Browse > Home / Features, WordPress, Wordpress SEO / Wordpress Security Plugins

Wordpress Security Plugins

April 23, 2009

VN:F [1.9.3_1094]
Take a moment to Rate and Review this article:
Rating: 0.0/10 (0 votes cast)

When you use Word­press for a cor­po­rate or busi­ness web­site, secu­rity always comes up as an issue and for good rea­son. In what has turned into an ongo­ing series on Word­press Secu­rity I’m going to review a few very use­ful plu­g­ins which will add an addi­tional layer of secu­rity to your Word­press or Word­press MU site.

In addi­tion to this arti­cle, you might find the two other posts in this series useful:

Block­ing Spam with Wordpress

Recov­er­ing from a Word­press Injec­tion (You are labeled an Attack Site)

So here is the added list of extremely use­ful Word­press plu­g­ins, all of them work well with both Word­press and Word­press MU (on my sites at least):

  1. http://wordpress.org/extend/plugins/restrict-login-by-ip/ — Restricts Word­press admin login by IP address. This is extremely use­ful since you will likely not want just any­one hav­ing access to the authen­ti­ca­tion login.
  2. http://wordpress.org/extend/plugins/limit-login-attempts/ — limit login attempts and records IP address.‘Nuff said.
  3. http://wordpress.org/extend/plugins/wordpress-file-monitor/ — mon­i­tors WP file changes and noti­fies by email upon a change.
  4. http://wordpress.org/extend/plugins/wp-security-scan/ - scans the server for known secu­rity issues — this is a def­i­nite old standby and should be added to your Word­press site
  5. http://wordpress.org/extend/plugins/invisible-defender/ — pro­vides pro­tec­tion against SpamBots
  6. http://wordpress.org/extend/plugins/audit-trail/ — tracks changes to the site by user. I find this to be less of a secu­rity issue but it is extremely use­ful if you’ve got numer­ous authors on your blog. At the very least you know who to smack around if they make changes to your site. :)

Now keep in mind that these will not ensure that you will never have a secu­rity issue on your blog or web­site. But as the say­ing goes an ounce of pre­ven­tion is worth a pound of cure (Ben­jamin Franklin was a pretty smart guy so I’m going with it).

I hope you’ve found these plu­g­ins use­ful. Let me know if you’ve got any addi­tional plu­g­ins or tech­niques you use to secure your sites and ensure smooth sailing!

Cheers,

Dan Nedelko

Reblog this post [with Zemanta]
VN:F [1.9.3_1094]
Rat­ing: 0 (from 0 votes)

Related posts:

  1. Block­ing Spam with Wordpress
  2. Word­press Injec­tion Attack

Written by Dan Nedelko · Filed Under Features, WordPress, Wordpress SEO 

Comments

11 Responses to “Wordpress Security Plugins”

  1. Watch Out for Recent WordPress Gumblar Exploit | GROWMAP.COM on May 12th, 2009 10:45 am

    […] Nedelko Word­Press Secu­rity Plu­g­ins (Apr 23, […]

  2. Felix on November 9th, 2009 5:40 am

    Great points here and also don’t for­get to upgrade to the lat­est ver­sion of Word­press. Usu­ally exploits or mal­ware injec­tions hap­pen to some secu­rity hole left unguarded by WP.

  3. Wordpress Fan on December 15th, 2009 2:45 pm

    Another great secu­rity sug­ges­tion that I fol­low is to try and remove any ref­er­ence to Word­press on your pages, in your code, and in urls. Of course some­one who knows what they are look­ing for will be able to tell if it is a Word­press blog or not, but they will have to make a lit­tle extra effort to fig­ure it out.

  4. Dan Nedelko on December 16th, 2009 7:07 pm

    I totally agree with that one. It def­i­nitely would cut out a good num­ber of scripts and injec­tion attacks that aren’t sophisticated.

  5. Dr Laraine on December 18th, 2009 11:50 am

    Thanks, Dan, for these secu­rity sug­ges­tions. We will be installing some of these plugins!

  6. Dan Nedelko on December 18th, 2009 11:56 am

    @Dr Laraine — any­time I hope these help you out. Let me know how they work for you. Some have likely been updated, I’m think­ing this post might also need a refresh since it seems pretty popular.

  7. AngLoloMo on February 9th, 2010 10:37 am

    Yeah! My site was attack late good thing its back in shape already

  8. home based business online on March 4th, 2010 10:05 am

    I also have a Word­Press blog and I use to have a big prob­lem with the huge num­ber of spam com­ments. I will try to add WP Secu­rity Scan and Invis­i­ble Defender.

  9. 4 drawer filing cabinet on March 20th, 2010 6:30 am

    A spe­cially crafted URL could be requested that would allow an attacker to bypass a secu­rity check to ver­ify a user requested a pass­word reset. As a result, the first account with­out a key in the data­base (usu­ally the admin account) would have its pass­word reset and a new pass­word would be emailed to the account owner. This doesn’t allow remote access, but it is very annoyin, luck­ily there are new secu­rity plug ins being devel­oped to pre­vent this.

  10. skornik-security on March 23rd, 2010 8:25 am

    Secu­rity is the no.1 issue today when talk­ing about com­put­ers and infor­ma­tion on the web.

  11. Chris on March 26th, 2010 10:39 am

    My Word­press blog has been attacked by spam­bots recently. Do you have any other sug­ges­tions in addi­tion to #5 above, or will that be enough protection?

Join in on the Discussion! Comment Now: