Based on the investigation of several users who were hacked or defaced, we recommend several plugins that you should use on your WordPress website. The plugins we offer are 100% free and reduce the impact of being hacked / defaced.
BBQ
This plugin is our first recommendation because it is proven to reject php queries that contain base64 elements and other traffic with long urls (malware). This plugin is very simple, because you don't need to do anything for the settings. Detail.
Loginizer
Bruteforce protection is necessary for WordPress websites and mandatory for every individual with a WordPress website or blog. Loginizer is proven to be effective in protecting login bruteforce attacks from botnets on the internet. Detail.
Disable XML-RPC
This plugin is also simple, its function is to reject requests from xmlrpc which usually tends to be used by people to DOS your WordPress website. Because if the xmlrpc request is abused, it will affect the performance of your website to be slow.. Detail.
WP Force SSL
This plugin is useful for forcing all source elements on the website starting from images, css, js and so on to be forced to connect to the HTTPS protocol. Make sure your website already uses SSL first. Detail.
