Business Web

10 Of The Best WordPress Security Plugins For Non-profit Websites

Best WordPress Plugins For Security
Written by MicroStartups

Originally released in 2003, WordPress is now the world’s most popular Website Content Management System (CMS). According to this recent article on, a staggering 27 million+ live websites on the internet are built with WordPress, accounting for 51% of the market share.

Why is WordPress so popular?

There are many Commercial and Financial advantages for non-profit Organisations to choose WordPress as their preferred website CMS.


WordPress is a highly cost-effective solution because it is built on an open source platform that is free for private and commercial use. This makes WordPress the number one choice for non-profits that are continuously working within budgetary constraints.


WordPress has a large developer community that continue to create thousands of plugins for the CMS. These plugins add multiple layers of features and functionality to your WordPress website. Many of these plugins are free to use, whereas others are “Freemium” plugins that provide a basic level of functionality free of charge – with upgrade paths to Premium or Pro versions that provide additional functionality for a one-off or annual cost.


WordPress is highly customisable, and there are thousands of free, affordable, and professional-looking site templates or themes online that have been developed for WordPress. Most of the time, these templates work “out of the box” but if you have a problem installing and configuring your template, then there’s always someone in the WordPress online community that will know how to fix your issue. If you need technical assistance, then you’ll find many WordPress developers online that provide assistance to Charities and non-profit organisations at preferential rates.


leading on from the points above, WordPress is very easy to setup, configure and maintain. From the WordPress dashboard, even novices can effortlessly create new pages and Blog posts in just a couple of clicks. Adding and updating written content and updating existing content through a user-friendly WSYWG editor is just as painless. Lastly, you can search for new plugins within the CMS and install them with a single click.

Popularity comes at a price (Security is a concern)

According to this report from Sucrui, approximately 90% of all hacked websites they investigated or fixed were WordPress websites. This represents a 7% rise between 2017 and 2018.

Because of its popularity, the WordPress CMS is a prime target for malicious hackers that that are constantly looking for vulnerabilities to exploit. Most WordPress websites use a multitude of plugins that have been developed by different third parties – creating numerous back doors that can potentially be infiltrated by Cyber Criminals if your plugin versions are not kept up-to-date.

Outdated Content Management System installations are also vulnerable to successfully hacking attempts. The team at WordPress work really hard to keep their CMS secure by releasing incremental updates to address security vulnerabilities and bugs (in addition to introducing new features and functionality) but it is down to the webmaster to ensure that your CMS version (and your plugins) are kept up to date at all times.

In short.

WordPress websites are vulnerable to Cyber Crime. Luckily, there are a number of free and affordably priced plugins available for non-profits that will help to protect your website and your intellectual property from the latest Cyber Security threats online. Here’s ten highly rated plugins that we’ve found on

10 of the best WordPress Security plugins for non-profit websites.

1. Wordfence.

  • Active installations – 3+ million
  • Star rating out of 5 – 4.8

With over 3+ million active installations and a 5-star rating from 3450 reviews on, Wordfence is an incredibly popular plugin that is frequently used on Commercial WordPress websites.

Wordfence combines a comprehensive selection of website security tools to provide maximum protection against the latest Cyber Security threats. Wordfence is a Freemium plugin. The main difference between the free and premium version is the frequency of data updates and the levels of response from the customer service team.

Wordfence features overview.

  • A real-time Web application Firewall that identifies and block malicious traffic.
  • Protects your site from brute force attacks by restricted login attempts.
  • A WordPress security scanner that scans your core website files themes and plugins.
  • Repair changed (potentially compromised) files by overwriting them within the WordPress CMS.
  • Vulnerability checks and automated alerts for potential security issues.
  • Two-factor authentication (2FA) to protect your user accounts.
  • Login page CAPTCHA.
  • Live traffic monitoring. Plus MUCH more.

Did you know? In the last 30 days, Wordfence has blocked over 4 billion malicious attacks and blacklisted over 65,000 malicious IPs.

Click here to visit the Wordfence plugin page.

2. All-in-one WP Security and Firewall.

  • Active installations – 800,000+
  • Star rating out of 5 – 4.8

The All-in-one WP Security and Firewall plugin is completely free of charge with no premium upgrade path, making it a great choice for non-profit organisations.

All-in-one WP Security and Firewall features:

  • Enhanced user account security.
  • User login security.
  • User registration security.
  • Database and file system security.
  • HT ACCESS and WP-CONFIG file backup and restore.
  • Blacklist functionality.
  • Firewall Functionality.
  • Brute Force login prevention.
  • Security scanning.
  • Comment Spam security.
  • Text copy protection.

The breakdown of the above features on the page is too long to feature on this Blog! To find out more, click on the link below to be taken to the official plugin page.

Click here to visit the All-in-one WP Security plugin page.

3. Google Authenticator – WordPress Two Factor Authentication (2FA).

  • Active installations – 20,000+
  • Star rating out of 5 – 4.5

If you’re looking for a standalone two factor authentication plugin, then Google authenticator from miniOrange ticks all the right boxes.

This simple plugin adds two-factor authentication (2FA) to your WordPress website login page in order to mitigate the risk of unauthorised access. This plugin also supports a selection of WordPress contact forms, including Ultimate Member, My Theme, Registration Magic and more. You’ll find a full list of compatible forms on the Google Authenticator plugin page.

Google Authenticator is a Freemium plugin that is free to use for one user. In addition to the free version, there is also standard, premium and enterprise editions available that include additional features and levels of functionality.

The FREE version of Google Authenticator includes:

  • User-friendly interface within the CMS.
  • Multi-language support.
  • Time and event based and one-time password authentication.
  • Brute force attack monitoring.
  • IP Blocking.

4. Block Bad Queries (BBQ!)

  • Active installations – 100,000+
  • Star rating out of 5 – 5

Block Bad Queries (I prefer the name BBQ) does exactly what it says on the tin. The purpose of BBQ is to safeguard your WordPress site from malicious URL requests by checking incoming traffic and then blocking any requests that contain suspicious strings.

Block Bad Queries features:

  • Blocks a wide-range of malicious requests
  • Blocks executable file uploads and SQL injection attacks
  • Scans ALL incoming traffic – blocking bad requests
  • Zero configuration required – the plugin protects your site in the background
  • Regularly updated

BBQ is a freemium plugin. The free version is a more-than capable security solution for Non-profit websites, but if you’re looking for an enhanced level of security and control, then you may wish to purchase the Pro version, which starts from an affordable $20 (non-recurring). Visit the official BBQ page to check out the free vs pro comparison chart.

Click here to visit the Bad Block queries plugin page.

5. Anti-malware Security and Brute-force Firewall.

  • Active installations – 200,000+
  • Star rating out of 5 – 4.9

This highly-rated Freemium plugin is considered to be one of the best Malware scanning, detection and removal tools for WordPress websites. In addition, the plugin incorporates a solid Firewall that stops well-known malware instances from exploiting plugins that have known vulnerabilities.

The free version of this plugin features:

  • Malware scan – Manually scan, detect and remove backdoor scripts, database injections and other security threats.
  • Firewall – Block Malware that has the potential to exploit WordPress plugins with known vulnerabilities.
  • You’ll also be able to download definition updates that will help protect your site against new threats.

You’ll also be able to access the premium version of the plugin by donating an affordable sum through the plugin dashboard. Depending on the amount you choose to donate, you’ll have access to a number of premium features that include:

  • Block Brute-force and DDoS attacks through patching your wp-login and XML-RPC.
  • WordPress Core file integrity checks.
  • Automated definition updates when running a complete scan.

Also – when registering this plugin with (which stands for Get Off Those Maliciously Loaded Scripts) you’ll get access to the latest security definitions of known threats, patches for specific vulnerabilities and additional features such as automatic removal.

Click here to visit the Anti-Malware Security and Brute-Force Firewall page.

6.    NinjaFirewall.

  • Active installations – 30,000+
  • Star rating out of 5 – 4.8

Ninja Firewall is a powerful stand-alone web application Firewall that sits in front of your WordPress website, providing an advanced level of real-time protection against Brute-force attacks, including distributed attacks from thousands of different IP addresses.

Ninja Firewall is a Freemium plugin. The free version of this plugin provides an impressive level of protection against brute-force attacks for non-profit WordPress websites.

NinjaFirewall WP Edition (free) features:

  • The most powerful filtering engine currently available in the WordPress plugin.
  • The most efficient brute-force attack protection – processing incoming https requests before they reach your website.
  • File Guard real-time protection – altering you to any attempts to access any php files recently modified or created.
  • File integrity monitoring – scanning your website for any modifications, including file content, permissions, ownership, creation and deletion.
  • Live Log website traffic monitoring – watch your traffic in real-time through the Firewall, not the website (reducing the load on your website).
  • Event notifications – email alerts for specific events triggered within your website that could indicate a security breach, such as administrator login, modification of accounts and theme changes.

Plus MUCH more…

Click here to visit the Ninja Firewall plugin page.

7.    Really simple SSL.

  • Active installations – 3+ million
  • Star rating out of 5 – 4.9

An SSL certificate is an essential requirement for ANY website that handles personally identifiable information. If you’re not confident enough to setup an SSL certificate across your entire website correctly, then this plugin is the solution.

Really simple SSL is a user-friendly plugin that makes to easy to move your site to SSL. Once you’ve purchased and setup your SSL certificate, the Really Simple SSL plugin will automatically detect the SSL and change all URLS sitewide from http:// to secure https://.

Really simple SSL is a freemium plugin. For $59, you can purchase the Pro version of the plugin that includes the following features:

  • Mixed content scan – helps you troubleshoot your site if you don’t have a green padlock.
  • Enable HTTP strict transport security.
  • Mixed content fixer.
  • Detailed feedback on the plugin configuration page.
  • SSL certificate expiry notification.
  • Premium support from the developer. Click here to visit the Really Simple SSL plugin page.

8.    UpdraftPlus WordPress Backup Plugin.

  • Active installations – 2+ million
  • Star rating out of 5 – 4.8

I appreciate this plugin isn’t a security solution, but in the event of a successful Cyber-attack, it’s essential to ensure that your website files can be fully restored. The easiest way to do this is to install a Backup plugin that takes a copy of your website files and databases – backing them up to the Cloud.

According to their WordPress page, UpdraftPlus is the world’s most popular scheduled backup plugin for WordPress. This plugin allows you to backup your site to cloud services such as Dropbox, Google Drive, Amazon S3 and more. More importantly, you’ll be able to restore your entire website with a single click.

UpdraftPlus is a Freemium plugin. The free version is a more than capable backup solution for non- profits that are running on restrictive budgets, but if you’re looking for more features and options, then the Premium version includes incremental backups, additional storage destination options, database encryption, advanced backup reporting and premium support.

Click here to visit the UpdraftPLus plugin page on

9.    Loginizer.

  • Active installations – 900,000+
  • Star rating out of 5 – 4.9

Loginizer is a simple, yet highly effective plugin which protects your website against Brute-force attacks by blocking login attempts from an IP address that has reached a maximum number of retries. The plugin allows you to blacklist and whitelist IPs that attempt to login to your website.

Loginizer is a Freemium plugin. The premium version has over 15 additional features including 2FA via Email and App, Login challenge question, reCAPTCHA, rename login URL, Auto blacklist IPS and more.

The free version of Loginizer includes the following features:

  • Automatically Block IP after maximum retries allowed.
  • Extended Lockout after maximum lockouts allowed.
  • Email notification to the webmaster after maximum lockouts.
  • Blacklist and Whitelist IP ranges.
  • Check logs of failed attempts.

10.     WP Health.

  • Active installations – 8,000+
  • Star rating out of 5 – 4.9

WP Health is a WordPress installation monitoring plugin that will help you keep your WordPress CMS up-to-date and secure. WP Health presents the results of the WordPress installation checks in colour-coded sections, making it easy for you to identify and fix any issues quickly and efficiently.

A nice additional touch is a heart icon that appears in your dashboard bar if the checks have picked

something up that need’s attention.

WP Health checks the following information:

  • WordPress Version.
  • Database version.
  • PHP version.
  • Plugin version and updates.
  • Inactive plugins.
  • Admin username.
  • Non-supported plugins.
  • Plugins with vulnerabilities.
  • Themes.
  • SSL.
  • Comment spam.

Click here to visit the WP Health plugin page on

Final thoughts.

There are hundreds of free and affordable Security plugins available that allow non-profit Organisations to protect their WordPress websites on a budget. The above list contains some of the more popular plugins available, but there are many other security plugins that may be better suited to your specific requirements. Have you used any other WordPress security plugins that you can recommend? Let us know about them in the comments section below.

Not all plugins play well together.

Most plugins are easy to install and work out of the box, but sometimes, you may encounter compatibility issues between plugins. Because of this, it is important to ensure that you have a full backup of your website that can be restored before you attempt to install any new plugins. You have been warned,

Thanks for reading!

About the author.

Darcy Jones is a techie that enjoys writing articles about anything technology related in her spare time. Darcy regular contributes to Ohso Technical and enjoys writing guest blogs for other sites when given the opportunity!

About the author


A team of writers and marketers, MicroStartups was founded to inspire the entrepreneurial and business community to give back. We believe in business growth through giving and supporting the local community.

Leave a Comment