Even though WordPress is pretty secure already, hackers are still attracted to blogs, as they are to anything else that can be hacked. Here are some WordPress plugins that will keep your WordPress blog secure, even though it won’t make your blog bullet-proof, they are just good to have.
After I had installed all the plugins below, I couldn’t log in through FTP, or even install plugins through being logged into my WordPress blog and using the “Plugin’s – Add New” feature, where you don’t need to drag and drop the files through FTP into your WordPress blog files in the first place.
Remember when you install any of them, write down a list of them or keep this article book marked so you can disable them when you are doing work on your WordPress blog, since if you have them enabled while your doing work the plugins may prevent you from doing what you want to do. In the image below you will see what you have to do in order to disable a mass amount of plugins, in bulk basically. Then when you install which ever plugin you just need to go to the “Inactive” section there and reactivate them all. You will also need to do this when updating your current plugins. But I’m telling you, it’s worth it… theres nothing like tight security on your WordPress blog.
Let me know in the comments if I made any mistakes in this post. Please note that all the plugins are not in order from “best to worst” or “worst to best”, it’s just a simple list of all the best security plugins for WordPress. I use them all of course, and I have no reports of any conflictions with the latest version of WordPress. I just could not find Blackhole in the WordPress Plugins directory, but you can still probably find it out there somewhere so you could maybe upload it through FTP, it sounds like a cool plugin anyways.
As you can see in the image above,
Starting off with the top plugins, to the less good but still useful security plugins, you will see it all below…
1) Secure WordPress
This plugin is pretty much “very essential” for all blogs, since you can get the plugin for free without paying anything, as you can do with almost anything to do with WordPress and it’s plugins. You don’t need to configure it either, you just install it. Here are the benefits of this plugin:
-It throws out any erroneous information from your login page.
-It removes the plugin-update, theme-update and also core update details for anyone who is not an admin.
-It includes index.php (a blank file that is added to the plug-in directory), so if anyone attempts to reach out to the contents of your blog, they will be taken to a completely blank page.
This is a trap for “bad bots”. The bots are actually software applications that are designed to run tasks that are automated over the internet. The basic idea is in it’s workflow, the purpose is based on a very simple idea:
The owner has to add an invisible link inside a file called “robots.txt” (which is a forbidden directory” which is somewhere in the pages. Alot of the nasty bots who don’t follow the rules of the blog will be crawling to that link that is invisible and will fall into the trap, like hanging a paper bag outside your house to act as a bees nest. Then, Blackhole will do a WHOIS Look-up and will register the even into the blackhole data file. Just after the addition to that blacklist file, bad bots are then immediately denied any kind of access to that website.
3) Exploit Scanner
This plugin here seeks any suspicious information by looking through your website, and within the posts and comment tables of your database, neat eh?. Though the plugin can also raise many “false” flags, apparently. Of course I have installed it on my blog and it works fine.
4) BulletProof Security
This plugin apparently secures your ‘wp-admin’ folder and also Root website folder with one click. It also offers security directly against all Base64, CSRF, XSS, RFI, SQL Injection and Code Injection hacking attempts. One last useful feature for maintenance that is also included is to allow developers to put up a “503 under construction” page during the time that the site-owner is working on their blog or website.
5) WordPress Firewall 2
In using WordPress Firewall 2, you will need to know that it will be automatically blocking most common attempts of hacking that hackers try to achieve. This plugin requires no configuration, and it’s settings simply do not need to be configured.
6) WordPress File Monitor Plus
The specific job that this job has is to notify the owner about any sort of changes that are made to the files on his or her site. It is also a big help in recognizing and removing any infected code on your site as well.
7) AskApache Password Protect
This plugin is specifically coded to fend off any brute-force attempts in accessing your administration page. The bots are programmed to make attempts repeatedly in a rapid “succession” to guess the password to your blog. A second layer of protection is added by this plugin for the password log-in process, so that these attempts never continue to keep rolling. It also gives protection to all of your database folders as well, not just the wp-admin folder.
You need at least WordPress 2.6 or higher to run this plugin, and AskApache Password Protect is updated quite regularly.
8) Antivirus for WordPress
Nowadays, anything that is a computer is threatened by a virus of some sort. Even smartphones have viruses now, well mostly Android phones since they are the most used operating system of all Smartphones. The biggest fish always get caught first and reeled in by the predators. WordPress is the most used blogging platform out there, and even Microsoft has even dumped the Windows Live blogging platform for WordPress into the Windows OS. So AntiVirus for WordPress comes with an apt solution for the purpose it’s title gives. It monitors malicious injections and will also warn you of any possible attacks coming your way. It also includes multilingual support. This plugin is also very easy to use and will block any content that malicious, spammy, a virus, malware, worms and also links. After enlisting all of the blocks that are made automatically, it will send an email to the predefined address with all of the attempts of this intrusion that were blocked and the white-listed IP addresses as well.
9) WP Security Scan
This is a very handy plugin to have installed, which should be used regularly by most WordPress bloggers. This plugin has the ability to remove every security loophole in just a few seconds. A list of vulnerabilities that are possible to be used on any blog is prepared to be detected in the code of this plugin, such as any file passwords or permissions. It also offers more suggestions on actions that are corrective on how to deal with them yourself if the plugin can’t deal with them.
10) Defensio Anti-Spam
This plugin requires you to register for an API key just like Akismet. Defensio’s “Anti-Spam” plugin is actually one of the best and most advanced spam filtering plugins out there apparently too, which takes your own and your own blog’s readers own behaviors into deep analysis. It’s included with many features that are advanced just like OpenID support, statistics that are elaborated, charts, RSS feeds of the comments as well on your blog (either innocent or spam-generated) and it also includes a counter widget.
NoSpamNX is a plugin that directly adds some form-fields to the comment form of your blog’s posts. They are actually not visible to any human users, apparently. If a spambot fills out the invisible fields blindly (which they usually do with any sort of form field), the comment is then not saved at all!. The owner then can decide if he wants to block the specific spambot or mark it as spam.
This is a plugin I use quite a bit. Why is that?, well because you can easily schedule your backups, and you can save them in XML format (which is the specific format I love). It also backs up:
- Database Backup
- WordPress XML Export
- Optimize Database
- Check\Repair Database
- File Backup
- Backups in zip, tar, tar.gz, tar.bz2 format
- Store backup to Folder
- Store backup to FTP Server
- Store backup to Amazon S3
- Store backup to Google Storage
- Store backup to Microsoft Azure (Blob)
- Store backup to RackSpaceCloud
- Store backup to Dropbox
- Store backup to SugarSync
- Send Log/Backup by Email
- Multisite Support only as Network Admin
Backing up to Dropbox is probably the best feature if you have a small site, and already have a Dropbox account (it’s a cloud storage service).
13) Limit Login Attempts
That’s right, this plugin does what WordPress doesn’t do already when you login to it. So it’s only something that is nice to have, giving you an extra layer of protection to logging into your WordPress blog. Last thing to mention is that Limit Login Attempts actually blocks an Internet address from making any further attempts just after a specific limit of attempts on retries that is reached, meaning a brute-force attack would be very difficult or even impossible.
14) Better WordPress Security
This is one of the highest rated WordPress Security programs out there, according to WordPress.org. I searched “Security” in the search page and went to page 2 and found it. So apparently, WordPress security features and also techniques combine all into one simple plugin that as many security holes as possible are patched without the administrator having to worry about any features conflicting at all, or also the possibility of missing anything on their blogs. All you do is activate this baby and it’s ready to go.
15) Block Top Spammers
This plugin is apparently one that “hasn’t been upgraded for over 2 years”. But for as long as it still is running, I’ll be using it I guess. (Let me know in the comments if you found a plugin just like this one that is updated more frequently). Anyways, one day I had one spammer trying to spam some viagra crap in the comments of a few posts. It was all coming from the same IP, so I installed this plugin and that ended that spam attempt, so to celebrate I decided to eat some Spam.