Recommended security plugin for ClassicPress

Hi,
For WordPress sites we use WordFence. Obviously that is not going to work well with ClassicPress.

What is the recommended security plugin to install for ClassicPress and help keep sites secured?

Cheers
Avrom

4 Likes

I use https://wordpress.org/plugins/wp-simple-firewall/ on all my sites

Paul has made a commitment to support CP and it does a great job. It recognises all the CP files in the scans.

Avrom, you might want to check out this thread where I am keeping track of the more important plugin options. "Must Have" Plugins List

5 Likes

Awesome, thanx!

3 Likes

I’m moving my sites over to Shield too and so far so good.

3 Likes

Have you tried NinjaFirewall?

I haven’t personally @joyously.

As it’s a WAF, I like the theory behind the way it works - i.e. traffic hits NinjaFirewall before it hits WordPress / ClassicPress, so on that basis it does sound interesting.

Is this something you use? How have you found it?

And have they said anything about supporting CP?

1 Like

I put it on one client WP 4.9 site, but they haven’t really populated the site yet, so I don’t know much about it.

1 Like

Not a plugin, but apache mod_security is a big help for security.

1 Like

I was just looking at NinjaFirewall in more detail and spotted this post on the Plugin Vulnerabilities site. That makes me a bit wary of it.

(Incidentally, I see that ClassicPress has its own subscription on the PV site now https://www.pluginvulnerabilities.com/product/plugin-vulnerabilities-subscription-for-classicpress/)

Agree, along with things like fail2ban and CSF/LFD. Server security is topmost priority for me but I still always add a security plugin in WP/CP.

1 Like

Mod_security, fail2ban, ImunifyAw for plesk, scheduled checks with clamav and maldet is my common setup.
Also proper file permisson/ownership (seems obvious but I saw a lot of chmod -R 777 done in the root folder of WP).

4 Likes

Hi Simone,
Thank you! What I am specifically asking about is security plugins for ClassicPress. Since the community use these plugins, they know which ones they like and recommend. :wink:

Cheers
Avrom

3 Likes

I use WPBruiser. I have one site that’s been under attack from a botnet in Romania for three weeks now, and WPB has managed it without causing any issues for genuine users.

5 Likes

@timkaye I wasn’t familiar with WPBruiser and took a look at the repo page. Looks like it’s potentially a good firewall and spam preventer, but what do you use for malware scanning?

1 Like

Apart from preventing spam registrations, logins and comments, the best approach to security for WordPress/ClassicPress is done from outside of WP/CP. So I never use a plugin for that. It comes too late and simply isn’t powerful enough. If you have a good host, then they should be managing all that for you.

4 Likes

Hi,
I gave up on Shield Security Pro. Paul is a great guy, and its a great plugin, but for me unusable. Far too complex, too many options, and messed up access on the back-end.

What would be a second choice security plugin from the CP community?

Given the nature of “security”, no matter which plugin you use, it’s going to have tons of options and settings. The only security plugin that is supporting ClassicPress at this time is Shield, so, it’s really the best option. And, at only $12/year for pro, it’s also a pretty great deal. I’m not affiliated, but, am a user.

4 Likes

I’m using Shield too on all my sites but I agree with you, Avrom. The interface is hard work. Every time I set up a new site I have to puzzle over it.

I do wonder how many of the options I really need, and if I could just make do with brute-force protection and disabling various unnecessary features in functions.php.

(and I also agree, Paul is a great guy).

2 Likes

The thing about a lot of these features is, you only need them, once you need them. :wink: I’m wondering if we might ask what ended up breaking on your site @Web242? Perhaps one of us can help, as well. I spent 3 hours configuring every last option in the plugin just yesterday.

@ozfiddler, what about exporting/importing the options from site to site? That’s built in.

1 Like

Not to the free version. :wink:

It worked out too expensive for all the sites I manage to go pro for all of them

I’ve been bugging Paul about better bulk pricing for a while now. They suppose to change pricing model “soon” and re-brand to ShieldSecurity.io - at least that’s what was announced this summer.

3 Likes