5 Plugins to Keep WordPress Secure

by Daniel Scocco


This is a guest post by Mr. I.

Some days ago a reader asked Daniel for advice when his blog got hacked. Daniel recommended some good security measures to keep WordPress safe. In case you missed it, read the post here: What if my WordPress Blog Got Hacked with the Google Redirect?

I applied the security measures that Daniel suggested and also searched for plugins that could help.

The following are the plugins I found that can make WordPress more secure.

1. Limit Login Attempts : This plugin blocks a user for 20 minutes after he enters wrong password 4 times (default values, can be changed). It is good way to avoid Brute Force attack .

2. Sabre :If you own a WordPress powered blog where users can register freely and see a lot of fake registrations, this plugin can stop fake user registration by bots. It can add image verification or math test to registration process among other measures to make sure fake users are not created.

3. Semisecure Login : This plugin increases the security of login process by using a public key to encrypt the password on client side. The server side then decrypts the password using the private key. Requires Javascript and PHP.

4. Bad Behavior : It checks the visitor’s IP against Project Honey Pot Database to see if it’s a spammer’s. If malicious, it can block that IP from accessing your blog.

5. Secure WordPress : This plugin keeps your WordPress installation secure with the help of little functions. It hides information regarding your WordPress version from non-administrators and plugin directory from visitors by dropping a blank index.php file.

All of these are WordPress 2.7 compatible.

Further reading: 3 Must Apply Security Tips for WordPress by Daniel.

Do not forget to share your plugins/tips that can make WordPress more secure.

Mr. I is a co-founder and one of the lead writers at Blogging With Success. If you liked this post, check out 50 Must Have WordPress Plugins for WordPress 2.7 by him.

Related Posts

Share

Sign-up To The Newsletter And Get A Free eBook


  • Sign-up to the Daily Blog Tips newsletter and you will be able to download the "Make Money Blogging" eBook for free (worth $47).
  • You will also receive tips to improve your blog, strategies to make money and useful resources from around the web.

33 Responses to “5 Plugins to Keep WordPress Secure”

  1. Daniel Scocco on March 4, 2009 4:37 pm

    That project Honey Pot does not look reliable at all. I tried to visit your site and it blocked me saying my IP was blacklisted for email spam….

    And no, I don’t engage in spam activities. Even if I wanted to go it I would probably not send them from my house’s IP address.

  2. redwall_hp on March 4, 2009 5:17 pm

    “All of these are WordPress 2.7 compitable”

    You might want to change that to “compatible.” :)

    Now that that’s out of the way, nice collection of plugins.

  3. NEO on March 4, 2009 5:23 pm

    Oh, these are gret plugins! Good article idea!

  4. Rarst on March 4, 2009 5:47 pm

    IP blocks are very bad idea. One of those supposed silver bullet solutions that is nothing but trouble in the long run.

  5. Mr. I on March 5, 2009 12:11 am

    @ Daniel, I disabled plugin. See if you can access blog.

    @ Rarst I have learned it after this and have disabled Bad Behavior. It is better to let spam caught by Akismet then having no comments at all!

  6. atani on March 5, 2009 12:35 am

    These are very good plug-ins!

  7. Eddie Gear on March 5, 2009 1:03 am

    Thank you for sharing. I had read a post on plugin’s earlier today @ blogging with success. I guess I will add this to my list of must test plugin’s.

    Cheers,
    Eddie Gear

  8. chuckiesd on March 5, 2009 1:14 am

    Good article. It good for blogger. Thanks buddy

  9. Adam on March 5, 2009 3:30 am

    Thanks for these! Already making use of the two.

  10. The Frosty @WPCult on March 5, 2009 5:14 am

    Very nice collection of plugins :)

  11. Mr. I on March 5, 2009 5:36 am

    @ Everyone

    I just got the news that WP Security Scan has been updated. It works with WordPress 2.7.1 now. It is also good one for security.

  12. Tyrone on March 5, 2009 10:00 am

    Yeah these are great plugins…….these will help you to keep your WordPress safe.
    Thanks for sharing these ideas.

  13. Chung Bey Luen on March 5, 2009 12:14 pm

    Thanks for sharing. They are all essential to secure our blogs.

  14. Pink Ink on March 5, 2009 12:38 pm

    Do you have any security tips for Blogger-users?

  15. Mr. I on March 5, 2009 1:05 pm

    @ Pink Ink Well, Blogger users don’t have to worry much about security. Google’s servers are secure and it will be very hard to hack blogger blog.

    Just keep your Google account password safe!

  16. Blogging Tips on March 5, 2009 3:49 pm

    nice post, simple blogging scripts that is open source are more dengeriouse l think, peoples who is some interested in stealing some information from other blogs can easyly find harmfull information on web how to infect or hack blogs. Matt and his developers work hard, yes but as microsoft, till they work harder there will be always peoples who will cont searching bugs.
    l think we should fine more ways how to secure our site with well known ways, like htaccess, password protected folders or securing config more than known; we can change the folder of config, we can rename it or else.
    wish better and secure days…

  17. Cross Business Tools on March 6, 2009 1:35 pm

    Good set of plugins. A regular backup is always a good idea as well. While it won’t prevent a security breach, it will make it easier to recover from a hacked blog should one occur. I use a scheduled cpanel backup on all of my accounts, using a cron script found on the following site: http://tinyurl.com/66e9wv

  18. Ari Herzog on March 7, 2009 5:29 am

    A related tip, Daniel, for you and your readers is not to use the same email address for logging into the blog and posting. Else, if one address is hacked, they’re both kaput.

  19. bansama on March 7, 2009 8:06 am

    “IP blocks are very bad idea. One of those supposed silver bullet solutions that is nothing but trouble in the long run.”

    I don’t fully agree with this. IP blocking can be very effective as long as you manage it on a personal level. You shouldn’t rely on lists created by others as you never know the validity of such lists or their age.

    But if you create your own lists based on the behaviour of visits to your own site, as observed by yourself, then IP blocking can be effective.

    Using logs (and you could also use Askimet for this), I notice patterns such as spam always coming from a specific IP range or from the same IP on a constant basis. Blocking that range or specific address from posting comments for a period of time, is usually enough for that spammer to leave your site alone for good.

    And even after the address is removed from the block list, I have never seen it used again by a spammer =) The total amount of spam arriving on the sites I’ve tried this on also reduces but the amount of normal comments/form use has not changed for the worse.

  20. Newbie Affiliate Marketing & Paid Survey Advice on March 7, 2009 3:16 pm

    Thanks So much, I have none of these installed on my blog……but now I do :)

    Thanks again.

  21. Tyrone on March 10, 2009 9:26 am

    Hey I have downloaded plugins, but some of them are not working properly.

  22. Mr. I on March 10, 2009 10:13 am

    @ Tyrone Which ones?

  23. Anish K.S on March 12, 2009 5:58 am

    can we change the admin directory wp-admin to any other, is it possible ?.

  24. Mr. I on March 12, 2009 12:50 pm

    @ Anish K.S It is possible but would be too complex and can break the blog.

  25. Ruchi on March 14, 2009 4:08 pm

    Thanks alot for sharing the information , I would like to try the first one, it seems intuitive.

  26. neon on March 21, 2009 10:35 am

    thank

  27. neon on March 21, 2009 10:35 am

    oky teşekkür web mastr

  28. Blog Promotion Quotes on April 21, 2009 1:40 am

    Using logs (and you could also use Askimet for this), I notice patterns such as spam always coming from a specific IP range or from the same IP on a constant basis. Blocking that range or specific address from posting comments for a period of time, is usually enough for that spammer to leave your site alone for good.

  29. Blog Promotion Quotes on April 21, 2009 1:57 am

    IP blocks are very bad idea. One of those supposed silver bullet solutions that is nothing but trouble in the long run.

  30. Charlotte Web Design on April 30, 2009 6:26 am

    Hi! Thanks for this information, I really would like to learn how to do plugins. I’m only familiar with installing wordpress through a hosting server and also adding addons for Social bookmarking but somehow I think I need to know how to do plugins. Thanks for this info.

  31. Kenneth on May 15, 2009 10:27 am

    nice list. bad behaviour should be switched with SpamTask I think.

  32. denbagus on June 4, 2009 10:39 am

    nice posting .. thank you

  33. Keith Davis on November 15, 2009 7:52 pm

    Thanks for these plugins.
    I’m already looking at “Limit Login Attempts”. Looks pretty good against brute force attacks.

    And I’ve seen “Secure WordPress” recommended by quite a few people.

    Good to see them both on your list.

Sponsors

Advertise Here Start Making Money Online in 12 Weeks! Get A Keyword Research Report Backlink Build Link Building Services Pay Only When You Rank - RankPay Flex Theme for WordPress

Popular Articles