Protect Your Site & Improve Site Speed
WordPress Security & Performance Optimization
Keep WordPress Sites Secure & Loading Quickly
WordPress Security & Performance Optimization Plugins, Services & Tools
Includes SSL, CDN, Cache, Backups, Uptime Monitoring & More
The first step in optimizing WordPress performance and security is choosing a good hosting provider. They might have features such as SSL Certificates, CDNs, backups, basic malware protection and other features included in their plans. They will also have optional server-side security upgrades. The resources listed here are used in addition to server-side upgrades. Most of these resources are WordPress-side upgrades. For clarity, WordPress is a CMS software installed on your hosting server. Optimal security includes both server-side security provided by your hosting and third parties, and WordPress-side security installed with or connected to WordPress.
Performance Optimization means keeping the site loading properly and quickly. This is important for the user experience and SEO. Security Optimization is also important for SEO. If a site gets hacked or goes offline then it can be flagged as unsafe and/or removed from search results, and it can take time to recover.
The Mirex Marketing Webmaster Service includes ongoing performance optimization and light security optimization. Yet, there are certainly ways to upgrade your site beyond what is included with the webmaster service. Mirex Marketing is generally not a hack repair service, though we can often restore a hacked website with the regular backups that are included with the Webmaster Service. For more severe hacks, the services of other parties may be needed. Your hosting provider might have an in-house hack repair service; Securi is also one of the best options for hack repair.
Featured:
Mirex Marketing Webmaster Plugin
This plugin is included with the Mirex Marketing Webmaster Service.
WP Rocket WordPress Performance Plugin (Paid)
The best WordPress performance plugin is included for free with Webmaster Service.
More Details
The button link will take you to the WP Rocket website. If you are considering the Mirex Marketing Webmaster Service then wait to buy this since it will already be included at no additional cost.
Cloudflare Content Delivery Network (CDN) (Free & Paid)
A popular and free CDN with paid upgrades, setup available with Webmaster Service. CDNs are described further below.
Fastly CDN
Their team has met with us personally which is unusual for Saas. They have a free tier which they claim is better than Cloudflare.
More Details
It’s not common for development teams at Software As A Service (Saas) companies to meet with agencies or partners like the Fastly team did with us. It was impressive that they took the time to do that.
The free tier of Fastly comes with $50/mo worth of CDN traffic. We are not sure yet whether that will result in throttling or not. No credit card is required to try their service. We will set this up as part of the Webmaster Service if you decide to try Fastly instead of Cloudflare.
Secure Sockets Layer (SSL) Certificates
SSL Certificates are noted here because it is an important security feature of websites, and it changes your domain name from http:// to https:// (the “s” is for secure). While this feature was traditionally only considered for ecommerce sites that accept credit card payments, it is now a required feature for all business-grade websites and it’s an SEO ranking factor.
An SSL Certificate is generally acquired through your hosting provider or domain name registrar (see above), and it’s often included with your plan at no additional cost (though paid upgrades are available). You can still purchase an SSL Certificate from a provider that is not your hosting provider or domain name registrar, but that might take additional setup. Kudos to Let’s Encrypt for providing many of the Free SSL Certificates available from hosting providers and influencing the market in general to include SSLs with hosting plans for a safer internet.
Simple and Performant Security WordPress Plugin (Free & Paid)
Formerly Really Simple SSL, now has many more security features.
More Details
This plugin can be used to ensure that all links on the site are correctly configured to https when there is an SSL certificate, including links to images. Originally that was the main purpose of the plugin but they have also added security features for WordPress hardening, two factor authentication, login protection and vulnerability detection. The paid upgrade of the plugin also has a firewall and advanced features.
Additional Content Delivery Networks (CDNs)
A CDN is a Content Delivery Network which is good for website security and loading time. It makes copies of your site on different servers throughout the network worldwide so it can be delivered quicker to the browsers of nearby users. These are alternate options to Cloudflare and Fastly, which are featured above. Even if your hosting provider includes a CDN, you possibly still use an additional one. You might not need an additional one and if you used an additional one it would only be one.
Rocket CDN
CDN service for WP Rocket performance plugin, powered by Bunny CDN
More Details
The WP Rocket performance plugin can work with any CDN. It’s very common to combine it with Cloudflare. If you prefer to use WP Rocket’s CDN then this is it.
Bunny CDN
The CDN behind Rocket CDN, available whether you’re using WP Rocket or not. Competitive usage pricing.
Sucuri CDN
The CDN provided by what is probably the best WordPress security service.
More Details
Sucuri is noted further below as one of the best WordPress security services. This is their CDN.
Imperva CDN
Frequently on popular CDN lists for WordPress.
Key CDN
Frequently on popular CDN lists for WordPress.
Jetpack CDN
Could be used if you’re using other Jetpack features. Their VideoPress CDN can also be used in conjunction with other CDNs for better video experience.
Amazon Cloudfront
Probably a decent product since it’s owned by Amazon.
Google Cloud CDN
Probably a decent product since it’s owned by Google.
Microsoft Azure CDN
Probably a decent product since it’s owned by Microsoft.
General WordPress Secuirty Plugins & Services (Free & Paid)
Any one of these can be set up with the Webmaster Service; by default we include one of them for Security Optimization, and it’s usually Wordfence or Sucuri. Your hosting could be a factor on choosing one or none of the ones listed.
Securi WordPress Security Plugin (Free & Paid)
Free WordPress Plugin with paid upgrades, setup available with Webmaster Service.
More Details
We recommend the paid features of Sucuri if you’re going to use Sucuri at all. Wordfence is a decent WordPress-side firewall which is free, yet Sucuri can offer both a WordPress-side and server-side firewall in additon to their other features and services. They are one of the top services for WordPress security if not the top, and they are recommended for hack repair if it ever happens.
Wordfence WordPress Security Plugin (Free & Paid)
Free WordPress Plugin with paid upgrades, setup available with Webmaster Service.
More Details
Wordfence is the most-used WordPresss side firewall. The free plugin is pretty powerful and they have very nice paid upgrades. For the Webmaster Service you’d pick this or Sucuri or a suitable substitute.
Jetpack Protect Plugin, Paid Security Upgrades
The recommended security features are paid upgrades, powered by WP Scan.
More Details
We recommend using paid upgrades of Jetpack if you’re going to use Jetpack at all. All their free features have free alteranatives that are generally better. Their paid upgrades include some nice security features. Jetpack is created by Automattic, the creators of WordPress.
Defender Pro Security Plugin by WPMU DEV
Reasonable option if you have other WPMU DEV WordPress plugins
WP Scan: Enterprise WordPress Security
Enterprise WordPress security by Automattic, the creators of WordPress.
WordPress Security Plugins For Specific Features (Free & Paid)
Many of these features are available with the general security plugins above. These are additional options that would only be added if needed and if there are no conflicts with any other installed plugins.
Akismet Spam Protection Plugin (Free & Paid)
Default WordPress plugin to reduce spam, Free & Paid, Requires setup.
More Details
Akismet is free for “personal” sites (wink, wink). At some point the usage might require paid upgrades. Akismet is a product of Automattic, the creators of WordPress. It connects your site with WordPress.com (do not confuse with WordPress.org) to use their spam protection technology.
Official Website (the button below goes to the plugin listing on the WordPress Plugin Directory)
Advanced Google Recaptcha Plugin (Free)
The “I am not a robot” addition to contact forms and WordPress comments.
Email Encoder WordPress Plugin (Free)
Encrypts Emails & Phone Numbers to protect from scraping.
More Details
Scraping is when software scans your site to collect contact information like emails and phone numbers. This plugin encrypts that information to prevent scraping.
An alternative is to not display email addresses and direct users to contact forms. Some people try to get by this by displaying emails as name [at] emaildomain.com. However some software is smart enough for that and it looks tacky.
Email Encoder has a free site scan to see if you have unprotected emails: https://wpemailencoder.com/email-protection-checker/
WordPress Spam Prevention can also be supplemented by customizing your contact form with required fields that most bots would not be smart enought to complete, and which does not comprimize the user experience. For many businesses, asking for the Zip Code would be relevant, in addition to the standard Name, Email, Phone and Message fields. See also Contact Forms. Another option to prevent it is to not publish email addresses in the content of the website. The contact form will be set up to the appropriate email already.
WP 2FA Plugin for 2-Factor Authentication (Free & Paid)
Prevents brute force attacks by adding an additional login requirement after a password is entered.
More Details
We are exploring the paid upgrades and will add a button if we feel it might be worth it.
2 Factor WordPress Plugin for 2FA (Free)
Prevents brute force attacks by adding an additional login requirement after a password is entered.
Inactive Logout WordPress Plugin (Free & Paid)
Logs users out when they have been inactive. Helps prevent unsupervised logged in sessions.
More Details
This is a very useful plugin for when your website has multiple users that login. You might have bloggers that login remotely or your site might be a forum or have members and other social features.
Official plugin site describes free vs premium features.
The link in the button directs to the free plugin download on the WordPress Plugin Directory.
Limit Login Attempts Reloaded Plugin (Free & Paid)
WordPress plugin to limit login attempts, prevents brute force attacks since bots can’t try infinite guesses.
More Details
Download the free plugin and see feature comparison for free and paid versions. The link in the button directs to the paid version.
The paid version has some nice features like performance optimization (makes sure brute force attacks don’t slow down the site as they are happening), deny login attempts by country, and other features.
Login Lockdown & Protection Plugin (Free & Paid)
Limit Login Attempts with IP blocking, Free Plugin with paid upgrades.
More Details
Where other “limit login attempts” plugins simply limit the number logins within a set period of time (like 24 hours), this one will note the IP address and prevent that IP from trying to access the site again.
The Pro Version has country blocking and other features.
The button directs to the free plugin. See official site for paid upgrades.
Password Policy Manager Plugin by miniOrange (Free & Paid)
Create and enforce strong password policies. Users can’t create passwords that are easy for people or bots to guess.
More Details
Mini Orange is a full fledged internet security provider, not just for WordPress sites. We are exploring their paid options. The button directs to the free plugin.
WordPress User Activity Log Plugins
Keep a log of the activity of each logged in user. See when they logged in, logged out and what changes were made.
Disqus Third Party Commenting System
Paid third party provider for WordPress comments.
More Details
WordPress is meant to be a social platform out of the box. Site visitors are supposed to be able to leave comments on blog posts and engage with the blog owner and authors. If your business is not actively blogging or you do not want the comments enabled then we can disable them as one security option. If you do want visitors to be able to comment but also want to prevent the comments functionality as a potential security point of entry, then Disqus offers an entirely seperate plaform just for WordPress comments. The comments area displays below blog posts which has a clean design. They also have some nice social features to increase user engagement.
The free version is ad-supported. The paid version is based on usage.
The section on Social Media and Content Tools has more resources for improving the social features of WordPress.
Additional WordPress Backup Plugins (Free & Paid), WordPress Website Migration Tools
The Webmaster Service includes regular backups of your WordPress website which are stored independent of your hosting provider. Your hosting provider may also provide backups. Below are additional backup resources. These are generally included here for creating backups manually, but they may have automated backup options too. They may also be good for WordPress Website Migration. Yet, we also provide free migrations with the Webmaster Service or if you choose Mirex Marketing Hosting.
Duplicator (Free & Paid)
Create a full copy or clone of your Website as a backup or to migrate to another hosting provider.
More Details
Download the free plugin from the WordPress Plugin Directory. The button goes to the paid version.
UpdraftPlus (Free & Paid)
Backup, restore and migrate WordPress websites.
More Details
Button directs to the free plugin. See official site for more details and paid plugin.
BackWPup (Free & Paid)
Backup and restore plugin for WordPress.
More Details
The button directs to the free plugin on the WordPress Plugin Directory. See their official website for support, plugin documentation and the paid version.
BlogVault (Free & Paid)
Backup WordPress sites and comes with free staging environment.
More Details
Your hosting provider may also provide a staging environment.
Staging is a private environment where you can make changes to your website before they become live.
The button directs to the free plugin. See their official website for more details and the paid version.
Shipper Pro by WPMU DEV (Paid)
Multi-site migration tool. They also have Snapshot Pro.
More Details
Shipper Pro by WPMU DEV is the only backup plugin we’ve found so far that claims to be specifically for multi-sites. Can other backup options serve multi-sites? Probably, but it’s interesting this plugin focuses on it.
WPMU DEV has a suite of plugins that are all available with the subscription, which is why this plugin or their other plugin Snapshot Pro could be good if you happen to be using any of their other plugins.
JetPack VaultPress (Paid)
A reasonable back up choice if you’re using other paid features of Jetpack.
More Details
Jetpack is a product of Automattic, the creators of WordPress.
Additional WordPress Performance & Caching Plugins (Free & Paid)
Caching is a another “copy storing” method that helps speed up websites. It’s different from CDNs mentioned above, but “copy storing” is a sufficient description for this page, and your CDN would have cloud server caching. For clarity (or futher confusion, but we hope not), there can be server-side caching, site-side caching and browser-side caching. These are “site cache” resources, but your browser also has caching functionality, which is browser-side caching. So, sometimes when we make updates to your website you might need to clear browser cache to see the updates. These plugins help with site caching, as well as CSS Minifying and other performance optimization.
These are only listed as options if you do not have the Webmaster Service. If you have the Webmaster Service then WP Rocket, the paid WordPress performance plugin featured above, is included for free and you would not need these. (It does not help to have more than one; that can actually create conflicts).
Some hosting providers are including site caching with their services now. Some have their own solution, some are using one of these options on the backend. If that is creating a conflict with your preferred caching solution then the host’s site cache option can often be disabled in WordPress settings.
WP Optimize (Free & Paid)
WordPress speed and performance plugin.
More Details
Button directs to free plugin. We are still exploring their paid features.
W3 Total Cache (Free & Paid)
WordPress speed and performance plugin.
More Details
Button directs to free plugin. Their official site has a free vs paid comparison table and the paid plugin.
WP Super Cache (Free)
WordPress speedi and performance plugin by Automattic.
Autoptimize WordPress Perfomance Plugin (Free & Paid)
WordPress speed and performance plugin.
More Details
Button directs to the free plugin. See official website for more details and the paid plugin.
Jetpack Boost Plugin, Paid Performance Upgrades
WordPress performance plugin, part of the Jetpack suite
More Details
Jetpack is a product of Automattic, the creators of WordPress. We recommend using the paid features if using it all since their free features have better free alternatives.
Hummingbird Pro Plugin by WPMU DEV
Reasonable option if you have any other WPMU DEV plugin.
Image Optimization Plugins
Large files, including large images, are one of the things that can slow down a site. Image Optimization Plugins help reduce the file size without compromising image quality when viewed on the web. (Image Optimization is also one of the reasons why random images cannot be downloaded from the web for print). Some Performance plugins above already include Image Optimization. These are well-known alternatives.
Imagify (Free & Paid)
WordPress Image Optimization plugin by the makers of WP Rocket.
More Details
This is the most recommended, especially if using WP Rocket.
The button directs to the free plugin. The plugin requires their service (connect to their website) which is also free up to about 200 images per month.
Smush Pro by WPMU DEV (Paid)
A reasonable option if you are using any other WPMU DEV WordPress plugin.
Supplemental WordPress Plugins For Specific Performance Features (Free & Paid)
These can be used in addition to your WordPress performance plugin (above) if needed and as long as they don’t create a conflict.
WP-Sweep (Free)
Cleans up WordPress database, revisions, old comments, etc.
More Details
It can useful to clean up the WordPress database every once in a while, though this should be used with caution. The revision history of posts can also useful especially if you ever need to restore an old revision.
Lazy Load by WP Rocket (Free)
Many image optimizer plugins above also have Lazy Loading of Images. Lazy loading is when the image does not load until the user scrolls down closer to it.
A3 Lazy Load (Free)
Many image optimizer plugins above also have Lazy Loading of Images. Lazy loading is when the image does not load until the user scrolls down closer to it.
Lazy Load for Comments (Free)
Similar to lazy load of images, comments don’t load until the user scrolls down closer to it.
Jetpack Videopress (Paid)
This is a CDN just for video content, it improves loading time of video and offers ad-free hosting of videos to improve the user experience.
Uptime Monitoring
No one wants their website to be down, especially when it’s such an important marketing tool. The Mirex Marketing Webmaster Service includes uptime monitoring. These are additional tools that can help.
Free Website Uptime Checkers
Use these free tools online to confirm if your website is live or down.
Uptime Robot, Free & Paid Uptime Monitoring
Automate uptime monitoring if not subscribed to the Webmaster Service, or if you’d like additional monitoring.
What's My DNS - DNS Propagation Checker
Check propagation status after recent DNS changes.
More Details
Changes to Domain Name Settings (DNS) can affect website uptime. The DNS has to propagate worldwide so that all servers in the world know where to send users who want to visit your website. This is the tool that hosting support will often refer to so that we can check if propagation is complete. Propagation can sometimes take 48 hours.
Additional WordPress Website Performance & Security Tools
These tools can also be used for WordPress Performance & Security Optimization.
Google PageSpeed Insights - Free
Free tool by Google. Why use any other tool for page speed tests?
Manually Optimize Images With Image Editors
Image and photo editor tools can be used to manually optimize images. See section on Content Tools.
Secure Password Generators
Secure password generators help you create random secure passwords.
More Details
These tools will let you generate random, secure passwords. You can decide how many characters to have (longer is more secure) and whether to have special characters (using special characters is more secure).
Sometimes similar tools are built-in to your browser or you can get browser extensions.
https://passwordsgenerator.net/
Any computer security software like Norton or McAfee will have a secure password generator. Sometimes this software will add the extension to your browsers or detect password fields and offer to imput a secure password for you.
Healthcheck & Troubleshooting Plugin (Free)
Used by developers to check plugin conflicts, created and maintained by WordPress.org Community.
Sucuri SiteCheck Scanner - Free Online
Use this free site scanner to see if your site has any malware.
HackerOne Bug Bounty by Automattic
More for developers, get paid to detect bugs and malicious code.
Some of the links to paid resources on this page might offer us a commission at no additional cost to you, if you click on the link on this page to get them. In some cases you might even get a discount by using our links. These are tools that we’d recommend even without the option to receive a commission. Paid or free, they were selected because either we’ve tried them or they have an outstanding reputation within the digital marketing community for being effective and well-developed. The only exception to that is when we provide links to other lists which we don’t control, but they may provide additional, useful resources.
WordPress Website Services
Do your business need a business-grade website?
Additional Marketing Resources
Find more information on suggested WordPress plugins, best WordPress hosting providers, tools for SEO and Social Media, and other tools that can be useful for your website and overall marketing. We aggregate these resources to help you save precious time.
Looking for Agency-Grade Resources?
In addition to the resources that we list freely and openly on the Resources section, which are intended for business owners and clients of Mirex Marketing, we have also compiled various agency-grade, developer-grade and publisher-grade resources available on the Downloads page.
Mirex Academy
What good is a tool or resource if you don’t know how to use it. Mirex Academy has multiple free and upgraded classes online which you can learn at your own pace. Check it out to become a rock star in your business.