Security Plugin Categories in WordPressTo understand the categories mentioned above, it's worth first mentioning the "Information Security Wheel." Generally, the wheel is divided into three categories: Detection, Protection and Response.
1. PreventionPrevention-based security plugins assist with perimeter defense of your WordPress website. Their main function is to prevent hacking. As such, they act as a firewall of a website. The biggest loophole in these plugins is twofold: 1) They are behind the influence curve; and 2) They are limited to the application layer. This means if a hacker wants to neutralize these plugins, they can do so by attacking them at the server level. Prevention-based WordPress security plugins help defend against the following types of attacks:
- Cross-Site Scripting
- Remote Command Execution
- Denial of Service
- Brute Force Attempts
- Remote File Inclusion Attack
2. DetectionSome of you might be thinking, “If I am protected, then why do I need threat detection capabilities?” The simple answer? You need to protect your website against viruses that are known. You cannot expect a plugin to prevent 100 percent of all threats. How do you choose an appropriate detection-based WordPress security plugin? To save you time and money, go with a plugin's popularity. Some plugins do file integrity checks, some do malware scans, and some do both. Some examples of plugins that assist with threat detection are Theme Authenticity Checker (TAC), Exploit Scanner, Sucuri Security and WP Antivirus Site Protection.
3. AuditingSecurity is not as we used to think, namely, set it and forget it. It's a process, which means you need to invest time and resources into it, observe the results, and make changes if necessary. If you’re an site administrator, then you also have to consider the following:
- Who is logging in?
- Should they log?
- What changes are they doing on a post?
- Did anyone install a plugin they shouldn't have?
4. UtilityThis is one of the biggest and diverse buckets in the realm of WordPress security plugins. Much of this category is reserved for maintenance tools. Think of a plugin that allows you to create backups or allows you to manage and administer your WordPress website remotely. The best part about these plugins is that you can configure them in the way you want them to function. Do it Yourself (DIY) kinds of features actually make them do almost everything you want them to do. Some WordPress security slugins in this categories include Wordfence Security, All In One WP Security & Firewall, and Acunetix WordPress Security Plugin.
Which WordPress Security Plugin Is Right for You?By now, you know what types of WordPress security plugins there are and some examples of each category. So, all you need to do is index your expectations, needs, and necessities according to these four types and choose a plugin that's best for you.