Comments on: 7 Vulnerabilities Your WordPress Security Plugins Can’t Protect You From (And How to Fix Them Manually)

By: Martin Dubovic

Martin Dubovic — Sun, 16 Feb 2025 20:04:15 +0000

In reply to Frank Gomez. Thanks for bringing this up, Frank. You're right that different server setups might require custom configurations. I tried to write this from the perspective of the average WordPress user with a basic shared hosting plan. You could go down a pretty deep rabbit hole with this but then it wouldn't be an article anymore.

By: Martin Dubovic

Martin Dubovic — Sun, 16 Feb 2025 19:51:13 +0000

In reply to voldn.

Hey @voldn. I have a few ideas that could potentially help you troubleshoot, but first I need some information from you:

1. Which specific visitor counter service or plugin are you using?
2. Are you running your own server or using shared hosting?

This will help me better assist you. Thanks.

By: voldn

voldn — Fri, 14 Feb 2025 03:34:15 +0000

When you place the code in .htaccess, the visit counters stop working, and the loading speed of the site has increased, tell me how to fix disabling the visit counters.

By: Ivica

Ivica — Thu, 13 Feb 2025 13:26:24 +0000

In reply to Milk Snob.

“Regular updates, strong authentication methods, and backups are just as crucial as any security plugin.”
Couldn’t agree more, and that is what I have been doing on all of our sites since 2011. when I started working in WP, and out of all the important security things we must do – No 1 is for me always to setup backup system ASAP (we have several of backup systems: All in one WP migration, our Site Ground hosting daily backups and on some sites also BlogVault), and the 2nd one is to install security tools (Virusdie, MalCare, WP Activity Log, etc.).

By: Milk Snob

Milk Snob — Thu, 13 Feb 2025 12:47:44 +0000

This is a great reminder that security plugins alone aren’t enough to fully protect a WordPress site. Many users assume that installing a plugin is a ‘set-it-and-forget-it’ solution, but vulnerabilities like outdated themes, weak passwords, and human errors can still leave websites exposed. I especially appreciate the mention of server-side threats and social engineering risks—these are often overlooked. Regular updates, strong authentication methods, and backups are just as crucial as any security plugin. Thanks for shedding light on this!

By: Frank Gomez

Frank Gomez — Sat, 01 Feb 2025 18:25:47 +0000

This is good information but depending on your server stack you might need security headers added to Apache (Nexcess for example)