WordPress Security Plugins

By Dan Nedelko

April 23, 2009


Last Updated on July 30, 2017 by Dan Nedelko

<p>When you use WordPress for a corporate or business website security always comes up as an issue and for good reason In what has turned into an ongoing series on WordPress Security Im going to review a few very useful plugins which will add an additional layer of security to your <a href=httpwordpressorg>Wordpress<a> or <a href=httpmuwordpressorg target= blank>Wordpress MU<a> site<p> <p>In addition to this article you might find the two other posts in this series useful<p> <p><a href=httpsdannedelkocomwordpressblock spam wordpresshtml target= blank>Blocking Spam with WordPress<a><p> <p><a href=httpsdannedelkocomwordpresswordpress injection attackhtml target= blank>Recovering from a WordPress Injection You are labeled an Attack Site<a><p> <p>So here is the added list of extremely useful WordPress plugins all of them work well with both WordPress and WordPress MU on my sites at least<p> <ol> <li><a href=httpwordpressorgextendpluginsrestrict login by ip target= blank>httpwordpressorgextendpluginsrestrict login by ip<a> Restricts WordPress admin login by IP address This is extremely useful since you will likely not want just anyone having access to the authentication login<li> <li><a href=httpwordpressorgextendpluginslimit login attempts target= blank>httpwordpressorgextendpluginslimit login attempts<a> limit login attempts and records IP addressNuff said<li> <li><a href=httpwordpressorgextendpluginswordpress file monitor target= blank>httpwordpressorgextendpluginswordpress file monitor<a> monitors WP file changes and notifies by email upon a change<li> <li><a href=httpwordpressorgextendpluginswp security scan target= blank>httpwordpressorgextendpluginswp security scan <a> scans the server for known security issues this is a definite old standby and should be added to your WordPress site<li> <li><a href=httpwordpressorgextendpluginsinvisible defender target= blank>httpwordpressorgextendpluginsinvisible defender<a> provides protection against SpamBots<li> <li><a href=httpwordpressorgextendpluginsaudit trail target= blank>httpwordpressorgextendpluginsaudit trail<a> tracks changes to the site by user I find this to be less of a security issue but it is extremely useful if youve got numerous authors on your blog At the very least you know who to smack around if they make changes to your site <li> <ol> <p>Now keep in mind that these will not ensure that you will never have a security issue on your blog or website But as the saying goes <em>an ounce of prevention is worth a pound of cure<em> Benjamin Franklin was a pretty smart guy so Im going with it<p> <p>I hope youve found these plugins useful Let me know if youve got any additional plugins or techniques you use to secure your sites and ensure smooth sailing<p> <p>Cheers<p> <p><img class=alignleft size full wp image 94 src=httpsdannedelkocomwp contentblogsdir1files200903dan nedelko signature bloggif alt=Dan Nedelko width=83 height=91 ><p> <div class=zemanta pixie style=margin top 10pxheight 15px><a class=zemanta pixie a title=Reblog this post with Zemanta href=httpreblogzemantacomzemified025ecbe9 8d60 491b 9273 850944dfa7ad><img class=zemanta pixie img style=border medium nonefloat right src=httpimgzemantacomreblog epngx id=025ecbe9 8d60 491b 9273 850944dfa7ad alt=Reblog this post with Zemanta ><a><span class=zem script more related pretty attribution><span><div>

author avatar
Dan Nedelko
Dan Nedelko is human being spinning around on this big blue marble with the rest of you, interested in Media // Music // Art // Family // Business // Founder of Honeypot Marketinghttp://hny.pt, Jacohmi, and Genuine Media & Development.

Dan Nedelko

About Dan Nedelko

A human being spinning around on this big blue marble with the rest of you, interested in Digital Marketing // Music // Art // Family // Business // Founder of http://hny.pt

  • Great points here and also don’t forget to upgrade to the latest version of WordPress. Usually exploits or malware injections happen to some security hole left unguarded by WP.

  • Another great security suggestion that I follow is to try and remove any reference to WordPress on your pages, in your code, and in urls. Of course someone who knows what they are looking for will be able to tell if it is a WordPress blog or not, but they will have to make a little extra effort to figure it out.

    • I totally agree with that one. It definitely would cut out a good number of scripts and injection attacks that aren’t sophisticated.

  • Thanks, Dan, for these security suggestions. We will be installing some of these plugins!

    • @Dr Laraine – anytime I hope these help you out. Let me know how they work for you. Some have likely been updated, I’m thinking this post might also need a refresh since it seems pretty popular.

  • I also have a WordPress blog and I use to have a big problem with the huge number of spam comments. I will try to add WP Security Scan and Invisible Defender.

  • A specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoyin, luckily there are new security plug ins being developed to prevent this.

  • My WordPress blog has been attacked by spambots recently. Do you have any other suggestions in addition to #5 above, or will that be enough protection?

  • {"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

    Want a FREE Membership to Marketer Knows?

    >