Keeping a WordPress installation safe is a lot like a normal computer, you need to keep the system, plugins and themes up to date to avoid security risks, and you can and should add an extra layer of security, an antivirus.
On average, 30,000 new websites are hacked each day and likely many of you arrived at this article after having noticed strange behavior on your website, possibly caused by an attacker, hacker, virus or malware.
If that's the case for you, you should definitely install an antivirus on your WordPress, and also even if you haven't suffered an attack, prevention is better than cure. These programs can stop and remove malicious elements and files that can tremendously damage your WordPress website.
1. All In One WP Security & Firewall (Free)
A comprehensive, easy to use, stable and well supported wordpress security plugin.
- Active Installations: 800,000+
- Rating: ⭐⭐⭐⭐⭐(997)
- Portuguese translation
The All In One WordPress Security plugin is one of the most popular and free plugins available, it will take your website security to a whole new level.
This plugin is designed and written by experts and is easy to use and understand.
It reduces security risk by scanning for vulnerabilities and implementing and enforcing the latest WordPress security best practices and techniques.
Some of the many features available in this plugin are:
- USER ACCOUNT SECURITY
- USER LOGIN SECURITY
- USER REGISTRATION SECURITY
- DATABASE SECURITY
- FILE SYSTEM SECURITY
- BACKUP KEY FILES AND RESTORE FILES
- BLOCKED MALICIOUS IPS LIST FUNCTIONALITY
- FIREWALL FUNCTIONALITY
- LOGIN BRUDE ATTACK PREVENTION
- SECURITY SCAN
- SPAM SECURITY IN COMMENT
two. Wordfence Security – Firewall & Malware Scan (Free and Paid)
- Active Installations: 3+ million
- Rating: ⭐⭐⭐⭐⭐(3573)
- Portuguese translation
Wordfence is the most popular WordPress antivirus plugin, it makes securing your website a very easy task. It continuously analyzes recent threats and viruses on your website. After performing this step, it creates sets of protection and detection protocols to deal with viruses and threats. Basically, it detects and removes any kind of virus, threats, malware that can extensively damage your WordPress website.
This antivirus plugin detects and removes threats in real time. That way, you don't have to stop your work if your site is attacked by them. You can filter and remove spam comments, emails and IP addresses that may be trying to attack your website.
- WORDPRESS FIREWALL
- WORDPRESS SECURITY SCAN
- LOGIN SECURITY
- WORDFENCE CENTRAL
- SAFETY TOOLS
Wordfence has a free version of its plugin, which is enough for most cases, but if you wanted premium features and support, you can purchase a license for $99.
3. iThemes Security (Free and Paid)
itthemes security is wordpress security plug-in #1.
- Active Installations: 900,000+
- Rating: ⭐⭐⭐⭐⭐ (3831)
- Portuguese translation
iThemes Security offers over 30 ways to protect and secure your WordPress site. Maintained by iThemes, which has been building and supporting WordPress tools since 2008, such as BackupBuddy, a popular backup plugin.
iThemes Security takes protection from brute force attacks to the next level by prohibiting users who have tried to hack other sites from hacking yours. iThemes' brute force attack protection network will automatically report the IP addresses of failed login attempts and block them for as long as necessary to protect your website based on the number of websites that have seen a similar attack.
In addition, it offers several other features such as:
- Scan your site to instantly report where vulnerabilities exist and fix them in seconds
- Enforces strong passwords for all accounts with a minimal configurable role
- Disable file editing in WordPress admin area
- Detects and blocks various attacks to your file system and database
- Detects bots and other attempts to look for vulnerabilities.
- Monitors the file system for unauthorized changes.
- Run a malware and blacklist scan on your website's home page.
- Receive email notifications when someone gets blocked after too many failed login attempts or when a file on your site changes.
- Change URLs for WordPress dashboard areas including login, administrator and more
- Changes WordPress Database Table Prefix
- Change the wp content path
- Remove login error messages
- Makes it easy for users not familiar with WordPress to remember login and admin URLs by customizing default admin URLs
- Detects hidden 404 errors on your site that can affect your SEO, such as bad links and missing images
4. Cerber Security, Anti-spam & Malware Scan (Free)
Defends WordPress against hacker attacks, spam, trojans and malware.
- Active Installations: 100,000+
- Rating: ⭐⭐⭐⭐⭐(469)
- Portuguese translation
This plugin prevents brute force attacks by limiting the number of login attempts via the login form, malicious requests or using authentication cookies. Track user and malicious agent activity with flexible email, mobile and desktop notifications.
- MALWARE VERIFIER
- INTEGRITY VERIFIER
- SCHEDULED CHECKS WITH AUTOMATIC FILE RECOVERY
- TWO-FACTOR AUTHENTICATION
- REGISTER, FILTER AND EXPORT ACTIVITIES
- LIMIT REINVENTED LOGIN ATTEMPTS
- CERBER ANTI-SPAM ENGINE
- ANTI-SPAM PROTECTION: INVISIBLE RECAPTCHA FOR WOOCOMMERCE
- ANTI-SPAM PROTECTION: INVISIBLE RECAPTCHA FOR WORDPRESS
5. Jetpack by WordPress (Freemium)
Website security, performance and management: The best way to use WordPress is with Jetpack.
- Active Installations: 5+ Million
- Rating: ⭐⭐⭐⭐(1529)
- Portuguese translation
Jetpack is not really an antivirus plugin, it is more focused on making your installation easier to manage and per table adds some security features, such as:
- Protection against brute force attacks, spam filtering and downtime monitoring.
- Backups of your entire website once a day or in real time. (Paid functionality)
- Secure login, with optional two-factor authentication.
- Malware scanning, code checking and automated threat resolution.
- A record of every change to your site to simplify troubleshooting.