You think the more secure blog, the more successful blogging job, don’t you? You can keep your blog secure by installing a bunch of WordPress security plugins. However, instead of activating too many plugins that have the same features, same purposes… and even some issues because of the conflicts between them, you should consider using only these top plugins that help you to do the job better.
Here is the list of Top 15 WordPress Security Plugins that have all the features you need. If you got some other plugins that are better, please help us to complete the list by dropping your thought in comment form.
Askimet and no more other plugin for spam protection
Akismet is a wonderful plugin for spam protection, really! It checks your comments against the Akismet web service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen.
I personally don’t use any spam prevention plugin but Askimet. Why do you need to install other plugins since you had Askimet. The spam filter of this service is really cool. I’m facing with not more than 1 spam comment a day!
With AskApache Password Protect, you can set password for your admin dashboard, also with any files folder in your web host without messing with your database. This plugin is specifically designed and regularly updated specifically to stop automated and unskilled attackers attempts to exploit vulnerabilities on your blog resulting in a hacked site.
I’m using this plugin to keep tracking all foot prints of users logged in to the blog admin area. This is updated every time a page in the admin area is accessed. Information displayed includes: admin page accessed, user, and time of access. However, this should be filtered better because it’s keeping some access pages that are unnecessary at all.
It will help to secure WordPress installation by removing miscellaneous items after the installation process which may aid hackers: Remove Error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.
Ban users by IP, IP Range, host name, user agent and referer url from visiting your WordPress’s blog. It will display a custom ban message when the banned IP, IP range, host name, user agent or referer url tries to visit you blog. You can also exclude certain IPs from being banned. There will be statistics recordered on how many times they attemp to visit your blog. It allows wildcard matching too.
WARNING: When using the WP-Ban plugin, be very careful when banning certain IP addresses, especially your own. If you accidentally ban your IP address, you won’t be getting back into your blog until you acquire a new IP.
These plugins are very useful for protecting WordPress login page if you combine them into a set of 3.
Limit Login Attempts will shut down anybody who fails X number of logins from a specific IP address (using auth cookies). It keeps tracking all failed IPs, emails you in the event of a lockout, and is the perfect solution for keeping nosy relatives out of your admin area.. Download
Login Lockdown is a great security plugin to prevent some people guessing your password to login to your site. It records the IP address and timestamp of every failed login attempt. This helps to prevent brute force password discovery. Download
User Locker plugin is a great solution to limit the number of invalid logins for specific user. Once the plugin has been installed, it is set by default to lock the user’s account after 5 invalid login attempts. Furthermore, you can manually lock any user via plugin setting. This is a really helpful for some blog, magazine that have more than one user. Download
Nice plugin helps you to scan your WordPress installation for security vulnerabilities and suggests corrective actions: passwords, file permissions, database security, version hiding, WordPress admin protection/security…
Secure WordPress login and admin pages for that extra bit of security with Admin SSL. This plugin forces SSL on all pages where passwords can be entered so that all information transmitted are encrypted. However, you have to own a SSL certificate before you can do it. If you are not willing to shell out the extra money to buy a private SSL certificate, you can ask your Web host about Shared SSL. Most webhosting provide Shared SSL for all their clients and it is easy to configure.
Stealth Login obfuscates your login page by allowing you to define a custom login page rather than the default wp-login.php. In the event that your password is leaked, the hacker will also have a hard time finding the correct login URL. A good use of this is to prevent any malicious bots from accessing your wp-login.php file and attempting to break in.
WordPress database backup creates backups of your core WordPress tables as well as other tables of your choice in the same database. It’s very simple to use! If you need only the backup feature for your blog database, this is your best choice.
One of the widely used and one of the must have plugin for wordpress is WP-DBManager. A very popular plugin for database management. This plugin is not only perfect for doing automated backups, it can also do things like database optimization and the admin pages for it allow you to do the occasional query from within WordPress! You can schedule to back up your database and email it to your email. You can also run mysql query in plugin setting page. With WP-DBManager, you won’t need any other plugin for your wordpress database, you can find all the needed features in this all in one plugin.
TAC helps you to scan your themes for any unwanted or potentially dangerous code. This is a helpful plugin for you to check any theme you download somewhere to make sure the theme is safe for using.
This is a simple plugin just for privacy reason. WP Sentry restricts access to the post for specific users, groups…and a little more granular access controls.
There are some helpful articles and tutorials helps you to secure your WordPress better.