3 must-have plugins to keep your WordPress website safe
ep 24

Episode – 024 – 3 must-have plugins to keep your WordPress website safe

How do I keep my website safe? Did you know that the average website is attacked 44 times every day? And if any of those attacks are successful, it oculd seriously hurt your business online.

Some of the nasty things that could happen include your loss of your website or your private data and customers’ ones could be exposed. You definitely don’t want that to happen! So what can you do to stay safe? Just make sure your website is safe with one of these 3 best WordPress security plugins.

Useful Links:




Back up Plugin

Book a call with me

Free Kickstart Your Email Marketing Course

Book Your Power Hour


Have you subscribed to my podcast yet? If not, I’d love you to do that right away! I don’t want you to miss out on any of the goodies. I’ll be adding bonus episodes so if you’re not subscribed you’ll likely miss out on them.


I’d be so grateful if you left me a review over on iTunes, too. Reviews help people to find my podcast and give that extra visibility boost that will help me create more useful content for you.

Just click this link, and hit the button under the text “please rate and review” and let me know what you think of the podcast. Thank you so much!


Full transcription

Hello and welcome to episode 24 of the Online Business Tech Hub. This is Alessia, your host Tech Expert for Online Business Wwners on a mission to rescue my clients from tech disasters and in this episode, I want to share with you the 3 must-have plugins to keep your WordPress website safe.

Now, I don’t know if it has ever happened to you that your website has been hacked and all the content on the website was then deleted. You lost everything, all your blog posts, all the free resources pages, the webinar registration pages, all the text on the homepage, everything you lost, everything. I hope this has never happened to you, but I have to say that even though luckily it has never happened to me, I did get one client. She was desperate because her website had been hacked, she had lost everything and she didn’t have a backup. So terrible. I hope no one of you ever experience that. And this is the reason why I’m recording this episode today.

Now, the 3 plugins, the 3 tools I’m talking about today are very handy. I have tried all of them. They are very safe and reliable. You don’t need to use all 3 of them. You only need one, but I wanted to share with you different alternatives so that you know that there are alternatives and you can also try out and see which one works best for you.

Now a bit of stats before we dive into the three different tools. The average website is attacked 44 times every single day, and if any of those attacks is successful, it could seriously damage your online business because your hosting platform alone cannot protect you with all the threats. With all these attacks, some of the negative consequences that can arise from an attack with a security breach can include, for example, criminals can steal the data belonging to you and your customers like personal data. If you have your clients pay you for your services or courses through your website via a plugin on your website they could steal credit cards, private data from your business or from your clients could be exposed. Or then, as we said, the content of the website could be completely entirely deleted. And if you don’t have a backup, then everything gets lost. All the content is gone.

Now plugin number 1 is WordFence. It’s a WordPress security plugin that has some very effective features to protect your WordPress website. You can use the basic version. The basic version is actually free, so you don’t even have to spend any money on it. And it’s already more than enough key features. The basic version, the free one, you can use it on as many sites as many website as you need. So if you have 3 different websites, you can use it in all of the 3 different websites.

What does it do? It monitors visits and hacks attempts in real time. And it also includes the origin. So the country, the IP address, the time of the day, and how much time they spend on your site, how much time they tried to attack your site. It tracks and alerts you about password usage, so it alerts you if you need to change the password to access the back end of your WordPress website so that you can create stronger password immediately. It protects you from attacks because it limits login attempts if there are too many failed login attempts. So if I am a criminal and I want to hack your website and I try to login on the back end of your website, but I’m not getting the password right. I may have some hints about the password and I try to type in the right password. If I, for example, fail to type in the right password for like, I don’t know, five times ten times, then WordFence will stop the login page with the login process and will notify you that there has been many login attempts. Basically, if you want to pay for the Pro version, the Pro version lets you monitor all your website from one single dashboard. That’s very useful if you have many websites. If you have only one, it’s quite unnecessary, and the free plan is already more than enough.

Then another one we have is JetPack is possibly the most well-known plugin. It lets you scan your website for security vulnerabilities. It has a lot of installation, it’s possibly the most common security plugin used, and it has very reliable key features. So you get real-time backup of the website. So every time you make a change to the website, it’s been automatically backed up. So in case your website is being deleted and you lose all the content, you can quickly reinstall the very latest version you had created and you can restore your website with one click. It’s really easy to do.

The activity log tells you exactly which action or person broke your site, so it has a very specific indication about how the website had been hacked. There is a scanning system that keeps you safe for security threats. So basically they have this scanning method to keep track of the different threats that might potentially attack your website. It offers the spam protection by automatically blocking spam in blog post comments. So this is really common. If you have comments turned on your blog post, I’m sure that at least once it has happened that you get these really random spammy porn comments. And if you have Jetpack active, it will block these comments so you don’t have them to delete them or make them spam because Jetpack does that automatically.

The last thing is that Jetpack alerts you via email as soon as it detects that your WordPress website is down. So if the website goes down for whatever reason, then you immediately get an alert via email. So you know that something happened with your website and you need to go and check immediately. The free version of Jetpack has basic WordPress security features and you get a lot of extra features. But I have to say that I’ve been always using the free version and it’s already more than enough. It’s already sufficient if you have one website.

The last plugin that I want to mention is WPScan. This is a very user friendly tool. It’s been around since 2012, so it has a lot of experience and it keeps your website safe and secure on the back end. It works basically by archiving a lot of different non threats and reports the really important ones, the ones that may be affecting you directly, so you can avoid these unwanted threats and attacks.

Okay, so WP Scan is basically a huge archive of potential hackers and hack threats. Key features, it’s an open-source tool, and this functionality of scanning a WordPress website is kind of unique and especially this thing of pinpointing the security issues and flagging them up to you, which are in a way the most relevant for you. Then their database is updated all of the time, regularly, by community members and security specialists. So as soon as they detect new threats and new vulnerabilities, they update the archive, they update the database and you get immediately notified. If one of these attacks is being tried on your website, then it scans every single day automatically for these attacks to your website so that you get immediately a notification if there has been an attempted login, for example.

And generally speaking, Wpscan is a bit different than the other two that we spoke about Jetpack and WordFence, but it’s still extremely effective and it’s more of a community based software that gets updated and notifications of threats and vulnerabilities. There is a free version for the plugin, and it’s more than enough for the average website.

So as you can see, there are many options out there. These are the most popular, especially, I have to say, WordFence and Jetpack. So if you don’t have a security plugin, I strongly recommend that you install one, whether it’s WP Scan, Jetpack or WordFence, it doesn’t matter as long as you have one that keeps your website safe from attacks because you don’t want to lose your content. You don’t want your website to be deleted. You don’t want to risk that criminals take your own personal data or sensitive data, whether they are yours or your customers, you obviously don’t want that. And last but not least if you don’t have already a plugin that backs up your entire site every single day, make sure that you also install something Up Draft Plus, which is the plugin that I use, and it automatically backs up your website every single day.

So in case something happens, in case you lose your website, you can install it back in one click. It’s really easy. It’s also free. And these are really two simple ways of keeping your website safe. All right. This has been a very serious episode, but nonetheless, very important. I hope you enjoyed it, and I will talk to you next time.


Skip to content