WordPress is the most popular blogging platform around. It’s powerful and capable of handling almost anything. Unfortunately, there are a lot of people out there who do not make a living out of being honest and ethical. Some won’t hesitate to hack your WordPress website to take advantage of your hard work or to steal your assets. That’s why you should not just install WordPress and forget it. Securing WordPress does take a bit of time, but these 40 WP security plugins (categorized under security measure you should take on your blog) should help you protect your website against hack and spam attacks:
Scan WordPress for Exploits / Security Holes
WordPress is a decent CMS when it comes to security, but it is not perfect. Besides, no matter how good your content management system is, hackers can always find a way to get in. That’s why you should scan your website to find possible vulnerabilities and fix them before it’s too late. These plugins should help:
- AntiVirus: protects your blog against exploits and spam injections. Covers WordPress backdoor attacks as well. It’s available in multiple languages.
- SecurePress Website Security Analyzer: an advanced security solution for WordPress that blocks attacks and alerts you when you are being attacked. It even gives you information about the attacker. This is a premium plugin.
- Ultimate Security Check: scans your blog for hundreds of known threats and lets you know what areas you need to work on. Great way to get started if you have never paid too much attention to your blog’s security.
- WordPress Firewall: an essential WordPress anti-hack plugin that can detect, intercept, and log suspicious-looking parameters. It covers your other plugins too. Can help you prevent SQL injection attacks.
- Maximum Security for WordPress: it scans your WordPress for potential security holes and helps you cover those. It keeps your files and directories safe from wandering eyes.
- WP Security Scan: another essential plugin that scans your website for security holes and suggests corrective actions (including but not limited to your password strength, database security, and file permissions).
- TAC – Theme Authenticity Checker: you do not want to install a theme that has malicious code or major security holes in it. This plugin can help you stay away from those problematic themes.
- Angsuman’s WordPress Guard Plugin: an anti-hack plugin that stops HTTP-based and brute force attacks. It can keep your website from being defaced by hackers.
- WP-Secure Remove WordPress Version: removes your WordPress version information. That does not necessarily protect your website against all attacks. But it does reduces the chances of your site being targeted with version-specific hack attacks.
- WP-MalWatch: it performs a security scan of your WordPress installation nightly and lets you know if it can sense any foul play (e.g. added hidden files, …).
Secure Your WordPress Login
Bruce Force attack is the most basic type of attack on WordPress sites. You should never give hackers the opportunity to play with your login page. That’s why these plugins are so handy:
- Stealth Login: a very useful plugin that creates custom URLs for logging in, logging out, administration and registering for your WordPress blog. It can significantly reduce the number of attacks against your blog.
- Login Lockdown: designed to lock out those who are trying brute force tactics to get into your blog.
- Secure WordPress: takes care of those small little details on your blog (e.g. hiding error messages, securing your plugin directory, hiding your version info).
- One Time Password: pretty self-explanatory. If you are opening up your blog in an unsafe environment, this plugin can help. You are allowed to use your passwords only once.
- Chap Secure Login: transmits your password encrypted, giving your website yet another layer of protection.
- Semisecure Login Reimagined: another powerful anti-hack plugin that uses a combination of public and secret-key encryption to encrypt passwords on the client-side.
- Limit Login Attempts: a no brainer. It limits the number of times people can enter wrong user-name/password combinations on your blog.
Protect your Admin Area
The last thing you want is to allow hackers to reach your admin page and manipulate it in any way. These plugins can help you secure your admin area and keep on top of things:
- Admin SSL: uses private or shared SSL to secure your login page, admin area, posts, pages.
- AskApache Password Protect: it stops automated attacks and newbies in their tracks. It can block spam too. Can protect your files, forbid proxies, and identify bad type of content.
- Admin Log: keeps track of admin pages accessed on your blog. Provides you with additional information such as user and time to help you pin-point your blog’s security break-downs.
- Content Security: helps WordPress admins thwart injection attacks. Lets you define what sites you trust when it comes to serving content on your website.
Install Anti-Spam Plugins for WordPress
Nothing could be more annoying than spam comments. One would wish they were just annoying. But that’s not all. They can harm your website and its credibility if you are not too careful. These plugins can help you deal with spam comments:
- Invisible Defender: adds two extra fields that protect your registration, login and comment forms. Keeps spam-bots at bay.
- NoSpamNX: another anti-spam plugin for your blog that adds hidden fields to your pages, giving bots rope to hang themselves.
- Akismet: needs no introduction. Every WordPress owner needs to have this plugin installed. Don’t forget to pick up your key from WordPress.com.
- SI CAPTCHA for WordPress : another anti-spam plugin adds another layer of security to your blog by making your visitors type the code they see in an image to complete their action.
- AntispamBee for WordPress: catches spam comments on your blog. Does not add any code to your database and lets you block comments or ping-backs from specific countries.
- Comment Timeout: closes comments after a specific period of time defined by you. That will reduce the spam comments you may get on your older blog posts.
Add Authentication to Your Website
If you are planning to implement HTTP or DB authentication on your website, the below items can make the process a whole lot easier:
- HTTP Authentication: a pretty straight-forward plugin that adds authentication to your WordPress portal.
- External DB authentication: a more advanced plugin that lets you use an external database (MySQL, MSSQL, or PostgreSQL) to authenticate into WordPress (especially if you are storing passwords there).
Backup Your WordPress DB
Every WordPress webmaster should take time to backup his/her DB. It’s better to be safe than sorry. These backup plugins help you protect your blog and data against disasters:
- DBC Backup: an easy way to schedule daily database backups for your WordPress website. It’s pretty flexible too.
- BackUpWordPress: makes backup of your tables and files and lets you recover them quickly when facing a disaster.
- Online Backup for WordPress: lets you backup your data online. You can purchase more storage if you are over the limit.
- WordPress EZ Backup Plugin: has a ton of features and enables you to make a backup of every aspect of your website.
- WP-DBManager: if you want to make changes to your database from your website’s back-end, this plugin can be helpful.
Protect Your Information and Privacy
Not every post on your blog needs to be public. Sometimes, you may want to post sensitive information to your blog but want to give access to certain people. These plugins can help you do just that:
- Sentry: lets you add content to your website without it being seen by Google or the world.
- Secure Files: you can use it to restrict file access only to those who have logged on to your website.
- Social Privacy: another handy plugin for those of you who plan to post private information to your website. Restrict access to users that you approve.
Manage Users and Their Roles
Those of you who have a membership site or allow user registrations on your WordPress website should take time to manage your users and protect yourself against hack attacks. The below solutions can help you achieve that:
- WP-Ban: if you are having issues with a visitor or just want to ban an IP, this plugin has you covered.
- User Locker: locks the accounts of users who fail to enter the right credentials more than a specific number of times.
- Role Scoper: designed for those who are using WordPress to manage a content portal. Lets you modify user permissions and define roles for your members.
At the end of the day, you do not want to take any chances with your WordPress website. While it’s impossible to stop all hack attacks, the above plugins do make life much more difficult for spammers, hackers, and content thieves.
What security WordPress plugins are you using to protect your website?