It’s required that bloggers pay attention towards their blog security by not leaving any doors open for the hackers. If a hacker is absolutely determined to get into your blog then they’re probably going to succeed. But you can protect your wordpress quite much by using many plugins out there for wordpress.
Today I am writing about 15 Very important handpicked plugins which can help you to increase your wordpress blog security Level.
IMPORTANT NOTE: Suppose you are freely allowing people to register and submit guest post then what in that case? The answer to this I recieved was that you give them the special URL that you created if you trust them enough. For the most part, guest authors should not even be allowed in the admin panel unless they are authors of your site. If someone has written multiple posts for your blog then they can be trustable so you can give them the special url you created for login. Most top blogs take guest posts via email and if those guest authors become regular authors, only then they are allowed in the admin panel.
See one example screenshot to see how Google shows a warning page. In this case actually it didn’t harm my wordpress but my PC was having some junk file which was resulting in this fake page appearance.
But you can solve it easily as most of the times iframe viruses inserts there code into many files of your wordpress blog. WordPress Exploit Scanner searches the files and database of your website for signs of suspicious activity. It will not stop someone hacking into your site, but it may help you find any uploaded or compromised files left by the hacker. Make sure you use your brain and also take a backup of your database before doing anything.
This plugin can prove important because if a hacker gets one thing wrong, the error message will help him identify it and correct it. Other than this plugin have many other features like:
- Adds an index.html file to plugin-directory
- Removes the wp-version, except in admin-area
- Removes Really Simple Discovery
- Removes Windows Live Writer
- Remove core update, plugin-update and theme-update information for non-admins
7. Admin SSLThis plug-in will work with both the private and shared SSL connections and it will force a SSL connection in every page where password can or has to be entered like while logging into your wordpress dashboard i.e It will use “https://” instead of “http://”. It is very helpful to protect the admin area, posts and all the pages of your WordPress installation and secure the login page.
NOTE: This plug-in works only from WordPress 2.2 to 2.7.1.
8. AntiVirusThis plugin is very easy to use and it allows you to do manual testing with immediate result of the infected files. It you can also enable the option to scan your wordpress template daily and send a notification email when something infected is found. It’s just like your AnitVirus Software which you use on your computer.
Its purpose is not to replace prompt and responsible upgrading, but rather to mitigate 0-day attacks and let bloggers sleep better at night. It will also give you an option to send an email to you with a useful dump of information upon blocking a potential attack and much more.
VeriSign One Time Password for bank cards. Similar to that, this plugin enables you to login to your WordPress blog using passwords which are valid for one session only. One-time passwords prevent stealing of your main WordPress password in less trustworthy environments, like internet cafes, where chances are that anyone, even a noob person can steal your password if he make use of keyloggers programs to capture your information. See How it works.
It is most useful for situations where SSL is not available, but the administrator of the blog wishes to have some additional security measures in place without sacrificing convenience.
12. WP DBManagerIt is required that you should always have a backup ready during bad times because no one can say when the evil will attack. WP DBManager allows you to optimize database, repair database, backup database, restore database, delete backup database , drop/empty tables and run selected queries. It also supports automatic scheduling of backing up and then mailing it to your email ID and optimizing of database can also be done automatically.
13. SABRESabre stands for Simple Anti Bot Registration Engine. It’s a set of counter measures against spam registration on your blog. Your visitors are granted permission to register freely on your blog and now you are plagued by fake users automatically created by spammers? Sabre is the solution to stop definitely these robotized visitors!
THE SPECIAL TIPIt has been found that wordpress plugins can play a crucial role for hacking any wordpress blog. This is because some people download wordpress plugins from such sources where chances are that the plugin downloaded may contain some bad commands which are meant to take control over your blog through certain commands inputed inside the php file of that plugin.
The Screenshot below shows one secret website which I used during my olden days which I don’t think should be dis-closed here. In the screenshot you can see many listed plugins which are named towards some popular plugins but will cause damage to your wordpress blog.
So Keep these 2 things in mind before downloading and using any plugin:
1. I think you should always try your best to download the plugin from the WordPress Plugin Directory.
2. Many times the plugin maker doesn’t finds time or useful to list his plugin in the wordpress directory. In that case make sure you are downloading from Original source but before doing that first look at the comments made by people on that plugin to know whether or not it’s causing any problem or not. Also completely make sure that it is really the original plugin maker site because sometime what happens that hackers make review of the plugin on their fake blogs and place their download link which contains their bad plugin! So always Keep these things in mind.