Home » Defense in Depth

10 Plugins To Secure WordPress

Posted 15 Apr 2011 | Comments Off on 10 Plugins To Secure WordPress | 3,303 views

As WordPress grows in popularity, it becomes the target of hackers and spammers hoping to leverage the site for malicious purposes. We’ve compiled a short list ten popular plugins to help protect your valuable web real estate.

Akismet: Akismet is one of the default plugins included with every WordPress release. This plugin compares comments against the Akismet web service to determine whether or not they are spam.

Better WP Security: Better WP Security is a multi-function plugin that removes error messages and unnecessary functions from a WordPress installation. It can even be used to restrict the IP ranges that can access the administration pages.

BulletProod Security: BulletProof Security protects against cross site scripting (XSS), cross site request forgery (CSRF), base 64 encoding, and SQL injection attacks. It also protects the common configuration files.

Login Lockdown: Login Login is an excellent plugin that can be used to protect against brute force login attempts to the administrative pages. This plugin will put a temporary block on any IP address that fails too many times.

Secure CAPTCHA: Secure CAPTCHA adds a handwritten captcha to forms to prevent bots from submitting spam. The captchas are a bit easier to read since they are not distorted with the image overlays and color transforms.

Secure WordPress: Secure WordPress is another multi-function plugin that removes the unnecessary functions from a WordPress installation. It also prevents non-administrative accounts from seeing update information.

SI CAPTCHA Anti-Spam: SI CAPTCHA Anti-Spam is another captcha plugin which protects forms with multi-colored letters and random overlays.

WP-Hashcash: WP-Hashcash is an anti-spam plugin which adds a  bit of JavaScript to forms. The JavaScript completes a hidden form field which most automated spammers will not be able complete.

IP Ban: IP Ban is a simple plugin that returns a page-not-found error to blocked IP address. It attempts to hide a blog from a malicious client.

WP-Sentinel: WP-Sentinel examines incoming blog requests for malicious content and blocks attacks. The blog administrator will receive an email of the attack attempt.

WP Login Security: WP Login Security protects a WordPress blog by locking down the administration pages to certain IP addresses. Any users accessing the administration pages from unknown pages must click a confirmation link that is sent via email.

Actually, we’ll stop now since that’s 11 WordPress modules to tinker with.

Comments are closed.