4 Vital WordPress Plug-ins to Keep Your Blog Safe and Secure

4 Vital Security Plug-ins for WordPress

Setting up security measures for your blog may be unglamorous, but it’s essential. Part 2 of series ’22 Essential WordPress Plug-ins for Business Bloggers’.

Before we launch into Part 2 of our look at WordPress plug-ins, I’d like to say a few words about the beauty of blogging. There are so many reasons why I believe blogging to be a powerful new paradigm marketing tool that fits perfectly within the ethos of the 7 Graces marketing model:

  • It levels the playing field. Unlike advertising of the past, blogging does not require a big budget. WordPress is free and web hosting these days in affordable. There’s not even a need to spend a fortune on the look and feel of your site if you’re just getting started, because there is a plethora of customisable themes available at a low (or no) cost. This, combined with the free resources of social media, means that independent business owners are more able than ever before to promote themselves. This is so important, as it helps support the ever-increasing rise in social entrepreneurs and people who have left ’employment’ to start their own companies. This responds to the needs to our changing times, and answers the cry of our rapidly changing global economy.
  • It has created an ‘open source’ culture. Truly successful bloggers are successful because they are committed to spreading and sharing their experience and wisdom. For us, ‘information’ is considered to be an ‘open source’ that everyone in the world should be able to access. This attitude creates a radical shift in the ethos of business and marketing, as our focus is now to educate and empower our audience, rather than to ‘target’ and ‘convert’ them. Rather than worrying about our ideas being stolen, we know that the best way to protect our intellectual property is to distribute it as widely as possible. This exemplifies the Grace of Abundance and the Grace of Inspiration in the 7 Graces model.
  • It’s a marketing form that doesn’t rely upon gimmicks. So much marketing today focuses upon entertainment value and ‘eye candy’. But blogging is all about information sharing. It says things like they are. This exemplifies the Grace of Directness in the 7 Graces model.
  • It encourages active participation. Old school marketing is one-directional: marketers speak and the audience listens passively. But ethical and conscientious blogging fosters engagement with our audience. We invite them to communicate by Tweeting, ReTweeting, liking, sharing and making comments. This exemplifies the Grace of Connection, the Grace of Invitation and the Grace of Collaboration in the 7 Graces model.
  • It allows the real YOU to shine. Unlike traditional marketing where the focus is on manipulative brain-games, blogging is all about expressing the voice of the writer (or vlogger, if doing video blogs). Thus, the essence of your business or brand comes shining through your content. This exemplifies the Grace of Transparency in the 7 Graces model.

If you’ve been counting, that’s all 7 Graces bundled into a single marketing strategy. That’s why I’m so big on cultivating the practice of blogging with my clients and in the 7 Graces community members. Blogging is to marketing what highly nutritious food is to our diets.

So, as we proceed with today’s article, hold onto these greater visions of what blogging can achieve. While ‘Security plug-ins’ themselves might not seem so colourful, if you see the bigger picture, you’ll more easily be able to wade through the ‘boring, technical stuff’ to reach the higher goal.


In Part 1 of this 5-part series, I said that WordPress plug-ins could be broken into 5 basic categories:

  1. Optimisation – plug-ins that make it easier for Google and other search engines to recognise your site
  2. Security – plug-ins that keep you safe from spammers and hackers
  3. Operations – plug-ins that make back-office operations easier and more efficient
  4. Engagement – plug-ins that encourage your readers to keep reading and connect with you
  5. Expansion – plug-ins that encourage your readers to share and distribute your content; additionally plug-ins that automatically distribute your content

Last time we looked at 3 ‘must have’ Optimisation plug-ins:

  1. Google XML Sitemap
  2. All in One SEO
  3. Keyword SEO links

If you missed that article, you can read it at: 22 Essential WordPress Plug-ins for Business Bloggers – Pt 1.

Today, we will move on to the next category: Security plug-ins. Like Optimisation plug-ins, this is an ‘unglamorous’ category, as they function in the background of your site, rather than provide you with techie toys to play with. But unless your WordPress blog has the right Security plug-ins in place, you put your site at a serious risk.

Note To Experience WordPress Users: I’m aware that many of you who have been blogging for some time will already be familiar with most or all of these, but I feel it necessary to include these in the series if we are to make a comprehensive check-list of ‘must have’ plug-ins. I promise the next few articles will get to the ‘fun stuff’.


It’s an unfortunate reality that, because blogging is so popular and so accessible to the general public, people of less ethical mind-set also see it as an easy way to exploit bloggers for their own purposes. Of course, I’m referring to spammers and hackers. I’ve already talked about these cyber-criminals in detail in my 5-part article series ‘Invasion of the Blog Snatchers’, so I’ll get right into our discussion on plug-ins. Here is a list of 4 ‘must have’ plug-ins to that can help make your blog secure. As this is a continuation from the last article, the numbering continues from where we left off last time.

4: Akismet
Plug-in URL: http://akismet.com/
COST: Free for personal use, but you can make a donation to the developer.

Most spammers try to enter your site via comments on your blog posts. The Akismet plug-in helps minimise this from happening by scanning comments and quarantining suspicious looking comments in a SPAM folder, so you can review and/or delete them later. I wrote about Akistmet in greater detail in my article Invasion of the Blog Snatchers Part 3 – Assertive Action Against Spammers.

Because Akismet comes pre-loaded in the WordPress installation, it might seem like it’s redundant to mention it as a ‘must have’ plug-in. However, in my experience, many new WordPress users are confused as to how to set it up, so it warrants mentioning this here. To set up Akismet, you need to set up a (free) account on WordPress dot com. This does NOT mean that your blog is hosted there. In fact, you need to have a self-hosted blog with a reputable server like HostGator or other provider, to be able to unlock all the WordPress features. Once you set up your account on WordPress, you can get an Akismet ‘key’ that will allow you to activate Akismet on your site.

Whenever I set up a site for a client, setting up Akismet is the very first thing I do, after all the optimisation (from Part 1). I recommend that you also make this your practice.

5: Growmap Anti Spambot
Plug-in URL: http://www.growmap.com/growmap-anti-spambot-plugin/
COST: Free, with optional paid version and add ons

I first found out about this plug-in from a comment someone left on this site, and it has since become one of my ‘must haves’.

Akismet is very good at catching most SPAM, but it is not fool-proof. Also, most of your SPAM is going to come from ‘bots’ (automated spamming methods) rather than people posting in real-time. That means that even if Akismet catches them, you’re going to have a LOT of SPAM to clear out in your SPAM folder.

Growmap Anti Spambot fills in these gaps by asking your commenters to check a checkbox before they submit their comments. Yes, you could use a ‘captcha’ form on your comments, but so many people have problems with these (and I hate them!). Asking people to check a box is so much simpler and less invasive. If you install this plug-in, you will immediately notice fewer SPAM messages getting into your Akismet SPAM folder in the first place.

Like Akismet, Growmap Anti Spambot requires a ‘key’ to unlock it. You’ll be told how to get the key and set up the plug-in when you click ‘settings’ after it is installed and activated. You will need to clear your blog’s cache after you activate it, for it to work properly.

6: Limit Login Attempts
Plug-in URL: http://devel.kostdoktorn.se/limit-login-attempts
COST: Free

This is a plug-in I mentioned in my article Invasion of the Blog Snatchers Pt 4: Protecting Your Site from Hackers. I consider it to be 100% vital to the security of any WordPress site. Limit Login Attempts does exactly what the name says: It prevents potential hackers from trying to log into your site, by blocking them after a specified number of bad attempts.

When I first started using this plug-in, I was positively SHOCKED to find out just how often hackers were trying to log onto my websites. These days, I have Limit Login Attempts set up so that it blocks people for 6 hours if they have made 4 unsuccessful log-in attempts, and 48 hours if they have 16 unsuccessful attempts. When a person has been blocked out, the plug-in notifies me by email, giving me the IP address of the person trying to hack into the site. This 48-hour window gives my team adequate time to go into our web host and block the IP from accessing the site permanently.

Before I knew how to take this kind of preventative and assertive action against hackers, I had seen 3 of my websites get hacked. Trust me, it’s not a nice experience. Since using Limit Login Attempts in conjunction with ‘IP Deny Manager’ in my control panel, I’ve had no malicious attacks.

NOTE: Of course, this kind of preventative measure will only work if you have an extremely complex password on your blog that you change regularly!

7: UpdraftPlus Backup/Restore

Plug-in URL: http://wordpress.org/plugins/updraftplus/
COST: Free and Pro (paid) versions available

No matter how many security measures you take to protect your site, there is always a chance that something could go wrong that causes it to become corrupt and go down. This can result in your losing months or even years of work. For that reason, it is absolutely essential that you install a good back-up plug-in on your site, and set it to back-up your site regularly (typically, as often as you blog).

Of the several different plug-ins for backing up my site I’ve tested, the one I am now recommending is UpdraftPlus Backup/Restore, for its ease of use and reliability. UpdraftPlus Backup/Restore enables you to back up your entire database (which includes your blog posts), plug-ins, themes, uploads and any other directories found inside wp-content. It also enables you to RESTORE your entire site from your back-up file, should it become compromised. What’s even more nifty is it enables you to CLONE and migrate your entire site should you move to a different server. Very nice.

You can store your back-ups in cloud storage like DropBox, Amazon S3, Google Drive and others. You can also back it up via FTP or email. I do my back-ups via FTP, which means they are stored on my web host’s server, but I can also copy them over to my cloud storage if I want to keep an extra copy.

NOTE: The developers of UpdraftPlus say that Microsoft forbid SkyDrive to be used by backup software.

UpdraftPlus boasts of being the highest-ranking backup plugin on rankwp.com, ranking 16th out of 28,000 WordPress plugins for quality (stats accurate on 28th September 2013). That’s pretty impressive. As I’ve had other back-up plug-ins go wonky on me, I’m going to stick with them for now.


Next time, in Part 3, I’ll share my top 5 ‘Operational’ plug-ins, followed by my top 5 ‘Engagement’ plug-ins in Part 4. Then, finally, we’ll round up this 22 Essential WordPress Plug-in list with my top 5 ‘Engagement’ plug-ins in Part 5.

Be sure to subscribe to this blog to make sure you receive the rest of this series, and all our 7 Grace articles to follow. We publish twice a week.


I hope you’ll hop onto your blog today and make sure you’ve got these 4 Security plug-ins (PLUS the 3 Optimisation plug-ins from Part 1) installed and working on your site. Be sure to install and activate ONE plug-in at a time, to ensure there are no conflicts with your theme or other factors. If you ever get an error page where your site seems to disappear completely (it happens!), don’t stress. It’s usually caused by a plug-in conflict. Go into your server/FTP and manually DELETE the folder containing the last plug-in you installed. That normally solves the problem and you can breathe again.

I hope you found this article to be useful, and that you will share it with your followers by using the sharing buttons on this page. As always, I welcome your comments and/or questions below. And if you’ve discovered a great WordPress plug-in I haven’t mentioned, please do share your own favourites below. I’m always looking to learn more, and I’m sure my readers are too.

AND…if you are an independent business owner and would like to discuss how you can expand your influence on the Web through blogging and ethical marketing, drop us a line via the contact form on this site, and we can set up a free initial consultation.

Lynn Serafinn
15th November 2013

Like this blog?

Then please subscribe using the form at the upper right side of this page, so you can receive our articles to your inbox.

KINDLE users

You can help subsidise ethical marketing training courses for young social entrepreneurs in need. Just subscribe to the blog on Amazon for 99 cents a month (77p UK), and you’ll receive all our articles delivered directly to your Kindle device. All profits go to our 7 Graces Scholarship Fund. You can take a 14-day free trial before you decide. You’ll get a new article 2 or 3 times per week. Check it out at Amazon US or Amazon UK.

Looking for a Tribe?

Come join our 7 Graces group on Facebook, and join us at our monthly meetings. They’re free to attend and we have them both in person and online, so you can participate from anywhere in the world. This is NOT a “business group” but an active community where people actually know and support each other.

Find out more about how changing the paradigm can help make the world a better place:

The 7 Graces of Marketing BOOK COVER

The 7 Graces of Marketing: how to heal humanity and the planet by changing the way we sell, by Lynn Serafinn, where you can learn how the 7 Deadly Sins and the 7 Graces impact the world through media and marketing.

Brit Writers Awards Finalist

eLit Book Awards Silver Medal in Humanitarian & Ecological Social Issues

Tweep-e-licious: 158 Twitter Tips & Strategies for Writers, Social Entrepreneurs & Changemakers Who Want to Market Their Business Ethically, by Lynn Serafinn, which can help you learn how to create meaningful collaborations through Twitter and other social media.

eLit Book Awards Bronze Medal in Business and Sales

Get instant access to a free 90-minute Twitter marketing class at http://tweepelicious.com

Lynn Serafinn author of The 7 Graces of Marketing

LYNN SERAFINN, MAED, CPCC is a certified, award-winning coach, teacher, marketer, social media expert, radio host, speaker and author of the number one bestseller The 7 Graces of Marketing — How to Heal Humanity and the Planet by Changing the Way We Sell and Tweep-e-licious! 158 Twitter Tips & Strategies for Writers, Social Entrepreneurs & Changemakers Who Want to Market their Business Ethically. She is listed in the Top 20 of the Top Marketing Authors on Twitter by Social Media Magazine and was a finalist for the prestigious Brit Writers Awards. She also received the eLit Book Awards Silver Medal in Humanitarian and Ecological Social Affairs, as well as the Bronze Medal in Business and Sales.

Lynn’s eclectic approach to marketing incorporates her vast professional experience in the music industry and the educational sector along with more than two decades of study and practice of the spirituality of India. Her innovative marketing campaigns have produced a long list of bestselling non-fiction authors through her company Spirit Authors. Lynn is also the Founder of the 7 Graces Project CIC, a not-for-profit social enterprise created to train, support, mentor and inspire independent business owners to market their business ethically, serve society and planet, and restore all that is best about humanity.

Twitter: http://twitter.com/7GracesMarketng

Facebook: http://facebook.com/groups/7GracesGlobalGarden

MeetUp: http://www.meetup.com/7-Graces-Global-Community-London
(not just for Londoners, as we meet also on Skype)

This entry was posted in Blog, Blogging, Lynn Serafinn, Marketing Tips, New Paradigm and tagged , , , , , , . Bookmark the permalink.

3 Responses to 4 Vital WordPress Plug-ins to Keep Your Blog Safe and Secure

  1. Great suggestions for improving security on a WordPress site. I wondered if there was a reason you didn’t mention some of the all inclusive security plugins. I use Better WP Security because it helps implement all the best practices for security.

    For backups, I use BacupBuddy because of the ease of restoration.

    • Hi Brandy. I had BackupBuddy on one of my sites, but it didn’t seem to work with all of them. I’m not familiar with Better WP Security, but I’ll have to look into it. Thanks for mentioning them. I’m sure our readers will appreciate it.

  2. Pingback: 5 Back-Office Plug-ins to Make WordPress More Efficient | The 7 Graces of Marketing - ethical marketing for social entrepreneurs

Comments are closed.