Basic security and anti-spam plugins

When you start a project with WordPress one of the first moments is to choose the plugins that we are going to use, and especially those of security and antispam.

Another basic rule is to have the least possible plugins, although, personally, I prefer to adjust it to having the minimum specific plugins necessary. A mega plugin that does 10 things and can be stepped on with other plugins is not the same as several very specific small plugins.

In addition, another important element is to follow the privacy rules, so we will try to make them plugins that do not send information to third parties.

In this case we are going to look for some essential plugins.

NOTE: These plugins have been tested with WordPress 5.9, so they should work in a range from WordPress 5.7 to WordPress 6.1

In terms of security, we are going to look for plugins that cover different points.


A firewall, or firewall, blocks requests to our WordPress that are undue or looking for some kind of security hole.

A simple and lightweight plugin is BBQ Firewall, an “install and go” plugin. It also has a Pro version.

Another point to take into account is the access screen. This part is surely the weakest of all WordPress so we must protect it twice.

On the one hand, we will install a system that prevents massive attacks. For this we will use a plugin in the style of Login LockDown.

In another line of work, we will have to protect password leaks or the possibility of users using weak passwords or that are publicly available.

In these cases we will activate a second-factor authentication plugin in the style of Two Factor.


Although WordPress comes with bloatware as standard as is Akismet, but this plugin sends to central servers all the information and private data.

As an alternative system we will use some WordPress functions and a plugin that helps us improve the internal potential.

The first of the items to use is Block List Updater. This plugin brings a list of keywords considered spam, and automatically includes it in the native WordPress listing section (in the Comments section).

To expand with a plugin that tries to detect patterns and other elements, and that is compatible with the previous one, we can use Antispam Bee.


Another element to always keep in mind in terms of security are copies or backups.

Ideally, at least, have copies in 2 or 3 sites. Usually the hosting provider will provide us with one available with its own tools and restoration systems.

On the other hand, we can use a plugin that helps us do this. There are many and you have to try them to find the system that works for us and where we feel comfortable.

I usually use Duplicator (and its Pro version), and BackWPUp.