WordPress is being used more and more these days for a range of websites ranging from blogs, content management systems and eCommerce stores therefore we always should be looking at ways to increase our WordPress security.
WordPress has some great security features built into it’s core and these WordPress Security features increase with each WordPress core update.
Us as developers and WordPress user’s should not solely reply on the core security functionality built into WordPress. We should be proactive in the defense again hacking our blog and websites.
This article will outline 5 top WordPress Security plugins that will help to increase security of your WordPress site.
Akismet checks your comments against the Akismet web service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen.
- A comment status history, so you can easily see which comments were caught or cleared by Akismet, and which were spammed or unspammed by a moderator
- Links are highlighted in the comment body, to reveal hidden or misleading links
- If your web host is unable to reach Akismet’s servers, the plugin will automatically retry when your connection is back up
- Moderators can see the number of approved comments for each user
- Spam and Unspam reports now include more information, to help improve accuracy
Note: You’ll need an Akismet.com API key to use it. Keys are free for personal blogs, with paid subscriptions available for businesses and commercial sites.
|Download the free Akismet WordPress security plugin|
WP Security Scan
Scans your WordPress installation for security vulnerabilities and suggests corrective actions.
- file permissions
- database security
- version hiding
- WordPress admin protection/security
- removes WP Generator META tag from core cod
|Download the WP Security Scan WordPress security plugin|
AntiVirus for WordPress is a smart and effective solution to protect your blog against exploits and spam injections. AntiVirus protection for your blog.
- WordPress 3.x ready: Design as well as technical
- Detect the current WordPress permalink back door
- Quick & Dirty: activate, check, done!
- Manual testing with immediate result of the infected files
- Daily automatic check with email notification
- Whitelist: Mark the suspicion as “No virus”
- Clean up after uninstall the plugin
- English, German, Italian, Persian, Russian
|Download the Antvirus WordPress security plugin|
Limit Login Attempts
Limit the number of login attempts possible both through normal login as well as using auth cookies.
By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.
Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.
- Limit the number of retry attempts when logging in (for each IP). Fully customizable
- Limit the number of attempts to log in using auth cookies in same way
- Informs user about remaining retries or lockout time on login page
- Optional logging, optional email notification
- Handles server behind reverse proxy
|Download the Limit Login Attempts WordPress security plugin|
SI CAPTCHA Anti-Spam
Adds CAPTCHA anti-spam methods to WordPress forms for comments, registration, lost password, login, or all. In order to post comments or register, users will have to type in the code shown on the image. This prevents spam from automated bots. Adds security. Works great with Akismet. Also is fully WP, WPMU, and BuddyPress compatible.
- Configure from Admin panel
- Valid HTML
- Section 508 and WAI Accessibility Validation.
- Allows Trackbacks and Pingbacks.
- Setting to hide the CAPTCHA from logged in users and or admins
- Setting to show the CAPTCHA on the forms for comments, registration, lost password, login, or all.
- I18n language translation support.
|Download the SI CAPTCHA Anti-Spam WordPress security plugin|