Twitter
Email
RSS5 Plugins to Keep WordPress Secure
This is a guest post by Mr. I.
Some days ago a reader asked Daniel for advice when his blog got hacked. Daniel recommended some good security measures to keep WordPress safe. In case you missed it, read the post here: What if my WordPress Blog Got Hacked with the Google Redirect?
I applied the security measures that Daniel suggested and also searched for plugins that could help.
The following are the plugins I found that can make WordPress more secure.
1. Limit Login Attempts : This plugin blocks a user for 20 minutes after he enters wrong password 4 times (default values, can be changed). It is good way to avoid Brute Force attack .
2. Sabre :If you own a WordPress powered blog where users can register freely and see a lot of fake registrations, this plugin can stop fake user registration by bots. It can add image verification or math test to registration process among other measures to make sure fake users are not created.
3. Semisecure Login : This plugin increases the security of login process by using a public key to encrypt the password on client side. The server side then decrypts the password using the private key. Requires Javascript and PHP.
4. Bad Behavior : It checks the visitor’s IP against Project Honey Pot Database to see if it’s a spammer’s. If malicious, it can block that IP from accessing your blog.
5. Secure WordPress : This plugin keeps your WordPress installation secure with the help of little functions. It hides information regarding your WordPress version from non-administrators and plugin directory from visitors by dropping a blank index.php file.
All of these are Wordpress 2.7 compatible.
Further reading: 3 Must Apply Security Tips for WordPress by Daniel.
Do not forget to share your plugins/tips that can make WordPress more secure.
Mr. I is a co-founder and one of the lead writers at Blogging With Success. If you liked this post, check out 50 Must Have WordPress Plugins for WordPress 2.7 by him.
Got Your Free eBook?
- Subscribe to the Daily Blog Tips newsletter and you will be able to download the "Make Money Blogging" eBook for free.
- You will also receive tips to improve your blog, strategies to make money and useful resources from around the web.
Related Articles
33 Responses to “5 Plugins to Keep WordPress Secure”
Got something to say?
Sponsors
Recent Articles
- Book Review: Crush It!
- The Mass Guest Bloggging Strategy: Can You Do It?
- Should I Put My Product Landing Page Inside My Blog Or On A New Domain?
- BecomeABlogger.com Re-Opens With a $1 Trial
- Get Rich Blogging: Fact or Fiction?
- 20 Email Productivity Tips To Become an Email Master
- Check Out The Guest Posting Workbook
- Will My Readers Leave If I Accept Guest Posts?
- Are You Missing The Good Stuff of the DBT Newsletter?
- How To Write A Viral Blog Post: 7 Real Examples
- TechCrunch Hacked?
- Book Review: The Purple Cow
- 3 Smart Google Search Tips to Hunt for Guest Post Opportunities
- Check Out How Search Bots See Your Website
- 11 Things to Consider Before You Send the Next Email
That project Honey Pot does not look reliable at all. I tried to visit your site and it blocked me saying my IP was blacklisted for email spam….
And no, I don’t engage in spam activities. Even if I wanted to go it I would probably not send them from my house’s IP address.
“All of these are Wordpress 2.7 compitable”
You might want to change that to “compatible.”
Now that that’s out of the way, nice collection of plugins.
Oh, these are gret plugins! Good article idea!
IP blocks are very bad idea. One of those supposed silver bullet solutions that is nothing but trouble in the long run.
@ Daniel, I disabled plugin. See if you can access blog.
@ Rarst I have learned it after this and have disabled Bad Behavior. It is better to let spam caught by Akismet then having no comments at all!
These are very good plug-ins!
Thank you for sharing. I had read a post on plugin’s earlier today @ blogging with success. I guess I will add this to my list of must test plugin’s.
Cheers,
Eddie Gear
Good article. It good for blogger. Thanks buddy
Thanks for these! Already making use of the two.
Very nice collection of plugins
@ Everyone
I just got the news that WP Security Scan has been updated. It works with WordPress 2.7.1 now. It is also good one for security.
Yeah these are great plugins…….these will help you to keep your WordPress safe.
Thanks for sharing these ideas.
Thanks for sharing. They are all essential to secure our blogs.
Do you have any security tips for Blogger-users?
@ Pink Ink Well, Blogger users don’t have to worry much about security. Google’s servers are secure and it will be very hard to hack blogger blog.
Just keep your Google account password safe!
nice post, simple blogging scripts that is open source are more dengeriouse l think, peoples who is some interested in stealing some information from other blogs can easyly find harmfull information on web how to infect or hack blogs. Matt and his developers work hard, yes but as microsoft, till they work harder there will be always peoples who will cont searching bugs.
l think we should fine more ways how to secure our site with well known ways, like htaccess, password protected folders or securing config more than known; we can change the folder of config, we can rename it or else.
wish better and secure days…
Good set of plugins. A regular backup is always a good idea as well. While it won’t prevent a security breach, it will make it easier to recover from a hacked blog should one occur. I use a scheduled cpanel backup on all of my accounts, using a cron script found on the following site: http://tinyurl.com/66e9wv
A related tip, Daniel, for you and your readers is not to use the same email address for logging into the blog and posting. Else, if one address is hacked, they’re both kaput.
“IP blocks are very bad idea. One of those supposed silver bullet solutions that is nothing but trouble in the long run.”
I don’t fully agree with this. IP blocking can be very effective as long as you manage it on a personal level. You shouldn’t rely on lists created by others as you never know the validity of such lists or their age.
But if you create your own lists based on the behaviour of visits to your own site, as observed by yourself, then IP blocking can be effective.
Using logs (and you could also use Askimet for this), I notice patterns such as spam always coming from a specific IP range or from the same IP on a constant basis. Blocking that range or specific address from posting comments for a period of time, is usually enough for that spammer to leave your site alone for good.
And even after the address is removed from the block list, I have never seen it used again by a spammer =) The total amount of spam arriving on the sites I’ve tried this on also reduces but the amount of normal comments/form use has not changed for the worse.
Thanks So much, I have none of these installed on my blog……but now I do
Thanks again.
Hey I have downloaded plugins, but some of them are not working properly.
@ Tyrone Which ones?
can we change the admin directory wp-admin to any other, is it possible ?.
@ Anish K.S It is possible but would be too complex and can break the blog.
Thanks alot for sharing the information , I would like to try the first one, it seems intuitive.
thank
oky teşekkür web mastr
Using logs (and you could also use Askimet for this), I notice patterns such as spam always coming from a specific IP range or from the same IP on a constant basis. Blocking that range or specific address from posting comments for a period of time, is usually enough for that spammer to leave your site alone for good.
IP blocks are very bad idea. One of those supposed silver bullet solutions that is nothing but trouble in the long run.
Hi! Thanks for this information, I really would like to learn how to do plugins. I’m only familiar with installing wordpress through a hosting server and also adding addons for Social bookmarking but somehow I think I need to know how to do plugins. Thanks for this info.
nice list. bad behaviour should be switched with SpamTask I think.
nice posting .. thank you
Thanks for these plugins.
I’m already looking at “Limit Login Attempts”. Looks pretty good against brute force attacks.
And I’ve seen “Secure WordPress” recommended by quite a few people.
Good to see them both on your list.