SiteGround Security Plugin
- All-in-one WordPress security solution
- Free & available for all WordPress Users
- Developed and supported by our WordPress experts
Protect your site on application level from the most common attacks hackers use to get to your site. SiteGround Security helps you avoid exploits of WordPress’ basic functionality
Stay safe from malware, exploits and other malicious attacks with the SiteGround Security plugin and embrace best security practices with a few clicks.
Secure your WordPress wp-admin panel by protecting your login from unauthorized visitors, bots and other attacks that can compromise your website.
Monitor your site’s visitors, pinpoint suspicious activities and prevent malicious attacks.
If you believe your website was compromised, the SiteGround Security plugin can help you take action immediately and prevent further damages.
Website owners tend to think that security is a complicated matter and postpone actions until they get compromised. With SiteGround Security plugin you are one easy plugin away from top-notch WordPress security.
Users don’t trust websites that show security warnings or have been clearly hacked. A secure site gives visitors peace of mind and creates credibility and trust.
Poor website security puts SEO rankings at risk. Google and other search engines punish exploited websites with lower rankings.
Vulnerabilities in a website’s code, plugins or other core features usually result in the site becoming inaccessible, loss of traffic and drop in sales.
Yes, our comprehensive WordPress security solution comes completely free.
Yes, the SiteGround Security plugin is available to all WordPress users.
The SiteGround Security was created both with securing and performance in mind from the start. Running two security plugins will simply slow down your website.
If you’re only interested in Jetpack’s security features, you can feel free to use the SiteGround Security plugin instead. We do not recommend using multiple security plugins because duplication of functionality may cause issues.
Our 2FA authentication system works only with Google Authenticator. The QR code won’t work with any other application.
The answer depends on whether you’re willing to put in the work to secure your site manually. If you’re on board with that idea, then no. If you don’t feel like you can put in the work to secure your WordPress manually, then yes, installing an all-in-one security plugin like the SiteGround Security plugin is a must.
WordPress is an overall secure software, but it's also the most widely-used one for building websites. That's what makes it a common target. The leading causes for WordPress attacks include the use of unreliable plugins, outdated software and themes, and weak passwords.
Often, hackers scan for specific vulnerable WordPress versions, preparing for mass attacks. Our plugin will hide your WordPress version from your site’s HTML code by default so you no longer fall under these attacks.
Editing code through the WordPress plugins and themes editor poses direct security risks from potential elevation of privileges and errors made by a regular site administrator. To help you avoid that the plugin will disable the themes & plugins editor by default.
RSS and ATOM feeds allow for content scraping, when bots extract content and data from a site, which can be used in attacks on your website. You can disable this functionality with a click from the plugin’s interface.
Your readme.html file can be used by attackers to compile lists of potentially vulnerable sites which can be hacked or attacked. SiteGround’s Security plugin allows you to delete the default readme.html file that comes with your WordPress core files and contains information about your website.
Attackers often try inserting and executing PHP files in public folders to add backdoors and compromise your site. The SiteGround Security plugin does not forbid the upload of files, but out of the box stops PHP files and malicious scripts from being executed and causing problems for your sites.
The XML-RPC is an old protocol used by WordPress to talk to other systems and many are using it for exploiting vulnerabilities, starting DDOS attacks and other malicious activity. That is why our SiteGround Security plugin disables this open access line to your WordPress application by default. If you use Jetpack and/or mobile apps you may want to enable the protocol from the plugin’s interface since those are valid users of the XML-RPC protocol.
The cross site script vulnerability, known as XSS, allows different apps and plugins to access information in your WordPress that they shouldn’t. By default the SiteGround Security plugin enables protection against XSS by adding headers instructing browsers not to accept JS or other code injections.
By default your WordPress login page can be accessed by any IP address or in other words by anyone. With the SiteGround security plugin you can limit the access to specific IPs or range of IPs in order to prevent brute-force attacks or malicious login attempts.
With the SiteGround Security plugin you can set a limit to the number of times a given user can attempt to log in to your wp-admin with incorrect credentials.
Attackers often exploit the default /wp-admin login URL for WordPress. Our security plugin allows you to customize your URL and avoid these attacks.
Two-factor authentication is one of the easiest and most secure ways to protect your data against hacking and identity theft. With SiteGround Security plugin you will start using a second password generated by an application on your smartphone in addition to your regular username and password. The same will apply for any admin & editor users.
Using common usernames like ‘admin’ often leads to unauthorized access. Our security plugin will disable the creation of common usernames by default and if you already have one or more users with a weak username, it will ask you to provide new one(s).
The Activity Log page of the SiteGround security plugin contains a log of all activity events on your website for the past 12 days. These include, but are not limited to: human visits, bot crawls, registered users activity, login attempts, and more. Monitoring the Activity Log can help you better understand your site’s audience and recognise suspicious visitors or activities.
This page logs all unknown visitors, such as bots or humans who have not authenticated as registered users of your site, registered visitors, and blocked visitors. Additionally, from this page you can block or unblock any IP you decide.
Reinstall all free plugins you currently have installed and use the same plugin versions in order to ensure that their codebase is not compromised by any attack.
If you believe that a user’s password has been compromised, you can instantly log out all active users. Once users try to log back in, they will be asked to change their password.
With SiteGround security plugin you can single handedly log out all active users without asking them to change their passwords, thus preventing any user from performing any more actions on your website.