Total Followers 132,503
WordPress is the most popular blogging platform today. It’s being used by thousands of people all around the world. But because of the popularity, it’s getting more attention by hackers and spammers too. WordPress is very secure by itself, but there’s never too much ascertainable.
For simple users,who don’t code a lot, plugins is the best way to secure your blog. They’re free, easily usable and safe. This post assembles 35 best plugins to make your blog bulletproof. They’re each devised for different purposes, so you will get the best protection from each field.
Semisecure Login Reimagined increases the security of the login process by using a combination of public and secret-key encryption to encrypt the password on the client-side when a user logs in. JavaScript is required to enable encryption. It is most useful for situations where SSL is not available, but the administrator wishes to have some additional security measures in place without sacrificing convenience.
This plugin allows you to create custom URLs for logging in, logging out, administration and registering for your WordPress blog. Instead of advertising your login URL on your homepage, you can create a URL of your choice that can be easier to remember than wp-login.php, for example you could set your login URL to http://www.myblog.com/login for an easy way to login to your website.
Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.
Whenever you try to login into your website, you can use this plugin to transmit your password encrypted. The encryption process is done by the Chap protocol. By activating the Chap Secure Login plugin, the only information transmitted unencrypted is the username, password is hidden with a random number (nonce) generated by the session – and opportunely transformed by the MD5 algorithm. In the first login there will be an error, but don’t worry is only a technical error. Indeed in the next login’s operation, if the values are correct, there will not be errors.
Admin SSL secures login page, admin area, posts, pages – whatever you want – using Private or Shared SSL. Once you have activated the plugin, you have to go to the Admin SSL config page to enable SSL.
WP-DB-Backup allows you easily to back up your core WordPress database tables. You may also backup other tables in the same database.
This plugin creates SQL dumps of your WordPress database. It is based on the WordPress Database Backup plugin (http://www.ilfilosofo.com/blog/wp-db-backup) – but it removes some of the security restrictions in the plugin to enable automated remote backups. You still need the admin user name and password to do a remote backup.
This plugin allows you to optimize database, repair database, backup database, restore database, delete backup database , drop/empty tables and run selected queries. It supports automatic scheduling of backing up and optimizing of database.
BackUpWordPress is a backup & recovery suite for your WordPress website. This plugin allows you to back up database tables as well as files and comes with a rich set of options.
EZ Backup has been turned into a simple one click operation. Click the button and watch your files and database backup be created. You can create a backup of all your webspace files or backup just your wp-content folder all from this one plugin. Unlike the Full EZ Backup plugin this one does not require any special information such as usernames or passwords etc. This plugin costs $5.
This plugin allows you to back up, restore, migrate your WordPress installation, both files and mySQL tables with a single click. When performing a backup, myEASYbackup creates a compressed data set file that can be stored outside the WordPress installation directory. A list of all data sets on the server is also logged in the admin area.
AntispamBee protects blogs from digital rubbish. It is made up of sophisticated techniques and analyzes comments including pings. Also, for reasons of data privacy, the use of AntispamBee is a safe solution, as it is anonymous and registration-free.
NoSpamNX is the successor of Yawasp (Yet Another WordPress antispam plugin) and is a plugin to protect against automated comment spam (spambots). While Yawasp changed the names of the form fields in the comment template, NoSpamNX works without these modifications, but is equally effective. By eliminating the need for modifications the form field need maximum compatibility with other WordPress plugins or browser is ensured.
Automattic Kismet (Akismet for short) is a collaborative effort to make comment and trackback spam a non-issue and restore innocence to blogging, so you never have to worry about spam again.
Asks the visitor making the comment to answer a simple math question. This is intended to prove that the visitor is a human being and not a spam robot. Example of such question: What is the sum of 2 and 9?
Defensio is an advanced spam filtering web service that learns and adapts to your behaviors and those of your readers. Advanced features such as support for OpenID, detailed statistics, charts, RSS feed of our comments (innocent and spam) and counter widget are also available.
Adds CAPTCHA anti-spam methods to WordPress on the comment form, registration form, login, or all. In order to post comments or register, users will have to type in the code shown on the image. This prevents spam from automated bots. Adds security. Works great with Akismet. Also is fully WP, WPMU, and BuddyPress compatible.
reCAPTCHA is an anti-spam method originating from Carnegie Mellon University which uses CAPTCHAs in a genius way. Instead of randomly generating useless characters which users grow tired of continuously typing in, risking the possibility that spammers will eventually write sophisticated spam bots which use OCR libraries to read the characters, reCAPTCHA uses a different approach.
Blackhole is a trap for bad bots. The concept is simple: include a hidden link to a robots.txt-forbidden directory somewhere on your pages. Bots that ignore or disobey your robots rules will crawl the link and fall into the trap, which then performs a WHOIS Lookup and records the event in the blackhole data file. Once added to the blacklist data file, bad bots immediately are denied access to your site.
This plugin protects registration, login and comment forms from spambots by adding two extra fields hidden by CSS. This approach gave me 100% anti-spam protection on one of my sites.
Little help to secure your WordPress installation. This plugin removes error information on login page, adds index.html to plugin directory, removes the wp-version, except in admin area.
This plugin will scan your WordPress installation for security vulnerabilities and it will suggest some corrective actions.
This plugin doesn’t control WordPress or mess with your database, instead it utilizes fast, tried-and-true built-in Security features to add multiple layers of security to your blog. This plugin is specifically designed and regularly updated specifically to stop automated and unskilled attackers attempts to exploit vulnerabilities on your blog resulting in a hacked site.
TAC stands for Theme Authenticity Checker. Currently, TAC searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code. As of v1.3 TAC also searches for and displays static links.
The HTTP Authentication plugin allows you to use existing means of authenticating people to WordPress. This includes Apache’s basic HTTP authentication module and many others.
Viruses, worms and malware exist for WordPress and could easily attack your WordPress installation. AntiVirus for WordPress monitors malicious injections and warns you of any possible attacks. It also has multilingual support.
This plugin allows you to upload and download files from outside of your web document root for security purposes. It can be used to can restrict file downloads to users that are logged in, or have a certain user level.
Security your WordPress-Installation and eliminate or replace your wp-version and database-version on easy way with a small plugin. If you’re running an older version of WordPress, anyone can view source to see what attacks might work against your blog. This plugin replaces the WP-version with a random string < WP 2.4 and eliminate WP-version > WP 2.4.
WP Email Guard protects your email addresses included on any post or page from being crawled by spammers. It converts every email written within your post body into a JavaScript code, so the emails is readable and can be clicked by humans only. Spammers can’t crawl JavaScript.
Monitors your WordPress installation for added/deleted/changed files. When a change is detected an email alert can be sent to a specified address.
WP-Dephorm protects your users from the prying eyes of phorm. This is achieved by setting a cookie to opt out of the phorm information mining. Your blog viewers will not have their information stored and used in marketing campaigns whilst viewing your site.
This WordPress plugin investigates web requests with simple WordPress-specific heuristics to identify and stop most obvious attacks. There exist a few powerful generic modules that do this; but they’re not always installed on web servers, and difficult to configure.
SecureContact is a drop in form for users to contact you, based on the WP Contact Form plugin by Ryan Duff. It offers enhanced security by using captcha images.
Fast and secure contact form for WordPress. This contact form lets your visitors send you a quick E-mail message. Blocks all common spammer tactics. Spam is no longer a problem. Includes a CAPTCHA and Akismet support. Additionally, the plugin has a multi-form feature, optional extra fields, and an option to redirect visitors to any URL after the message is sent. Super customizable.
The Ultimate Security Check plugin helps you identify security problems with your WordPress installation. It scans your blog for hundreds of known threats, then give you a security “grade” based on how well you have protected yourself.
Content Security Policy prevents content injection attacks by allowing admins to specify which sites they trust to serve JavaScript and other types of content in their site. Any content which is not explicitly allowed by the policy will be blocked from loading.
Get The Only Freelancer crash course you will ever need to read!
chilling, living, dreaming. you can check out my blog, find me on flickr and follow me on twitter.
Sunday, August 7th, 2011 21:23
what an amazing article great work keep it up!!!!!!!!!!!!!!!!!!!!!!!
Tuesday, June 28th, 2011 12:45
From long time i was searching for Good security plugins and i found here best. I m trying to apply some plugins from this awesome list and hope i make my blog more secure. Thanks for publish this valuable list. It will help new bloggers for create secure environment for WordPress :-)
Friday, June 17th, 2011 13:00
Do you mind if I quote a couple of your posts as long as I provide credit and sources back to your site? My blog is in the very same area of interest as yours and my visitors would certainly benefit from some of the information you present here. Please let me know if this alright with you. Appreciate it!
Monday, May 2nd, 2011 20:41
haa!!some new stuff about wordpress security i would like to try few…thanx for sharing your knowledge
Thursday, April 21st, 2011 02:00
Nice list!
There’s also BadPass-WP which warns WordPress users if they are using one of over 500 commonly used (and hence very weak) passwords.
Friday, August 20th, 2010 12:41
Nice list of Security Plugins
thanks
Thursday, August 12th, 2010 22:42
Good list. BackWPup is by far the best backup plugin. I actually tried about 6 last night to find the best. It lets me set up multiple automatic backup jobs and database optimization. Wicked awesome.
Saturday, July 31st, 2010 19:13
Nice Collection….
Friday, July 30th, 2010 20:37
Thanks for sharing these plugins. I got security plugins . But you can never be to safe. I will have to look into these more.
Friday, July 30th, 2010 18:56
Great article and well written.
I would like to also talk to you about another plugin I use to avoid spam in comments. This is called “WP Captcha Free” and works without Captacha, only based on some algorithms. Since I use it, I don’t get any spam anymore but still comments from real users.
-Olivier
Friday, July 30th, 2010 12:35
@Tony: Wp Spam Free is only available via the author’s website. For some reason WordPress took them off the repository and they aren’t saying why. Anyway I still use it on my site as it works pretty well and comes with an easy contact form.
@Daniels: This is one hell of a list. I’ll be checking out Stealth Login. I hope it works well with Login Lockdown. I’ve also been looking for a way to backup my wordpress installation and Backup WordPress and My Ez Backup would come in handy. Here’s hoping that they all work without a hitch ;)
Friday, July 30th, 2010 09:23
Great list. I’ll keep this in my bookmarks. Comment spam always seems to be an issue.
Thursday, July 29th, 2010 21:33
I’m not a wordpress user but it seems to me if you need 35 plugins to make your site secure, you’re using the wrong CMS. Why aren’t these built into WP?
Friday, July 30th, 2010 10:52
You don’t actually need all 35. You can do just fine with 2 or 3. This article gives you the chance to contemplate and pick the best ones for you.
Thursday, July 29th, 2010 18:31
Great article!
Some other excellent security plugins or services for WordPress include:
BlogWatch – http://blogsecurity.net/wordpress/blogwatch/blogwatch
It tells you what vulnerabilities exist in your current version of WordPress and the severity of them, plus whether or not to upgrade.
SABRE – This keeps the spambots from registering as users on your blog and spamming the heck out of your comments section. I wrote up a review of it on my blog here:
Thursday, July 29th, 2010 16:58
Great post.
Bad-Behavior plugin should be added to this list. It is an excellent gatekeeper plugin that stops link spam, bad bots, and DOS attacks before they get to your site.
Thursday, July 29th, 2010 22:16
Stealth Login looks awesome but unfortunately it doesn’t work with WP 3.0
Thursday, July 29th, 2010 15:29
This is a great list. I’m personally not a fan of using Captcha (I think it strongly discourages commenting), but the DB backup utilities are extremely useful. I actually automate my database backups using WP-DB-Backup. Never have to worry about it.
There’s still a number of plugins here that I’ll have to consider including on my installations.
Thursday, July 29th, 2010 15:28
Hi Daniels,
Nice list of security plugins, enjoying your various post on 1stWD recently on my friend website got hacked with some javascript injection, i think antivirus & Content Security Policy plugin will help me to make my blog more secure from such attacks & even will recommend my friend the same.
Thanks
Thursday, July 29th, 2010 15:56
Best list ive seen for security on wordpress. I have a few of them but you have a good few I am considering using.
Thanks
Thursday, July 29th, 2010 09:48
Thanks for sharing! I definitely have to check them out!
Thursday, July 29th, 2010 08:23
I say thanks for author, there is many useful plugins which I have used before and I am using now. They really help to protect your blog. Thanks once more
Wednesday, July 28th, 2010 23:32
Daniels
Nice list of security plugins for WP
I use Login LockDown in my site
Thank you for putting in the work of collecting and summarizing all of these security plugins.
Get The Only Freelancer crash course you will ever need!
If not, then it's time to learn how to:
You can trust 1stWebDesigner to help you become a better web designer!
- Jacob Cass | Just Creative
Just enter your name and email below and click Get Updates!
Charlie
Thursday, July 29th, 2010 22:16
Stealth Login looks awesome but unfortunately it doesn’t work with WP 3.0
Helene D.
Thursday, July 29th, 2010 16:58
Great post.
Bad-Behavior plugin should be added to this list. It is an excellent gatekeeper plugin that stops link spam, bad bots, and DOS attacks before they get to your site.
Annabell Fuleki
Friday, June 17th, 2011 13:00
Do you mind if I quote a couple of your posts as long as I provide credit and sources back to your site? My blog is in the very same area of interest as yours and my visitors would certainly benefit from some of the information you present here. Please let me know if this alright with you. Appreciate it!
Rean John Uehara
Friday, June 17th, 2011 13:04
I believe that is absolutely fine. :)
Toby
Wednesday, February 15th, 2012 22:29
Great info on WordPress security. Always make a backup of your site BEFORE you add security, as sometimes you can shut yourself out! Been there!
Edossa Kenea
Monday, February 13th, 2012 23:28
my electronic storage of my electronics documant and protect me. It has use me to avoid exost my secrate by other or others.
Rahasia
Saturday, February 11th, 2012 14:00
Hi, thank u for this useful security information.. :)
I will try the security plugin you explain in the article.. fast and secure contact form is great plugin!! :)
Karl
Wednesday, February 8th, 2012 15:41
Greetings. We are pleased to announce the release of wSecure. wSecure hides your WordPress admin URL with a special key so that only you can access. The problem with WordPress is that anyone can tell if your site is WordPress by simply typing in the default URL to the administration area (i.e. http://www.yoursite.com/wp-admin). wSecure helps you hide the fact that your website is built with Worpdress from prying eyes.
Arsh
Saturday, March 10th, 2012 16:07
Nice post searching for security plugins and got bulk out here need not to look any other website
rafi
Monday, April 9th, 2012 00:33
wonderful security plugins
Anders Vinther
Wednesday, May 16th, 2012 12:16
This is a great list of things to do to secure your WordPress site…
I recently had some security problems with my WordPress sites, and ended up doing a lot of research into securing WordPress sites…
Elizabeth Ricci
Wednesday, April 18th, 2012 16:38
Great article about protecting your WordPress site, we have written something similar to this on our blog. http://www.lucidagency.com/wordpress/quick-guide-to-securing-wordpress-from-malware-and-hacking/
Dainis Graveris
Thursday, April 19th, 2012 08:22
Really good post Elizabeth, let me check and try those snippets myself.
Hariharakumar
Wednesday, April 11th, 2012 18:13
are there any server space monitoring wordpress plugins? my server used space is increasing day by day. i was only installing plugins and nothing.
Tren
Wednesday, February 8th, 2012 08:01
Great Plugin..
Plugin Secure WordPress is best.. ;)
thank’s..
mohammad
Wednesday, February 8th, 2012 07:37
an awesome plugin are you given for us
thanks a lot brother
cheers ;)
Alan
Thursday, September 22nd, 2011 10:54
can u suggest a plugin where i can block an IP basis the no of clicks or time spent on the site. so if an ip comes to the site and does x number of clicks in a given time frame then it will be blocked automatically.
Adam Haworth
Saturday, August 27th, 2011 12:17
Great plug-ins I have been looking for some security plug-ins for my site for a while, and didn’t want to install SSL.
Irfan Shakeel
Sunday, August 7th, 2011 21:23
what an amazing article great work keep it up!!!!!!!!!!!!!!!!!!!!!!!
Sandeep Yadav
Tuesday, June 28th, 2011 12:45
From long time i was searching for Good security plugins and i found here best. I m trying to apply some plugins from this awesome list and hope i make my blog more secure. Thanks for publish this valuable list. It will help new bloggers for create secure environment for WordPress :-)
Damanjit Singh
Saturday, October 8th, 2011 19:25
Very nice collection of wordpress plugins.
Pulkit Kaushik
Wednesday, October 12th, 2011 01:45
Fantastic list! I’ve taken about 7 plugins from here. Wonder why this list hasn’t gone viral.
Kiran Singh
Friday, January 13th, 2012 05:12
Great list of plugin! I am going to install right away.
Many Thanks,
Kiran
Marc Connor
Thursday, December 22nd, 2011 11:13
Powerful list Daniels. I’ve already installed and activated a couple, the rest I’ll do later on today.
BTW, please note that the ” Stealth Login” plugin is no longer in existence. Either find a replacement one or make a note that it’s no longer there.
Keep up the great work.
Mike
Saturday, December 17th, 2011 16:40
May I recommend WordPress HTTPS? http://wordpress.org/extend/plugins/wordpress-https/ :)
Fred
Friday, October 14th, 2011 08:40
Wow, you saved me a lot of time and research on this subject. I have implemented quite a few of these plugins especially the ones that protect your login.
Also I wanted to mention, 1 that I found yesterday and offers a lot of options and features. It is called WebsiteDefender WordPress Security. It helped me to fix some vulnerabilites on my blog.
Hazel
Wednesday, November 30th, 2011 04:16
Great list! I’m interested in the Stealth Login plugin but the link above does not work.