WordPress is one of the most popular blogging platform, yet this popularity often make it one of the primary target for hackers. The core of WordPress in itself is extremely secure and whenever new security vulnerabilities are found, the official team ensures that patches and upgrades are issued in a timely manner to address these. It is however possible to even further fortify your WordPress site through the installation and configuration of several free security related plugins. In this post, we take a look at 10 such plugins aimed at making your site even more secure.
Login LockDown records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.
WP Security plugin scans your WordPress installation for security vulnerabilities and suggests corrective actions. It will check for weak passwords, file permissions, database security, and also have option to hide the wordpress version number on the front-end.
WordPress has a nice built-in feature whereby which new versions of WordPress or its plugins are announced via the admin area. If you do not login the admin area often or not subscribed to RSS feed for update notification, then this plugin will email you each time a new theme, plugin or WordPress upgrade is released.
When hackers infiltrate a blog, the first thing they do is plant hidden files, disguised .PHP, and malicious .HTACCESS files in various directores. Their goal is to litter your WordPress installation and theme with links to their sites. WP-MalWatch performs a security scan of your WordPress installation nightly looking for evidence of foul play and if WP-MalWatch finds it, a dashboard widget will tell you were you should take a closer look.
Admin SSL secures login page, admin area, posts, pages – basically on all pages where passwords can be entered – using Private or Shared SSL.
This WordPress plugin investigates web requests with simple WordPress-specific heuristics to identify and stop most obvious attacks. It intelligently whitelists and blacklists pathological-looking phrases based on which field they appear within in a page request (unknown/numeric parameters vs. known post bodies, comment bodies, etc.).
This is a simple plugin to allow for access-restricted posting, allowing bloggers to discuss sensitive subjects without Google or the world finding the post. Users may be members of multiple groups. Multiple groups and multiple individual users may be allowed to view each post.
This plugin allows you to backup, restore, migrate your WordPress installation, both files and mySQL tables with a single click. When performing a backup, myEASYbackup creates a compressed data set file that can be stored outside the WordPress installation directory. A list of all data sets on the server is also logged in the admin area.
Admin log displays a list of all admin pages accessed in the Blog admin area. This is updated every time a page in the admin area is accessed. Information logged includes: admin page accessed, user and time of access.
This plugin allows you to setup password protection for your blog using either HTTP Basic Authentication, or you can choose to use the more secure HTTP Digest Authentication. The power of this plugin is that it creates a virtual wall around your blog allowing it to stop attacks before they even reach your blog to deliver a malicious payload.