When you use WordPress for a corporate or business website, security always comes up as an issue and for good reason. In what has turned into an ongoing series on WordPress Security I'm going to review a few very useful plugins which will add an additional layer of security to your WordPress or WordPress MU site.
In addition to this article, you might find the two other posts in this series useful:
So here is the added list of extremely useful WordPress plugins, all of them work well with both WordPress and WordPress MU (on my sites at least):
- http://wordpress.org/extend/plugins/restrict-login-by-ip/ - Restricts WordPress admin login by IP address. This is extremely useful since you will likely not want just anyone having access to the authentication login.
- http://wordpress.org/extend/plugins/limit-login-attempts/ - limit login attempts and records IP address.'Nuff said.
- http://wordpress.org/extend/plugins/wordpress-file-monitor/ - monitors WP file changes and notifies by email upon a change.
- http://wordpress.org/extend/plugins/wp-security-scan/ - scans the server for known security issues - this is a definite old standby and should be added to your WordPress site
- http://wordpress.org/extend/plugins/invisible-defender/ - provides protection against SpamBots
- http://wordpress.org/extend/plugins/audit-trail/ - tracks changes to the site by user. I find this to be less of a security issue but it is extremely useful if you've got numerous authors on your blog. At the very least you know who to smack around if they make changes to your site.
Now keep in mind that these will not ensure that you will never have a security issue on your blog or website. But as the saying goes an ounce of prevention is worth a pound of cure (Benjamin Franklin was a pretty smart guy so I'm going with it).
I hope you've found these plugins useful. Let me know if you've got any additional plugins or techniques you use to secure your sites and ensure smooth sailing!