5 Plugins to Keep WordPress Secure

By Daniel Scocco

This is a guest post by Mr. I.

Some days ago a reader asked Daniel for advice when his blog got hacked. Daniel recommended some good security measures to keep WordPress safe. In case you missed it, read the post here: What if my WordPress Blog Got Hacked with the Google Redirect?

I applied the security measures that Daniel suggested and also searched for plugins that could help.

The following are the plugins I found that can make WordPress more secure.

1. Limit Login Attempts : This plugin blocks a user for 20 minutes after he enters wrong password 4 times (default values, can be changed). It is good way to avoid Brute Force attack .

2. Sabre :If you own a WordPress powered blog where users can register freely and see a lot of fake registrations, this plugin can stop fake user registration by bots. It can add image verification or math test to registration process among other measures to make sure fake users are not created.

3. Semisecure Login : This plugin increases the security of login process by using a public key to encrypt the password on client side. The server side then decrypts the password using the private key. Requires Javascript and PHP.

4. Bad Behavior : It checks the visitor’s IP against Project Honey Pot Database to see if it’s a spammer’s. If malicious, it can block that IP from accessing your blog.

5. Secure WordPress : This plugin keeps your WordPress installation secure with the help of little functions. It hides information regarding your WordPress version from non-administrators and plugin directory from visitors by dropping a blank index.php file.

All of these are WordPress 2.7 compatible.

Further reading: 3 Must Apply Security Tips for WordPress by Daniel.

Do not forget to share your plugins/tips that can make WordPress more secure.

Mr. I is a co-founder and one of the lead writers at Blogging With Success. If you liked this post, check out 50 Must Have WordPress Plugins for WordPress 2.7 by him.

Don't have a blog yet? Click here to start yours in 4 easy steps!


Share

33 Responses to “5 Plugins to Keep WordPress Secure”

  • Daniel Scocco

    That project Honey Pot does not look reliable at all. I tried to visit your site and it blocked me saying my IP was blacklisted for email spam….

    And no, I don’t engage in spam activities. Even if I wanted to go it I would probably not send them from my house’s IP address.

  • redwall_hp

    “All of these are WordPress 2.7 compitable”

    You might want to change that to “compatible.” :)

    Now that that’s out of the way, nice collection of plugins.

  • NEO

    Oh, these are gret plugins! Good article idea!

  • Rarst

    IP blocks are very bad idea. One of those supposed silver bullet solutions that is nothing but trouble in the long run.

  • Mr. I

    @ Daniel, I disabled plugin. See if you can access blog.

    @ Rarst I have learned it after this and have disabled Bad Behavior. It is better to let spam caught by Akismet then having no comments at all!

  • atani

    These are very good plug-ins!

  • Eddie Gear

    Thank you for sharing. I had read a post on plugin’s earlier today @ blogging with success. I guess I will add this to my list of must test plugin’s.

    Cheers,
    Eddie Gear

  • chuckiesd

    Good article. It good for blogger. Thanks buddy

  • Adam

    Thanks for these! Already making use of the two.

  • The Frosty @WPCult

    Very nice collection of plugins :)

  • Mr. I

    @ Everyone

    I just got the news that WP Security Scan has been updated. It works with WordPress 2.7.1 now. It is also good one for security.

  • Tyrone

    Yeah these are great plugins…….these will help you to keep your WordPress safe.
    Thanks for sharing these ideas.

  • Chung Bey Luen

    Thanks for sharing. They are all essential to secure our blogs.

  • Pink Ink

    Do you have any security tips for Blogger-users?

  • Mr. I

    @ Pink Ink Well, Blogger users don’t have to worry much about security. Google’s servers are secure and it will be very hard to hack blogger blog.

    Just keep your Google account password safe!

  • Blogging Tips

    nice post, simple blogging scripts that is open source are more dengeriouse l think, peoples who is some interested in stealing some information from other blogs can easyly find harmfull information on web how to infect or hack blogs. Matt and his developers work hard, yes but as microsoft, till they work harder there will be always peoples who will cont searching bugs.
    l think we should fine more ways how to secure our site with well known ways, like htaccess, password protected folders or securing config more than known; we can change the folder of config, we can rename it or else.
    wish better and secure days…

  • Cross Business Tools

    Good set of plugins. A regular backup is always a good idea as well. While it won’t prevent a security breach, it will make it easier to recover from a hacked blog should one occur. I use a scheduled cpanel backup on all of my accounts, using a cron script found on the following site: http://tinyurl.com/66e9wv

  • Ari Herzog

    A related tip, Daniel, for you and your readers is not to use the same email address for logging into the blog and posting. Else, if one address is hacked, they’re both kaput.

  • bansama

    “IP blocks are very bad idea. One of those supposed silver bullet solutions that is nothing but trouble in the long run.”

    I don’t fully agree with this. IP blocking can be very effective as long as you manage it on a personal level. You shouldn’t rely on lists created by others as you never know the validity of such lists or their age.

    But if you create your own lists based on the behaviour of visits to your own site, as observed by yourself, then IP blocking can be effective.

    Using logs (and you could also use Askimet for this), I notice patterns such as spam always coming from a specific IP range or from the same IP on a constant basis. Blocking that range or specific address from posting comments for a period of time, is usually enough for that spammer to leave your site alone for good.

    And even after the address is removed from the block list, I have never seen it used again by a spammer =) The total amount of spam arriving on the sites I’ve tried this on also reduces but the amount of normal comments/form use has not changed for the worse.

  • Newbie Affiliate Marketing & Paid Survey Advice

    Thanks So much, I have none of these installed on my blog……but now I do :)

    Thanks again.

  • Tyrone

    Hey I have downloaded plugins, but some of them are not working properly.

  • Mr. I

    @ Tyrone Which ones?

  • Anish K.S

    can we change the admin directory wp-admin to any other, is it possible ?.

  • Mr. I

    @ Anish K.S It is possible but would be too complex and can break the blog.

  • Ruchi

    Thanks alot for sharing the information , I would like to try the first one, it seems intuitive.

  • neon

    thank

  • neon

    oky teşekkür web mastr

  • Blog Promotion Quotes

    Using logs (and you could also use Askimet for this), I notice patterns such as spam always coming from a specific IP range or from the same IP on a constant basis. Blocking that range or specific address from posting comments for a period of time, is usually enough for that spammer to leave your site alone for good.

  • Blog Promotion Quotes

    IP blocks are very bad idea. One of those supposed silver bullet solutions that is nothing but trouble in the long run.

  • Charlotte Web Design

    Hi! Thanks for this information, I really would like to learn how to do plugins. I’m only familiar with installing wordpress through a hosting server and also adding addons for Social bookmarking but somehow I think I need to know how to do plugins. Thanks for this info.

  • Kenneth

    nice list. bad behaviour should be switched with SpamTask I think.

  • denbagus

    nice posting .. thank you

  • Keith Davis

    Thanks for these plugins.
    I’m already looking at “Limit Login Attempts”. Looks pretty good against brute force attacks.

    And I’ve seen “Secure WordPress” recommended by quite a few people.

    Good to see them both on your list.

Comments are closed.