Browse > Home / Features, WordPress, Wordpress SEO / Wordpress Security Plugins

Wordpress Security Plugins

April 23, 2009

When you use Wordpress for a corporate or business website, security always comes up as an issue and for good reason. In what has turned into an ongoing series on Wordpress Security I’m going to review a few very useful plugins which will add an additional layer of security to your Wordpress or Wordpress MU site.

In addition to this article, you might find the two other posts in this series useful:

Blocking Spam with Wordpress

Recovering from a Wordpress Injection (You are labeled an Attack Site)

So here is the added list of extremely useful Wordpress plugins, all of them work well with both Wordpress and Wordpress MU (on my sites at least):

  1. http://wordpress.org/extend/plugins/restrict-login-by-ip/ – Restricts Wordpress admin login by IP address. This is extremely useful since you will likely not want just anyone having access to the authentication login.
  2. http://wordpress.org/extend/plugins/limit-login-attempts/ – limit login attempts and records IP address.’Nuff said.
  3. http://wordpress.org/extend/plugins/wordpress-file-monitor/ – monitors WP file changes and notifies by email upon a change.
  4. http://wordpress.org/extend/plugins/wp-security-scan/ - scans the server for known security issues – this is a definite old standby and should be added to your Wordpress site
  5. http://wordpress.org/extend/plugins/invisible-defender/ – provides protection against SpamBots
  6. http://wordpress.org/extend/plugins/audit-trail/ – tracks changes to the site by user. I find this to be less of a security issue but it is extremely useful if you’ve got numerous authors on your blog. At the very least you know who to smack around if they make changes to your site. :)

Now keep in mind that these will not ensure that you will never have a security issue on your blog or website. But as the saying goes an ounce of prevention is worth a pound of cure (Benjamin Franklin was a pretty smart guy so I’m going with it).

I hope you’ve found these plugins useful. Let me know if you’ve got any additional plugins or techniques you use to secure your sites and ensure smooth sailing!

Cheers,

Dan Nedelko

Reblog this post [with Zemanta]
Related Posts
  • Wordpress Desktop Client for Mac I spend a good bit of my time writing content for my various websites. Logging into each separate Wordpress or Joomla instance can be time consuming and annoying - as good as web interfaces have become they are still no where near as responsive as a good desktop app. Being......
  • dofollow Blog Just thought I would let you all know that I've made this blog do follow. Now remember - real comments only please but they will pass link authority. As I am going through this resurrection of my site I've had the opportunity to rethink a few thinks in terms of......
Related Websites
  • Wordpress Backup Wordpress Backup is an essential plugin for all Wordpress blog administrators by the Blog Traffic Exchange. It performs regular backups of your upload (images) current theme, and plugin directories. Backup files are available for download and optionally emailed to a...
  • The Great Gift Card Conundrum Have you noticed lately how businesses and restaurants are pushing the sale of their gift cards?  It's not uncommon for them to draw you in to make a purchase of $50 to get a $10 gift card in return.  For...

Written by Dan Nedelko · Filed Under Features, WordPress, Wordpress SEO 

Comments

7 Responses to “Wordpress Security Plugins”

  1. Vote -1 Vote +1Watch Out for Recent WordPress Gumblar Exploit | GROWMAP.COM on May 12th, 2009 10:45 am

    [...] Nedelko WordPress Security Plugins (Apr 23, [...]

  2. Vote -1 Vote +1Felix on November 9th, 2009 5:40 am

    Great points here and also don’t forget to upgrade to the latest version of Wordpress. Usually exploits or malware injections happen to some security hole left unguarded by WP.

  3. +1 Vote -1 Vote +1Wordpress Fan on December 15th, 2009 2:45 pm

    Another great security suggestion that I follow is to try and remove any reference to Wordpress on your pages, in your code, and in urls. Of course someone who knows what they are looking for will be able to tell if it is a Wordpress blog or not, but they will have to make a little extra effort to figure it out.

  4. Vote -1 Vote +1Dan Nedelko on December 16th, 2009 7:07 pm

    I totally agree with that one. It definitely would cut out a good number of scripts and injection attacks that aren’t sophisticated.

  5. Vote -1 Vote +1Dr Laraine on December 18th, 2009 11:50 am

    Thanks, Dan, for these security suggestions. We will be installing some of these plugins!

  6. Vote -1 Vote +1Dan Nedelko on December 18th, 2009 11:56 am

    @Dr Laraine – anytime I hope these help you out. Let me know how they work for you. Some have likely been updated, I’m thinking this post might also need a refresh since it seems pretty popular.

  7. Vote -1 Vote +1home based business online on March 4th, 2010 10:05 am

    I also have a WordPress blog and I use to have a big problem with the huge number of spam comments. I will try to add WP Security Scan and Invisible Defender.

Join in on the Discussion! Comment Now: