Top Powerful WordPress Security Plugins
WordPress is one of the most popular blogging platform, yet this popularity often make it one of the primary target for hackers. It’s being used by thousands of people all around the world. But because of the popularity, it’s getting more attention by hackers and spammers too. WordPress is very secure by itself, but there’s never too much ascertainable. For simple users,who don’t code a lot, plugins is the best way to secure your blog. They’re free, easily usable and safe. In this post, I take a look some plugins aimed at making your site even more secure.
1 - Login LockDown
Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Admisitrators can release locked out IP ranges manually from the panel.
2 - WP Security Scan
Scans your WordPress installation for security vulnerabilities and suggests corrective actions.
-WordPress admin protection/security
-removes WP Generator META tag from core code
3 - Admin SSL
Admin SSL secures login page, admin area, posts, pages - whatever you want - using Private or Shared SSL. Once you have activated the plugin please go to the Admin SSL config page to enable SSL, and read the installation instructions.
Each time you update Admin SSL, please read the FAQ and installation instructions in case there is some important information relating to the update.
1. Forces SSL on all pages where passwords can be entered.
2. Works with both Private and Shared SSL.
3. Can be installed on WordPress MU to force SSL across all blogs (only works if you have a Private SSL certificate installed) from WPMU 1.3 upwards.
4. Custom additional URLS (e.g. wp-admin/) can be secured through the config page.
5. You can choose where you want the Admin SSL config page to appear!
6. Works on WordPress 2.2 - 2.7; it will not work on previous versions.
4 - WordPress Firewall
This WordPress plugin investigates web requests with simple WordPress-specific heuristics to identify and stop most obvious attacks. There exist a few powerful generic modules that do this; but they're not always installed on web servers, and difficult to configure.
It intelligently whitelists and blacklists pathological-looking phrases based on which field they appear within in a page request (unknown/numeric parameters vs. known post bodies, comment bodies, etc.). Its purpose is not to replace prompt and responsible upgrading, but rather to mitigate 0-day attacks and let bloggers sleep better at night.
5 - Secure WordPress
Little help to secure your WordPress installation: Remove Error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.
1. removes error-information on login-page
2. adds index.php plugin-directory (virtual)
3. removes the wp-version, except in admin-area
4. removes Really Simple Discovery
5. removes Windows Live Writer
6. remove core update information for non-admins
7. remove plugin-update information for non-admins
8. remove theme-update informationfor non-admins (only WP 2.8 and higher)
9. hide wp-version in backend-dashboard for non-admins
10. Add string for use WP Scanner
11. Block bad queries
6 - AntiVirus
AntiVirus for WordPress is a smart and effective solution to protect your blog against exploits and spam injections. AntiVirus protection for your blog.
* WordPress 3.x ready: Design as well as technical
* Detect the current WordPress permalink back door
* Quick & Dirty: activate, check, done!
* Manual testing with immediate result of the infected files
* Daily automatic check with email notification
* Whitelist: Mark the suspicion as "No virus"
* Clean up after uninstall the plugin
* English, German, Italian, Persian, Russian
7 - Admin Log
Displays a list of all the admin pages accessed in the Blog admin area. This is updated every time a page in the admin area is accessed. Information displayed includes: admin page accessed, user, and time of access.
This is very useful if more than one person maintains your Blog, so you can see exactly who is accessing the admin pages, what they are doing, and when! The log is save as a text file called 'admin_log.txt', in the Plugin directory. This makes it easy to export for use outside of your WordPress Blog if required.
8 - Login Encrypt
Login Encrypt is a security plugin. It uses a complex combination of DES and RSA. It was first developed by ELSERVER for securing login in the hosting control panel, and then released as a WordPress plugin.
9 - WordPress Database Backup
WP-DB-Backup allows you easily to backup your core WordPress database tables.