Back in the day, I used the Limit Login Attempts plugin and Firewall 2. None of the sites I had running these two plugins ever got hacked because Firewall 2 really did a great job at blocking bad URL requests.

I was so happy to find WordPress Simple Firewall, because it is an upgrade of the old Firewall 2 plugin with the limit login cool down built in. It also does other great things which are so helpful to security:

1 – Several options for two-factor authentication. This is critical because if the worst case happens (i.e. someone gets your login creds), they won’t be able to login because they’ll be missing the second factor for authentication.

2 – A firewall that actually works. It doesn’t “throttle” bad bot requests, it stops them in their tracks.

3 – Other lock down options.

4 – Site audit trail.

5 – Automatic short-term blocking of IPs making too many bad requests.

It’s lightweight, well maintained, and thoughtful.

Other plugins focus on aspects of security that are not that practical or helpful, such as obscurity tactics, blocking IP addresses or countries, writing a bunch of .htaccess files that can break your site.

People often use features with other plugins that won’t actually do anything for your security. Some plugins aren’t really meant as security plugins so much as scanning tools. Others have so many options, users implement all the unhelpful ones and not the ones that matters.

This plugin is simple, and iControlWP has a great blog about everything you could wonder about in relation to the plugin’s features, so you can educate yourself and your clients if you build sites for others. And, best of all, it won’t break your site!