Updated June 1, 2022
Reading Time: 2 minutesA WordPress Security Plugin Review
WordPress security is under attack. Literally. Back in April the number of brute force attacks on WordPress websites hit record highs. Although the major wave has subsided, we still see some websites where unauthorized login attempts total 10,000+ in a weekend. As my clients know (and appreciate), I am hyper-vigilant when it comes to WordPress security. I have several favorite WordPress security plugins that I routinely use. Recently I’ve been working with IP Blacklist Cloud’s developer to make it even better. This security plugin has undergone some major revamping. Let’s take a deeper look into what it offers and what’s on my update wish list.
Blocking Naughty IPs
When looking into IP blocking plugins I found many of them use a black box approach. You activate the WordPress security plugin and trust that the developer created code that does what it’s supposed to. Call me paranoid (I’m ok with that label, by the way) but I find this kind of code unacceptable. My clients rely on me to protect their website installations. I need to know what each plugin does and doesn’t do. I did find a Limit Login Plugin, but it only blocks an IP for a limited time.
IP Blacklist Cloud Functionality
This WordPress security plugin started out as pretty simple code. It showed you logins that failed. You could then manually block the IP. When we started to get hundreds of failed logins a day (rather than a handful), it became an onerous task. That’s when I decided to reach out to the Blacklist’s developer, Adeel Ahmed. Based upon my feedback and suggestions he added an automated blocking feature. Since I manage multiple websites, having the ability to block IPs across several sites on my servers was the next iteration. For a small fee you can install a PHP program on your server (host) where you can register websites and quickly block IPs across all of them.
On My Wish List
Adeel has been very responsive. For the PHP program, the one-time fee is very reasonable. In the next version, I’d like to see this WordPress security plugin add a little more intelligence. Namely, check the user name in the database before automatically blocking an IP. I’ve had clients accidentally lock themselves out and ended up with their IP blocked. Even so, IP Blacklist Cloud now hits my major criteria for a plugin:
- Number of downloads (shows adoption from others)
- Ratings (at least 3.5 out of 5 stars)
- Functionality
- Last time updated (indicates that code keeps pace with WordPress core changes)
Do you block IPs to protect your website? What other WordPress security plugins do you use?
Rick DeFabio
We continue to seek the most secure spam blockers for WP. Thanks for the article. We tried blocking the WP login server wide with moderate success. Your thoughts are appreciated.
Massimo Paolini
Excellent! Glad to know that the Web is just a little bit more secure.