It’s required that bloggers pay attention towards their blog security by not leaving any doors open for the hackers. If a hacker is absolutely determined to get into your blog then they’re probably going to succeed. But you can protect your wordpress quite much by using many plugins out there for wordpress.
Today I am writing about 15 Very important handpicked plugins which can help you to increase your wordpress blog security Level.
1. WP Security Scan
This highly popular Plugin shows two most over looked vulnerabilities in WordPress – the admin username and the table prefix. Both vulnerabilities are fixable and this plugin shows you how to do it. Other than that this plugin removes the WP ID META tag form WordPress core which could help a hacker also it turns off WordPress DB Errors. It have one scanner which brings up a list of files and directories on your server which it checks that they all have the correct permissions rules or chmod.
2. AskApache Password Protect
AskApache Password Protect adds some serious password protection to your WordPress Blog. Not only does it protects your wp-admin directory, but also your wp-includes, wp-content, plugins, etc. as well. In simple words this plugin creates a big wall to protect your wordpress with the use of username and password protection.
3. Stealth Login
This plugin allows you to create custom URLs for logging in, logging out, administration and registering for your WordPress blog. For example you can use URL like “http://www.myblog.com/lol” for logging into your administration panel. This plugin won’t secure your blog absolutely, but if someone does manage to crack or find your password then it can make it difficult for them to find where is login page.
4. WordPress Exploit Scanner
Sometimes from the server side or from your PC(while using FTP programs), virus gets uploaded automatically which makes your blog unfavorable to visit. It also did happen to me many times on my affiliate blogs and the result was that Google Shows a Malware Warning Page whosoever visits it.
See one example screenshot to see how Google shows a warning page. In this case actually it didn’t harm my wordpress but my PC was having some junk file which was resulting in this fake page appearance.
But you can solve it easily as most of the times iframe viruses inserts there code into many files of your wordpress blog. WordPress Exploit Scanner searches the files and database of your website for signs of suspicious activity. It will not stop someone hacking into your site, but it may help you find any uploaded or compromised files left by the hacker. Make sure you use your brain and also take a backup of your database before doing anything.
5. Login LockDown
6. Secure WordPress
If you use above plugin i.e Logic Lockdown then I think you should also install Secure WordPress Plugin as it removes error-information on login-page (Logic LockDown will generate error when username-password entered is incorrect).
This plugin can prove important because if a hacker gets one thing wrong, the error message will help him identify it and correct it. Other than this plugin have many other features like:
- Adds an index.html file to plugin-directory
- Removes the wp-version, except in admin-area
- Removes Really Simple Discovery
- Removes Windows Live Writer
- Remove core update, plugin-update and theme-update information for non-admins
7. Admin SSL
This plug-in will work with both the private and shared SSL connections and it will force a SSL connection in every page where password can or has to be entered like while logging into your wordpress dashboard i.e It will use “https://” instead of “http://”. It is very helpful to protect the admin area, posts and all the pages of your WordPress installation and secure the login page.NOTE: This plug-in works only from WordPress 2.2 to 2.7.1.
8. AntiVirus
This plugin is very easy to use and it allows you to do manual testing with immediate result of the infected files. It you can also enable the option to scan your wordpress template daily and send a notification email when something infected is found. It’s just like your AnitVirus Software which you use on your computer.
9. WordPress Firewall
This WordPress plugin investigates web requests with simple WordPress-specific heuristics to identify and stop most obvious attacks. It intelligently whitelists and blacklists pathological-looking phrases based on which field they appear within in a page request (unknown/numeric parameters vs. known post bodies, comment bodies, etc.).
Its purpose is not to replace prompt and responsible upgrading, but rather to mitigate 0-day attacks and let bloggers sleep better at night. It will also give you an option to send an email to you with a useful dump of information upon blocking a potential attack and much more.
10. One Time Passwords
You might have heard about the VeriSign One Time Password for bank cards. Similar to that, this plugin enables you to login to your WordPress blog using passwords which are valid for one session only. One-time passwords prevent stealing of your main WordPress password in less trustworthy environments, like internet cafes, where chances are that anyone, even a noob person can steal your password if he make use of keyloggers programs to capture your information. See How it works.
11. Semisecure Login Reimagined
Semisecure Login Reimagined increases the security of the login process using an RSA public key to encrypt the password on the client-side when a user logs in. The server then decrypts the encrypted password with the private key. JavaScript is required to enable encryption.
It is most useful for situations where SSL is not available, but the administrator of the blog wishes to have some additional security measures in place without sacrificing convenience.
12. WP DBManager
It is required that you should always have a backup ready during bad times because no one can say when the evil will attack. WP DBManager allows you to optimize database, repair database, backup database, restore database, delete backup database , drop/empty tables and run selected queries. It also supports automatic scheduling of backing up and then mailing it to your email ID and optimizing of database can also be done automatically.
13. SABRE
Sabre stands for Simple Anti Bot Registration Engine. It’s a set of counter measures against spam registration on your blog. Your visitors are granted permission to register freely on your blog and now you are plagued by fake users automatically created by spammers? Sabre is the solution to stop definitely these robotized visitors!
14. Invisible Defender
This plugin protects registration, login and comment forms from spambots by adding two extra fields hidden by CSS. Actually almost all the spambots fills in all the fields according to it’s script structure but real humans can’t see these hidden fields thus if all the fields gets filled up then it is considered as a spambot. These two extra fields are hidden with CSS rule, so they will not be visible for most users. Only users with text-based browsers (and very old ones which not support CSS) will see them, but don’t be afraid – plugin has special message for them.15. WordPress File Monitor
This simple plugin monitors your WordPress installation for added/deleted/changed files regularly. When a change is detected an email alert is sent to a specified address. It also gives you the ability to exclude directories from scan (for instance if you use a caching system like WP Super Cache that stores its files within the monitored zone).THE SPECIAL TIP
It has been found that wordpress plugins can play a crucial role for hacking any wordpress blog. This is because some people download wordpress plugins from such sources where chances are that the plugin downloaded may contain some bad commands which are meant to take control over your blog through certain commands inputed inside the php file of that plugin.The Screenshot below shows one secret website which I used during my olden days which I don’t think should be dis-closed here. In the screenshot you can see many listed plugins which are named towards some popular plugins but will cause damage to your wordpress blog.
So Keep these 2 things in mind before downloading and using any plugin:
1. I think you should always try your best to download the plugin from the WordPress Plugin Directory.
2. Many times the plugin maker doesn’t finds time or useful to list his plugin in the wordpress directory. In that case make sure you are downloading from Original source but before doing that first look at the comments made by people on that plugin to know whether or not it’s causing any problem or not. Also completely make sure that it is really the original plugin maker site because sometime what happens that hackers make review of the plugin on their fake blogs and place their download link which contains their bad plugin! So always Keep these things in mind.
