WordPress is probably the most well-known names on the web. Built on the firm foundations of PHP and MYSQL, WordPress initially started out in 2003 as an open-source blogging platform, but its increasing functionality has seen it evolve into a full fledged content management system with a whole range of plugins available to increase its scope.
Currently over sixty million people use WordPress to power their websites and blogs. You’ll find big businesses and media outlets using it, as well as people who run websites devoted to cats and model trains. However with this level of popularity, it was only a matter of time before the system was caught in the cross-hairs of website hackers. In order to keep your site safe, it is advised to keep your version of WordPress and your plugins up to date. Furthermore, we’ve found five of the best security plugins that can help keep the hackers at bay.
This popular security plugin protects your WordPress blog from malware, exploits and spam injections. Use it to scan your site daily for viruses and can be set to send email notifications afterwards. The AntiVirus plugin is very thorough, checking database tables and theme templates for security breaches.
Developer: Sergej Muller
Exploit Scanner searches files on your website as well as the posts and comments tables on your databases for suspicious behaviour. The scanner also checks your list of active plugins for unusual file names.
Note: This plugin only scans for problems and shows you the results. It does not deal with any of the problems that it has found. It is up to the user to remove them.
Developers: Donncha O Caoimh, Jon Cave, Ryan Boren, Andrew Ozz, Thorsten Ott.
All in one WP Security and Firewall
Reduces security risks by enforcing the latest WordPress security practices and checks for site vulnerabilities. All in one WP Security and Firewall plugin uses a security points grading system to measure how well protected your site is. Among the many functions it has, the plugin keeps your files system and HT access file secure, as well as preventing comment spam. It also has Blacklist and Firewall functionality, plus Brute force login attack prevention amongst the weapons in its armoury. This plugin is a real one-stop shop for keeping your blog free from attacks.
Developers: Wpsolutions, Tips and Tricks HQ, Peter Petreski, Ruhul Amin.
Better WP Security
A full featured plugin that can perform various tasks that secure your blog including:
- Removing login error messages.
- Removes the meta ‘Generator’ tag.
- Changes WP content path.
- Removes RSD header information.
- Completely turns off the ability to login for a given time period.
Developers: Bit51, Chris Wiegman
Limit Login Attempts
On its default setting, WordPress allows unlimited login attempts through the login page. Because of this, it is fairly easy to ‘brute force’ crack passwords. The Limited Login Attempts plugin will block an IP address from making attempts to login after a specified number of attempts. You can also limit the number of attempts to login using authorisation cookies in same way.