5 Plugins to Keep WordPress Secure

This is a guest post by Mr. I.

Some days ago a reader asked Daniel for advice when his blog got hacked. Daniel recommended some good security measures to keep WordPress safe. In case you missed it, read the post here: What if my WordPress Blog Got Hacked with the Google Redirect?

I applied the security measures that Daniel suggested and also searched for plugins that could help.

The following are the plugins I found that can make WordPress more secure.

1. Limit Login Attempts : This plugin blocks a user for 20 minutes after he enters wrong password 4 times (default values, can be changed). It is good way to avoid Brute Force attack .

2. Sabre :If you own a WordPress powered blog where users can register freely and see a lot of fake registrations, this plugin can stop fake user registration by bots. It can add image verification or math test to registration process among other measures to make sure fake users are not created.

3. Semisecure Login : This plugin increases the security of login process by using a public key to encrypt the password on client side. The server side then decrypts the password using the private key. Requires Javascript and PHP.

4. Bad Behavior : It checks the visitor’s IP against Project Honey Pot Database to see if it’s a spammer’s. If malicious, it can block that IP from accessing your blog.

5. Secure WordPress : This plugin keeps your WordPress installation secure with the help of little functions. It hides information regarding your WordPress version from non-administrators and plugin directory from visitors by dropping a blank index.php file.

All of these are WordPress 2.7 compatible.

Further reading: 3 Must Apply Security Tips for WordPress by Daniel.

Do not forget to share your plugins/tips that can make WordPress more secure.

Mr. I is a co-founder and one of the lead writers at Blogging With Success. If you liked this post, check out 50 Must Have WordPress Plugins for WordPress 2.7 by him.

Related Articles

Share

Sign-up To The Newsletter And Get A Free eBook


  • Sign-up to the Daily Blog Tips newsletter and you will be able to download the "Make Money Blogging" eBook for free (worth $47).
  • You will also receive tips to improve your blog, strategies to make money and useful resources from around the web.

33 Responses to "5 Plugins to Keep WordPress Secure"

  1. Daniel Scocco on March 4th, 2009 4:37 pm | Reply

    That project Honey Pot does not look reliable at all. I tried to visit your site and it blocked me saying my IP was blacklisted for email spam….

    And no, I don’t engage in spam activities. Even if I wanted to go it I would probably not send them from my house’s IP address.

  2. redwall_hp on March 4th, 2009 5:17 pm | Reply

    “All of these are WordPress 2.7 compitable”

    You might want to change that to “compatible.” :)

    Now that that’s out of the way, nice collection of plugins.

  3. NEO on March 4th, 2009 5:23 pm | Reply

    Oh, these are gret plugins! Good article idea!

  4. Rarst on March 4th, 2009 5:47 pm | Reply

    IP blocks are very bad idea. One of those supposed silver bullet solutions that is nothing but trouble in the long run.

  5. Mr. I on March 5th, 2009 12:11 am | Reply

    @ Daniel, I disabled plugin. See if you can access blog.

    @ Rarst I have learned it after this and have disabled Bad Behavior. It is better to let spam caught by Akismet then having no comments at all!

  6. atani on March 5th, 2009 12:35 am | Reply

    These are very good plug-ins!

  7. Eddie Gear on March 5th, 2009 1:03 am | Reply

    Thank you for sharing. I had read a post on plugin’s earlier today @ blogging with success. I guess I will add this to my list of must test plugin’s.

    Cheers,
    Eddie Gear

  8. chuckiesd on March 5th, 2009 1:14 am | Reply

    Good article. It good for blogger. Thanks buddy

  9. Adam on March 5th, 2009 3:30 am | Reply

    Thanks for these! Already making use of the two.

  10. The Frosty @WPCult on March 5th, 2009 5:14 am | Reply

    Very nice collection of plugins :)

  11. Mr. I on March 5th, 2009 5:36 am | Reply

    @ Everyone

    I just got the news that WP Security Scan has been updated. It works with WordPress 2.7.1 now. It is also good one for security.

  12. Tyrone on March 5th, 2009 10:00 am | Reply

    Yeah these are great plugins…….these will help you to keep your WordPress safe.
    Thanks for sharing these ideas.

  13. Chung Bey Luen on March 5th, 2009 12:14 pm | Reply

    Thanks for sharing. They are all essential to secure our blogs.

  14. Pink Ink on March 5th, 2009 12:38 pm | Reply

    Do you have any security tips for Blogger-users?

  15. Mr. I on March 5th, 2009 1:05 pm | Reply

    @ Pink Ink Well, Blogger users don’t have to worry much about security. Google’s servers are secure and it will be very hard to hack blogger blog.

    Just keep your Google account password safe!

  16. Blogging Tips on March 5th, 2009 3:49 pm | Reply

    nice post, simple blogging scripts that is open source are more dengeriouse l think, peoples who is some interested in stealing some information from other blogs can easyly find harmfull information on web how to infect or hack blogs. Matt and his developers work hard, yes but as microsoft, till they work harder there will be always peoples who will cont searching bugs.
    l think we should fine more ways how to secure our site with well known ways, like htaccess, password protected folders or securing config more than known; we can change the folder of config, we can rename it or else.
    wish better and secure days…

  17. Cross Business Tools on March 6th, 2009 1:35 pm | Reply

    Good set of plugins. A regular backup is always a good idea as well. While it won’t prevent a security breach, it will make it easier to recover from a hacked blog should one occur. I use a scheduled cpanel backup on all of my accounts, using a cron script found on the following site: http://tinyurl.com/66e9wv

  18. Ari Herzog on March 7th, 2009 5:29 am | Reply

    A related tip, Daniel, for you and your readers is not to use the same email address for logging into the blog and posting. Else, if one address is hacked, they’re both kaput.

  19. bansama on March 7th, 2009 8:06 am | Reply

    “IP blocks are very bad idea. One of those supposed silver bullet solutions that is nothing but trouble in the long run.”

    I don’t fully agree with this. IP blocking can be very effective as long as you manage it on a personal level. You shouldn’t rely on lists created by others as you never know the validity of such lists or their age.

    But if you create your own lists based on the behaviour of visits to your own site, as observed by yourself, then IP blocking can be effective.

    Using logs (and you could also use Askimet for this), I notice patterns such as spam always coming from a specific IP range or from the same IP on a constant basis. Blocking that range or specific address from posting comments for a period of time, is usually enough for that spammer to leave your site alone for good.

    And even after the address is removed from the block list, I have never seen it used again by a spammer =) The total amount of spam arriving on the sites I’ve tried this on also reduces but the amount of normal comments/form use has not changed for the worse.

  20. Newbie Affiliate Marketing & Paid Survey Advice on March 7th, 2009 3:16 pm | Reply

    Thanks So much, I have none of these installed on my blog……but now I do :)

    Thanks again.

  21. Tyrone on March 10th, 2009 9:26 am | Reply

    Hey I have downloaded plugins, but some of them are not working properly.

  22. Mr. I on March 10th, 2009 10:13 am | Reply

    @ Tyrone Which ones?

  23. Anish K.S on March 12th, 2009 5:58 am | Reply

    can we change the admin directory wp-admin to any other, is it possible ?.

  24. Mr. I on March 12th, 2009 12:50 pm | Reply

    @ Anish K.S It is possible but would be too complex and can break the blog.

  25. Ruchi on March 14th, 2009 4:08 pm | Reply

    Thanks alot for sharing the information , I would like to try the first one, it seems intuitive.

  26. neon on March 21st, 2009 10:35 am | Reply

    thank

  27. neon on March 21st, 2009 10:35 am | Reply

    oky teşekkür web mastr

  28. Blog Promotion Quotes on April 21st, 2009 1:40 am | Reply

    Using logs (and you could also use Askimet for this), I notice patterns such as spam always coming from a specific IP range or from the same IP on a constant basis. Blocking that range or specific address from posting comments for a period of time, is usually enough for that spammer to leave your site alone for good.

  29. Blog Promotion Quotes on April 21st, 2009 1:57 am | Reply

    IP blocks are very bad idea. One of those supposed silver bullet solutions that is nothing but trouble in the long run.

  30. Charlotte Web Design on April 30th, 2009 6:26 am | Reply

    Hi! Thanks for this information, I really would like to learn how to do plugins. I’m only familiar with installing wordpress through a hosting server and also adding addons for Social bookmarking but somehow I think I need to know how to do plugins. Thanks for this info.

  31. Kenneth on May 15th, 2009 10:27 am | Reply

    nice list. bad behaviour should be switched with SpamTask I think.

  32. denbagus on June 4th, 2009 10:39 am | Reply

    nice posting .. thank you

  33. Keith Davis on November 15th, 2009 7:52 pm | Reply

    Thanks for these plugins.
    I’m already looking at “Limit Login Attempts”. Looks pretty good against brute force attacks.

    And I’ve seen “Secure WordPress” recommended by quite a few people.

    Good to see them both on your list.

Leave a Comment





Want your own money making website?

Popular Articles

Sponsors

Say Goodbuy to AdSense Performance Based SEO BlueSEO Submit Your Site to Dir Journal - A Search Engine Friendly Directory Flex Theme for WordPress