If you are a webmaster and manage all your website stuff through WordPress, then you might know that making your WordPress secure is very important. WordPress could be accessed by the authors who write articles for the website or the editors who monitor the content on the website. The administrator is the main person who accesses the website’s content management system. Now, it becomes very important that whoever accesses the WordPress is a genuine person and the person should be someone trustworthy. It is a well known fact that WordPress is a platform which is secure by itself and applying water-tight security isn’t needed though. But to be totally dependent on the WordPress’ innate quality could be dangerous sometimes as there are many spammers and hackers out there who are waiting for just one opportunity or just a chink in the armor to cash upon that chance.
Security Plugins are very important for securing your WordPress. Security Plugins are used by those who don’t have a great deal of coding knowledge. There are many different security Plugins available which can be used to secure your WordPress. The good thing is that they are very easy to apply. You can choose any one of them according to the level of security you desire.
You may also like
I hope you will like this article and please do post your comments.
Secure Login Area
Semisecure Login Reimagined
Semisecure Login Reimagined increases the security of the login process by using a combination of public and secret-key encryption to encrypt the password on the client-side when a user logs in. JavaScript is required to enable encryption. It is most useful for situations where SSL is not available, but the administrator wishes to have some additional security measures in place without sacrificing convenience.
Stealth Login
This plugin allows you to create custom URLs for logging in, logging out, administration and registering for your WordPress blog. Instead of advertising your login url on your homepage, you can create a url of your choice that can be easier to remember than wp-login.php, for example you could set your login url to http://www.myblog.com/login for an easy way to login to your website.
Login LockDown
Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Admisitrators can release locked out IP ranges manually from the panel.
Chap Secure Login
Whenever you try to login into your website, you can use this plugin to trasmit your password encrypted. The encryption process is done by the Chap protocol; this is particularly useful when you can’t use ssl or other kinds of secure protocols. By activating the ChapSecureLogin plugin, the only information transmitted unencrypted is the username; password is hided with a random number (nonce) generated by the session – and opportunely transformed by the MD5 algorithm.
Admin Area
Admin SSL
Admin SSL secures login page, admin area, posts, pages – whatever you want – using Private SSL. Once you have activated the plugin please go to the Admin SSL config page to enable SSL, and read the installation instructions.
Database
WP-DB-Backup
WP-DB-Backup allows you easily to backup your core WordPress database tables. You may also backup other tables in the same database.
Remote Database Backup
This plugin creates SQL dumps of your wordpress database. It is based on the WordPress Database Backup plugin(http://www.ilfilosofo.com/blog/wp-db-backup) – but it removes some of the security restrictions in the plugin to enable automated remote backups. You still need the admin user name and password to do a remote backup.
WP-DB Manager
Allows you to optimize database, repair database, backup database, restore database, delete backup database , drop/empty tables and run selected queries. Supports automatic scheduling of backing up, optimizing and repairing of database.
BackUpWordPress
BackUpWordPress will back up your entire site including your database and all your files once every day. It has several advanced options for power users.
myEASYbackup
Backup, restore, migrate your WordPress installation, both code and MySQL tables, with a single click.
WordPress 1 Click EZ Backup
button & watch your Files and Database backup be created. You can Create a backup of ALL your webspace files (wp-root dir) OR backup just your wp-content folder all from this one plugin. Unlike the Full EZ Backup plugin this one does not require any special information such as usernames or passwords etc..
Spam
Antispam Bee
Protects your blog from spam by replacing the comment field. It’s easy to use and extremely effective. Really!
NoSpamNX
There have been many new good ideas of fighting automated Spam in WordPress. Most of these Plugins (like the antecessor of NoSpamNX: Yawasp) change the name of one (or more) of your comment field. On the one hand, this is indeed more effective, but on the other hand, this goes to the expense of compatibility. Therefore, NoSpamNX does not change any of your comment fields, but still claims to be very effective.
Akismet
Akismet filters out your comment and track-back spam for you, so you can focus on more important things.
Math Comment Spam Protection
Math Comment Spam Protection asks the visitor making the comment to answer a simple math question. This is intended to prove that the visitor is a human being and not a spam robot.
Defensio Anti-Spam
Defensio is an advanced spam filtering web service that learns and adapts to your behaviors and those of your users. In addition to simple spam filtering, we also provide world-class malicious content detection, profanity filtering, URL categorization, script detection and much more.
SI CAPTCHA Anti-Spam
Adds CAPTCHA anti-spam methods to WordPress forms for comments, registration, lost password, login, or all. In order to post comments or register, users will have to type in the code shown on the image. This prevents spam from automated bots. Adds security. Works great with Akismet. Also is fully WP, WPMU, and BuddyPress compatible.
reCAPTCHA
reCAPTCHA is an anti-spam method originating from Carnegie Mellon University, then acquired by Google which uses CAPTCHAs in a genius way. Instead of randomly generating useless characters which users grow tired of continuosly typing in, risking the possibility that spammers will eventually write sophisticated spam bots which use OCR libraries to read the characters, reCAPTCHA uses a different approach.
Other
Secure WordPress
Secure WordPress beefs up the security of your WordPress installation by removing error information on login pages, adds index.html to plugin directories, hides the WordPress version and much more.
WP Security Scan
WP Security Scan checks your WordPress website/blog for security vulnerabilities and suggests corrective actions such as:
AskApache Password Protect
This plugin doesn’t control WordPress or mess with your database, instead it utilizes fast, tried-and-true built-in Security features to add multiple layers of security to your blog. This plugin is specifically designed and regularly updated specifically to stop automated and unskilled attackers attempts to exploit vulnerabilities on your blog resulting in a hacked site.
TAC (Theme Authenticity Checker)
TAC stands for Theme Authenticity Checker. Currently, TAC searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code. As of v1.3 TAC also searches for and displays static links.
AntiVirus
AntiVirus for WordPress is a smart and effective solution to protect your blog against exploits and spam injections. Malware protection for your blog.
WordPress File Monitor
Monitors your WordPress installation for added/deleted/changed files. When a change is detected an email alert can be sent to a specified address.
WordPress Firewall
This WordPress plugin investigates web requests with simple WordPress-specific heuristics to identify and stop most obvious attacks. There exist a few powerful generic modules that do this; but they’re not always installed on web servers, and difficult to configure.
Fast and Secure Contact Form
This plugin allows a webmaster to easily create and add contact forms to WordPress. The contact form will let the user send emails to a site’s admin. An administration panel is present, where the webmaster can create and preview unlimited forms.
Content Security Policy
Content Security Policy prevents content injection attacks by allowing admins to specify which sites they trust to serve JavaScript and other types of content in their site. Any content which is not explicitly allowed by the policy will be blocked from loading.
Ultimate Security Check
Plugins can extend WordPress to do almost anything you can imagine. In the directory you can find, download, rate, and comment on all the best plugins the WordPress community has to offer.
Secure Contact
SecureContact is a drop in form for users to contact you, based on the WP Contact Form plugin by Ryan Duff. It offers enhaced security by using captcha images.
WP Dephorm
wp-dephorm protects your users from the prying eyes of phorm. This is achieved by setting a cookie to opt out of the phorm information mining. Your blog viewers will not have their information stored and used in marketing campaigns whilst viewing your site. The idea is based upon a system devised by https://www.dephormation.org.uk/
WP Email Guard
WP Email Guard protects your email addresses included on any post or page from being crawled by spammers.
Replace WP-Version
Security your WordPress-Installation and eliminate or replace your wp-version and database-version on easy way with a small plugin, also on Feed and style- and script-urls.
Secure Files
This plugin allows you to upload and download files from outside of your web document root for security purposes. It can be used to can restrict file downloads to users that are logged in, or have a certain user level. [Manage -> Secure Files]
HTTP Authentication
The HTTP Authentication plugin allows you to use existing means of authenticating people to WordPress. This includes Apache’s basic HTTP authentication module, Shibboleth, and many others.
