPress is open source and is so widely used, does mean it's going to have some security vulnerabilities. The fact that the code base is open to anybody means that hackers can access that code and they can work through it and identify ways that they can exploit any loopholes in that code and try and get into your site and attack it. Now they're probably more likely to do that via a plugin than but via WordPress itself, which is why it's really important to only get your plugins from reputable sources. So if you're getting a free plugin, you should always, always get it from the WordPress plug in directory. And if you're getting a premium plugin, get it from somewhere you can trust like code Canyon or from other sources that people recommend to you. Don't get free plugins, from just anywhere on the internet. Because if somebody's providing you a plugin for free ,what's their motivation? If they're doing it to give back to the community of WordPress users and developers, that's great. Lots of people do that. That's the point of open source. Those plugins will be in the plugin directory, and they've been thoroughly tested before they're uploaded to the plugin directory. But if somebody just sticks a plug in on their own website, and makes it available for you to download, well, you might be wondering if they've added anything else you don't want to that plug in code that could make your website more insecure. So make sure you get your code from reputable sources. There's also this guide here on hardening WordPress. So there are things here that you can do to make your site more secure. And some of the key things include keeping your site up to date, using secure passwords, making sure you manage your user list in WordPress and that you monitor that every now and then, particularly if you're allowing people to register for your site using quality hosting that you can trust and getting your code from reputable places, amongst other things that you can do. So it's worth having a look at this guide to how you can make your site more secure. You can also use third party services such as securi, which will scan your site and fix it if you have any problems, but that can be expensive. So it's worth doing what you can for free yourself. So here on tuts Plus, there's a quick and easy guide to the top tips, the top things that you can do as a site admin to make your site as secure as possible. So once you've looked at all this and you've adopted site management principles that are going to keep your site as secure as possible, what else can you do to ensure better security on your site? And the answer to that is to install a security plugin. And a security plugin will scan your site for any potential sources of vulnerability. It won't necessarily fix them, sometimes you have to do something manually to fix them. But sometimes the security plugin will give you a button that you can click that will fix something or make something more secure. And there are lots of free plug ins that we can install as well as premium plug ins. And again, a lot of these plug ins have a premium option. A bit like those back up plug-ins. So if you go into public directory and you search for security, you'll see a whole bunch of very well used, here you can see you got 3 million active installations, 900,000 for this one, plugins that are really popular and that are recommended by a lot of WordPress users and that are free. Now again, they will often have a premium version and that's how the developers are making their money. So in the next part of this course, we're going to install the wordfence plugin, and that's got this free version here, which we'll be using in his course and there's also a premium version that you can install that gives you extra security features and also gives you access to services whereby wordfence themselves will help you if your site gets hacked. So in the next part of the course, I'll show you how to install the plugin and how to configure it to make your site more secure. See you next time and thanks for watching.