14 free tools to improve website security

You yourself created your first website, spent a lot of time and effort on creating original content, promoting in social networks, and the site has already started to "take off", as strange things begin to happen to it. 

The site starts to work very slowly or even gives a 502 error, even worse if, when going to the resource, visitors see the message "this site may harm your computer". The site immediately falls in the search results.

It is even more offensive if this happens at the height of the season, and a solid percentage of orders is already formed from the site. This is because administration and support are no less important than promoting it, but they often start thinking about it only when faced with a problem.

If your site is just beginning to develop, and there is no money to hire an administrator, then below are several free tools to maintain the minimum security of the resource.

SITEGUARDING

Let's start with it, since the developer offers add-ons for many CMS: Joomla, WordPress, OpenCart, Magento, phpBB, PrestaShop, Drupal. Moreover, for each engine, there are ten or more extensions. I will list only for Joomla, for other engines the set is about the same.

• Antivirus Website Protection. Checks site files for malicious code, the free version does not have a scheduled launch, and the scan will have to be carried out only in manual mode.
• GEO Redirect. Allows you to redirect visitors to specific pages, depending on their geographic location. Prohibition of addresses from which hacking attempts are made, spam, brute force, and so on. The free version has a limit of 15 countries, but this should be enough for a regular site.
• GEO Website Protection. Performs almost all functions as GEO Redirect, but without forwarding visitors. At the time of this writing, the extension only exists in the free version without any restrictions.
• BadBot Protection.  Attempts to hack, replace and modify files are blocked, and some types of attacks are recognized. To activate the extension, you need to register.
• Admin Bruteforce Protection.  Protecting the admin panel from brute force attacks by installing recaptcha.
• Admin Protection. Allows you to change the address of the admin panel to your own. Email notifications about authorization in the control panel, blocking when trying to guess a password. At the time of this writing, the extension was completely free and without any restrictions.
• Website Blacklist Monitor. As the name suggests, your site's inclusion in Google blacklists is tracked, as well as Google, McAfee, Norton, BitDefender, PhishTank, WebSecurityGuard, Yandex Safe Browsing, and so on.

SUCURI

One of the reputable security resources specializing in Wordpress, but of the free extensions, only the scanner is available, which essentially provides information similar to information from other online crawlers. You will have to pay for the installation of protection from $ 199 per month.

VIRUSDIE

Scanning takes place through a file that needs to be uploaded to the server, so the CMS is irrelevant. But in the free version, scanning is available once a month (!), Traffic filtering, deletion of malicious scripts, and so on are not available.

I would consider this scanner as an addition to other tools.

WORDFENCE

One of the popular WordPress plugins, it has over a million installations, which says a lot. Despite some limitations in the free version, for example, blocking addresses by geolocation, in terms of capabilities, this is probably one of the best free plugins.

List of some features:

• Firewall. Filtration of malicious traffic. Unlike a paid subscription, the database is updated with a 30-day delay. Built-in malware scanner. Protection against brute force (attempts to guess passwords).
• Security Scanner. File integrity scanner, inclusion of malicious scripts, redirects and so on. The database update also occurs with a 30-day delay.
• Login Security. Hiding the address of the site admin panel, captcha, two-factor authentication, and so on.
• Wordfence Central. Track multiple sites from one panel.
• Security Tools. Tracking traffic and requests in real time with a graph.

CERBER SECURITY

In terms of functionality, the plugin is in many ways similar to Wordfence, the free version also has restrictions, for example, scheduled launch and automatic deletion of infected files. Also only used in Wordpress.

CDN (CONTENT DELIVERY NETWORK)

Of all the CDNs I know on a free plan, only Cloudflare has the ability to block malicious traffic. The service itself was described in some detail here, for those interested, you can read here: "CloudFlare: manage the clouds."

IMUNIFY360

This scanner stands alone, it is not integrated into the CMS, and it is unlikely that it will work to run it on the hosting, since there is not enough time for the script to work. Most likely, you will receive a 502 error - timeout exceeded. You will have to download the site archive to yourself and check it on a local server, since product support for Windows has been discontinued. How often the antivirus database is updated for free use is also not known. The developer may have discontinued support for the scanner. On the official site, support has stopped responding to users, the date of the last release on the site is unknown. It will also not work to update the database, most likely, Revisium has completely switched to work in a commercial direction.

ONLINE SCANNERS

In fact, all online scanners are more a statement of fact than a real help. The result of work for all online scanners is almost the same, so I'll just lay out them in a list.

• Virustotal
• SSL Labs
• Quttera
• SiteGuarding
• UpGuard
• Tinfoil Security
• Mozilla observatory

NO MORE FREE CHEESE?

As you have noticed, not a single application in the free version has full functionality on board. If a vulnerability is found in some plugin, and you have a free version of the WORDFENCE plugin, then you will receive an update only 30 days after the discovery.

That is, if within 30 days, after the vulnerability is made public, an attacker enters your site, then no firewall or antivirus will save you.

Why it happens? And everything is very simple. Somewhere company specialists study new malicious scripts, queries, vulnerabilities to compile a database, and these specialists, as strange as it may sound, receive a salary. Servers are working, canals and areas are rented. Finally, electricity is simply paid.

The goal of all free versions is the same - to entice the client to paid support, which will be approximately $99 to $300 per year. It seems to be a bit, but read the agreement carefully. For this money, no one guarantees that your site will be 100% protected from hacking.

You receive timely product updates and support within the scope of your tariff plan. No one will be held responsible for the irresponsible site owner who is responsible for most of the hacks. There are many reasons, and they have been voiced a million times: this is an untimely update, and the installation of "warez" extensions, and the installation of dubious software on your PC, and a visit to dubious resources.

CONCLUSION

Of course, everything depends on money, but if your site starts to generate income or for some other reason is important to you, hire an administrator. It is possible remotely. They usually have a lot of experience, and they work at a completely different level. And while your resource is developing, I hope a few simple tools will help to secure your site a little.