You think the more secure blog, the more successful blogging job, don’t you? You can keep your blog secure by installing a bunch of WordPress security plugins. However, instead of activating too many plugins that have the same features, same purposes… and even some issues because of the conflicts between them, you should consider using only these top plugins that help you to do the job better.
Like the article? Be sure to subscribe to our RSS feed and follow us on Twitter to stay up on recent content.
Here is the list of Top 15 WordPress Security Plugins that have all the features you need. If you got some other plugins that are better, please help us to complete the list by dropping your thought in comment form.
Askimet and no more other plugin for spam protection
Akismet is a wonderful plugin for spam protection, really! It checks your comments against the Akismet web service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen.
I personally don’t use any spam prevention plugin but Askimet. Why do you need to install other plugins since you had Askimet. The spam filter of this service is really cool. I’m facing with not more than 1 spam comment a day!
AskApache Password Protect
With AskApache Password Protect, you can set password for your admin dashboard, also with any files folder in your web host without messing with your database. This plugin is specifically designed and regularly updated specifically to stop automated and unskilled attackers attempts to exploit vulnerabilities on your blog resulting in a hacked site.
Admin Log
I’m using this plugin to keep tracking all foot prints of users logged in to the blog admin area. This is updated every time a page in the admin area is accessed. Information displayed includes: admin page accessed, user, and time of access. However, this should be filtered better because it’s keeping some access pages that are unnecessary at all.
Secure WordPress
It will help to secure WordPress installation by removing miscellaneous items after the installation process which may aid hackers: Remove Error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.
WP-Ban
Ban users by IP, IP Range, host name, user agent and referer url from visiting your WordPress’s blog. It will display a custom ban message when the banned IP, IP range, host name, user agent or referer url tries to visit you blog. You can also exclude certain IPs from being banned. There will be statistics recordered on how many times they attemp to visit your blog. It allows wildcard matching too.
WARNING: When using the WP-Ban plugin, be very careful when banning certain IP addresses, especially your own. If you accidentally ban your IP address, you won’t be getting back into your blog until you acquire a new IP.
Limit Login Attempts – Login LockDown – User Locker
These plugins are very useful for protecting WordPress login page if you combine them into a set of 3.
Limit Login Attempts will shut down anybody who fails X number of logins from a specific IP address (using auth cookies). It keeps tracking all failed IPs, emails you in the event of a lockout, and is the perfect solution for keeping nosy relatives out of your admin area.. Download
—–
Login Lockdown is a great security plugin to prevent some people guessing your password to login to your site. It records the IP address and timestamp of every failed login attempt. This helps to prevent brute force password discovery. Download
—–
User Locker plugin is a great solution to limit the number of invalid logins for specific user. Once the plugin has been installed, it is set by default to lock the user’s account after 5 invalid login attempts. Furthermore, you can manually lock any user via plugin setting. This is a really helpful for some blog, magazine that have more than one user. Download
WP Security Scan
Nice plugin helps you to scan your WordPress installation for security vulnerabilities and suggests corrective actions: passwords, file permissions, database security, version hiding, WordPress admin protection/security…
Admin SSL
Secure WordPress login and admin pages for that extra bit of security with Admin SSL. This plugin forces SSL on all pages where passwords can be entered so that all information transmitted are encrypted. However, you have to own a SSL certificate before you can do it. If you are not willing to shell out the extra money to buy a private SSL certificate, you can ask your Web host about Shared SSL. Most webhosting provide Shared SSL for all their clients and it is easy to configure.
Stealth Login
Stealth Login obfuscates your login page by allowing you to define a custom login page rather than the default wp-login.php. In the event that your password is leaked, the hacker will also have a hard time finding the correct login URL. A good use of this is to prevent any malicious bots from accessing your wp-login.php file and attempting to break in.
WordPress Database Backup
WordPress database backup creates backups of your core WordPress tables as well as other tables of your choice in the same database. It’s very simple to use! If you need only the backup feature for your blog database, this is your best choice.
WP-DBManager
One of the widely used and one of the must have plugin for wordpress is WP-DBManager. A very popular plugin for database management. This plugin is not only perfect for doing automated backups, it can also do things like database optimization and the admin pages for it allow you to do the occasional query from within WordPress! You can schedule to back up your database and email it to your email. You can also run mysql query in plugin setting page. With WP-DBManager, you won’t need any other plugin for your wordpress database, you can find all the needed features in this all in one plugin.
TAC (Theme Authenticity Checker)
TAC helps you to scan your themes for any unwanted or potentially dangerous code. This is a helpful plugin for you to check any theme you download somewhere to make sure the theme is safe for using.
WP Sentry
This is a simple plugin just for privacy reason. WP Sentry restricts access to the post for specific users, groups…and a little more granular access controls.
Extended Reading:
There are some helpful articles and tutorials helps you to secure your WordPress better.
thanks fir the nice tip, some are new to me, the login attempt really worth to have ,
.-= sriganesh´s last blog ..Giveaway: 3 premium license for Banner Design Kit =-.
Nice, Added the secure wordpress plugin. Thanks for the heads up on site security.
.-= Lucas Cobb´s last blog ..The Principles of Design =-.
Thanks for the list. Some good resources there. Be interesting to see how many of these become standard in WP3.
Good post, I didn’t realize there where this many wordpress security plugins.
All web apps have security issues, you just have to keep the app updated and be smart about your web server security.
I like your “Enjoyed the Post” section. Is it a plugin, or just nice code with nice CSS wrapped around it?
.-= benwaynet´s last blog ..Searching for freebies =-.
Thanks bro, you are right, it’s not from a plugin!
Thanks friend for this post..
But using all these plugins will also open some doors into new issues..Maybe is one of them vulnerable.
.-= THB´s last blog ..Twistys Treat Of The Month – June – Angel Dark plays with her shaved pussy in bed =-.
Great article, I saved to my Delicious bookmarks so I can reference it later when we do a sweep/upgrade of all our WordPress installs.
I wrote an article (a while back) on securing WordPress with an .htaccess file in case your readers are interested:
http://www.josiahcole.com/2007/07/11/almost-perfect-htaccess-file-for-wordpress-blogs/
Hi Josiah,
Great article you have there. It’s definitely helpful to be included in this list.
Awesome list! Thanks! Will be working my way thru them for each site I work on!
nice list, akismet is like must use plugins to all wp users, thanks for sharing
.-= aditia´s last blog ..Creating Register and Login Form Using EXTJS and CodeIgniter =-.
http://wpantivirus.com plugin for more WordPress security.
some useful links thanks. though the only one im now looking into is the WordPress Database Backup
Indeed Secure WordPress is must have plugin for every WP Blog. Thank you so much for sharing fantastic plugin list
.-= Mandar Salvi´s last blog ..Symantec’s Public DNS Service – Enjoy Safe and Secure browsing with Norton DNS =-.
Wish I had this list last year before one of my WP sites got hacked! Hadn’t heard of a few of these before. I also use Invisible Defender which protects registration, login and comment forms from spambots.
Thanks for sharing this list.
Thanks for this awsome collection
Lam, great post and great-looking website!
Quick question for you before my comment: Are you using a plugin/widget to add your “author” and “Enjoyed this post?” boxes after each post? Please tell me how you’ve added those boxes.
Why are WordPress developers NOT building security into WordPress? Isn’t it a given WP owners need/want security?
Why should we have to scour the Internet searching among 1,000s of plugins for the necessary security?
Thank you,
Mike
Hi Mike,
Thanks for your kind comment. I’m not using plugin for the “author” and “Enjoyed this post?”. That are done by hand. You can do apply_filter to the content or do it in your template file.
“Why are WordPress developers NOT building security into WordPress? Isn’t it a given WP owners need/want security?” <- Really interesting question. I have no idea with that but not only with WP, other blog platforms which are open source don't have security built-in at all. However, because they are open source, we are not alone when we always have communities who are developing them together. In my opinion, all the plugins are useful; However, we choose what we need based on experiences and recommendation. That's why we can filter them between a thousand of plugins out there.
For those of use who don’t have SSL access, there’s a really great plugin called Semisecure Login Reimagined.
http://wordpress.org/extend/plugins/semisecure-login-reimagined/
This effectively gives you a secure login using both private and public key encryption without the SSL connection. It’s the next best thing to protecting your passwords.
Excellent blog, Keep posting like this.
Thanks for your great post , thanks again
Thanks for the plugins! I have recently downloaded one you didn’t include, Bad Behaviour, which is another great spam preventor with askimet!
Using Limit Login Attempts I’ve locked myself out a few times but the quickest way to gain access again was to rename the plu-in file via FTP. I believe this should work if one bans himself using WP-Ban. Renaming the plug-in’s folder or main file should automatically deactivate the plug-in and give you access to your blog again.
Nice blog, thanks for sharing
Thank you for the excellent list with plugins, i have a number of favourites to, such as the all known “All IN SEO “and also the easy privacy policy and also SEO friendly images (got some excellent results with it)and last but not least pretty links (great for cloacking) affiliate links…
These are very helpful tips and useful plugins, thanks for sharing, have mention your article in my post
Many thanks for these essential tips. I’m new to WordPress and I’ll definitely follow these up.
You mention Akismet, but I’ve found an excellent alternative; see wordpress.org/extend/plugins/spam-free-wordpress/. It is worth a look.