The standard WordPress installation is not impermeable to hacks. It is really important that you think about the security of your blog. Many websites even governmental websites are being hacked and your blog could also be hacked. It is possible that your blog will never be hacked, but to take some security steps is better to prevent it.
Here below are 13 nice plugins to make your WordPress bulletproof!
AskApache Password Protect
Advanced Security: Password Protection, Anti-Spam, Anti-Exploits. This plugin uses true built-in Security features to add multiple layers of security to your blog. Furthermore it it is regularly updated to stop attackers to exploit vulnerabilities on your blog.
Secure WordPress
Remove Error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.
Login LockDown
Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.
WordPress Ultimate Security
Our plugin identifies security problems with your WordPress Installation. It scans your blog for hundreds of known threats, then gives you a security “grade” based on how well you have protected yourself.
WP Security Scan
Scans your WordPress installation for security vulnerabilities and suggests corrective actions.
- passwords
- file permissions
- database security
- version hiding
- WordPress admin protection/security
- removes WP Generator META tag from core code
WP-Sentinel
A wordpress security system plugin which will check every HTTP request against a given set of rules to filter out malicious requests.
This plugin is able to block those kind of attacks :
- Cross Site Scriptings
- HTML Injections
- Remote File Inclusions
- Local File Inclusions
- SQL Injections
- Cross Site Request Forgery
- Login bruteforcing
- Flooding
WP-Sentinel will NOT check requests from the user logged in as administrator, so if you want to check the installation you have to log out first.
NoSpamNX
To protect your Blog from automated spambots, this plugin adds additional formfields (hidden to human-users) to your comment form.
BackUpWordPress
BackUpWordPress is a Backup & Recovery Suite for your WordPress website. This Plugin allows you to backup database as well as files and comes with
Anonymous WordPress Plugin Updates
Anonymizes the data transmitted during plugin update check. The plugin prevents WordPress from transmitting a list of active plugins, the blog url and WordPress version. Ideal for privacy-aware administrators of WordPress installations.
Admin Log
Need to see who is accessing what in your admin section? This Plugin logs admin activity, and shows the page, user information, and time of access.
Semisecure Login Reimagined
“Re-imagined” version of Semisecure Login that uses public and secret-key encryption to encrypt passwords when logging in.
Stealth Login
This plugin allows you to create custom URLs for logging in, logging out, administration and registering for your WordPress blog. Instead of advertising your login url on your homepage, you can create a url of your choice that can be easier to remember than wp-login.php, for example you could set your login url to http://www.myblog.com/login for an easy way to login to your website.
Copyright Proof
Digitally certify your blog posts – proving authorship, deterring plagiarists, and protecting copyright.
great list. I had 3 sites hacked within days of each other, getting them back live was a pain… Hopefully these’ll make it a bit easier or stop it completely, especially the backup one.
http://wordpress.org/extend/plugins/private-wordpress-access-control-manager/
Might be interesting as well.
Nice one! Thanks for sharing!
Very nice post. Good solid list of some decent WordPress security plugins. How about adding the BulletProof Security WordPress Plugin to the list? 😉
Thanks,
Ed