The Best Security Plugins for WordPress

by WordPressSmith on May 10, 2010

Security should be everyone’s number one priority. This needs to be determined from the outset, and with WordPress’s growing popularity you can expect more and more hacks/hackers. If you have not heard already there are a few hacks already spreading through the WordPress community. However, there are plugins that can help patch up the WordPress CMS to help. My favorites are:

  1. Admin SSL (Download, Directoy): This administrator security plugin is very helpful to protect the admin pages, posts, secured logins, supports all SSL setups and encrypted cookie content. This plugin is compatible on wordpress 2.3-2.7 versions only.
  2. Akismet: This is a standard spam application that comes with WordPress by default. Be sure to set this up and have this running almost immediately.
  3. Angsuman’s WordPress Guard Plugin (Download): This plugin adds Double Security For WordPress Administrator Panel, Protection over wp-admin directory, and Protection Against Future Vulnerabilities. Adding password protection to /wp-admin/ adds a 2nd layer of protection around your blog’s admin area, login, and files. This forces an attacker or bot to attack this 2nd layer of protection instead of your actual admin files. This dramatically increases your security
  4. Authenticated WordPress (Download): The free Authenticated WordPress Plugin (compatible with all versions of WordPress) makes your blog content (posts, pages, categories etc.) accessible to registered users only. This allows you to display content to your users in a controlled fashion. It also allows private blogging i.e. makes your blog accessible to selected people only (like family and/or friends and/or business associates).
  5. Anonymous WordPress Plugin (Download, Directory): All the WordPress versions 2.3 and above have the feature to get automatic updates for plugins. During this process it will send some of your information like your blog’s URL, version number, list of installed plugins and activated plugins to WordPress.org. This information could be of potential use for hackers. So to avoid this, installing Anonymous WordPress plug-in is a feasible option. It will strip off your blog’s URL and version number and empty the activated plugins list. This plug-in is compatible with WordPress 2.3 and above.
  6. AskApache Password Protect (Download, Directory): It will block the bots and creates a safe wall for any vulnerability your WordPress blog may have. It will protect your password as well as your WordPress directories like the wp admin-directory, wp-includes, wp-content, including plugins. This protects your Admin-panel with a powerful htaccess protection, preventing all spambots and unwanted users to access you site. It provides you complete control over your site from both sides.
  7. Blogsecurify (Download): Forces users to login over a secure communication channel (SSL). This is similar in functionality to Force SSL plugin. As with Force SSL, it requires your server to have SSL enabled which also means it needs a SSL server certificate which doesn’t come cheap and is a recurring expense.
  8. Chap Secure Login (Download): If you are not having a secure connection like SSL to protect your password, then you can use this plug-in for encrypting passwords. It will use the Chap protocol to hide the passwords and transmit it encrypted. The only information that is transmitted unencrypted is your username. Protecting password will give full security because password leaks will enable the hacker the gain full control of your WordPress blog.
  9. Database Backups: There are two that I use with this and I don’t know which I prefer quite yet. WP-DB-Backup (Download, Directory) is a WordPress specific plugin that creates backups of your core WordPress tables as well as other tables of your choice in the same database. The content can be backedup at your HDD, email, domain space. You can restore the entire database with the same greatness if it is accidentally deleted or deleted by other hackers. This is the must have Plugin for your wordpress. Backupify is a social/web 2.0 backup system that can backup Facebook, Twitter, Flickr, Picasa, PhotoBucket, Delicious, Hotmail, Friendfeed, Basecamp, Zoho, Blogger, WordPress, and Google Apps.
  10. Force SSL (Download, Directory): For those will an SSL certificate, this plugin forces an HTTPS connection for security purposes. Force SSL simply redirects requests made via regular old http to requests for trusty new https, the SSL connection (secure connection).
  11. Invisible Defender (Download, Directory): This anti-sypbot plugin protects the registration, login and comment forms from spambots by adding the 2 extra fields that were hidden by CSS (cascading style sheet). This shows the number of blocked spammers in your Dashboard.
  12. Login Encrypt (Download, Directory): This will help encrypt the login information using the complex DES and RSA combination. It uses the JavaScript appended and encrypted the password of the user and generates a unique DES key. And by using this key, user can have secure login each time they login to your blog.
  13. Login Lockdown (Download, Directory): This records the IP address and time-stamp of every failed login. If certain login failure attempts were made from same IP range in certain period of time, it will disable all the requests from that range, which may also include yourself.
  14. Replace WP-Version (Download, Directory, German Homepage): Secure your WordPress installation and eliminate or replace your wp-version and database-version on easy way with a small plugin.
  15. Secure Files (Download): This plugin allows you to upload and download files from outside of your web document root for security purposes. It can be used to can restrict file downloads to users that are logged in, or have a certain user level.
  16. Secure WP (Download, Directory, German Homepage): It will help secure WordPress installation by removing miscellaneous items after the installation process which may aid hackers, such as your login pages, forums, adds index.html to plugin directory, removes wp-version except in admin-panel. Secure WordPress will add a blank index.html to the plug-in directory such that if anyone is trying to view the contents of the directory they will be viewing a blank page instead of the contents.
  17. Semisecure Login (Download, Directory): This increases the security of your WordPress login. This uses client-side MD5 encryption on password when the user log-ins. But many of the users neglect it, if they are using ForceSSL or AdminSSL.
  18. WordPress File Monitor (Download, Directory): Monitors your WordPress installation for editing/adding/deleting files. When a change is detected an email alert can be sent to a specified address. It also has ability to record the time-stamp of one of the above 3 modifications.
  19. wp-dephorm (Download, Directory): wp-dephorm protects your users from the prying eyes of phorm. This is achieved by setting a cookie to opt out of the phorm information mining. Your blog viewers will not have there information stored and used in marketing campaigns whilst viewing your site
  20. WP-Security Scan (Download, Directory): Semper Fi Web Design probably has one of the best security plugins available. Scans your WordPress installation for security vulnerabilities and suggests corrective actions regarding: passwords, file permissions, database security, version hiding, and WordPress admin protection/security.

Now I do not use all of these plugins, or even half of these. However, there are some essential security items that must be addressed. The plugins that I use on every site are: Akismet, WP-DB-Backup (and/or Backupify), Login Lockdown, Secure WordPress (or Secure WP), and CHAP Secure Login or Semisecure Login or Login Encrypt.

There is one more that is in beta and is only by invitation, and that is WP-Security. More information forthcoming.

Revisions

There are no revisions for this post.

Tags:

No comments yet.

Leave a Reply