Top 10 Security and Protection Plugins for WordPress

April 8, 2008 - 133 CommentsWritten by Paul Andrew

Categories → Popular,Wordpress,WP Plugins

With every site you build there are going to be security risks and issues, there is no way around this, it is going to happen. All we can do is minimize the damage, be ready for it and take action. WordPress is now the most popular Blogging Engine, this will not mean an increase attacks, but it will have the highest potential of attacks.
I haven’t included Akismet, because I am sure everyone has heard about it.
Anyway, here are my Top 10 Security Plugins for WordPress.

1. WordPress Database Backup (http://www.ilfilosofo.com/blog/wp-db-backup/)

URL: http://www.ilfilosofo.com/blog/wp-db-backup/.
Description: This plugin does exactly what it says, it backs up your entire WP installation. This has got to be one of the first plugins you install upon first installation. You can back it up to your hard drive, on a server or even to a specified email address. Whether it be a rogue plugin or a hacker (or yourself) that crashes WP, WP Database Backup will reinstate everything as it should be. I like to think of it as my “WP system restore“.

2. Semisecure Login (http://jamesmallen.net)

URL: http://jamesmallen.net/2007/09/16/semisecure-login/.
Description: Semisecure increases the security of your WP Login, it uses client-side MD5 encryption on the password. JavaScript is required to enable encryption. When JavaScript is not available, the password is transmitted in plaintext (as normal), but authentication still completes in this case.

3. AskApache Password Protect (http://www.askapache.com)

URL: http://www.askapache.com/wordpress/htaccess-password-protect.html.
Description: This will secure your WP Admin with a very powerful htaccess password protection, preventing all unwanted bots from entering your site.

4. Force SSL (http://almosteffortless.com/)

URL: http://almosteffortless.com/wordpress/force-ssl/.
Description: For those will an SSL certificate, the Force SSL plugin for WordPress forces for an HTTPS connection for security purposes. This is useful for those who with to enforce a higher level of security regarding the delivery of WordPress content to the browser.

5. WP Security Scan (http://wordpress.org/extend/plugins)

URL: http://wordpress.org/extend/plugins/wp-security-scan/.
Description: I love this plugin, it scans your site for security issues and checks passwords, file permissions, database security, WP version hiding and WordPress admin protection/security. It also makes me a little paranoid.

6. Secure Files (http://wordpress.org/extend/plugins)

URL: http://wordpress.org/extend/plugins/secure-files/#post-271.
Description: This plugin allows you to upload and download files from outside of your web document root for security purposes. When used in conjunction with a plugin that requires a user to be logged in to see your site, you can restrict file downloads to users that are logged in.

7. WP-SpamFree (http://www.hybrid6.com/)

URL: http://www.hybrid6.com/webgeek/plugins/wp-spamfree.
Description: I had heard a lot about this plugin before I tried it, it said it is better than Akismet. To be honest I never noticed much difference (I get 500+ spam a day at the moment) between the two. User choice I suppose. I wish there was a way to stop the spammers instead.

8. BackUpWordPress (http://wordpress.designpraxis.at)

URL: http://wordpress.designpraxis.at/plugins/backupwordpress/.
Description: Almost identical as the first plugin, just not as straight forward. The list of features goes on and on, this is for the WP Pro. Some features: Database backup including uploaded files, plugins, etc.; EMail notofication on new backups; Trigger backup manually; Set schedules for your backups; restore backups; Staggered SQL import; Automatically continue unfinished backups in background; Language Support. (And thats just the Easy Mode, wait until you see the advanced).

9. Anonymous WordPress Plugin Updates (http://f00f.de/)

URL: http://f00f.de/blog/2007/10/02/plugin-anonymous-wordpress-plugin-updates.html.
Description: Anonymizes the plugin update checking system which is a new feature in WordPress 2.3. The plugin prevents WordPress from transmitting a list of active plugins, the blog url and WordPress version. Ideal for privacy-aware administrators of WordPress installation.

10. Replace WP-Version (http://wordpress.org/extend/plugins/)

URL: http://wordpress.org/extend/plugins/replace-wp-version/#post-2859.
Description: (We have all read about the security issue of showing your WP version, this resolves it).
If you’re running an older version of WordPress, anyone can view source to see what attacks might work against your blog. This plugin replace the WP-version with a random string < WP 2.4 and eliminate WP-version > WP 2.4.

About the Author: Paul Andrew (552 Articles)

Paul Andrew is the editor and founder of Speckyboy Design Magazine. You can follow Speckyboy on Twitter, on Facebook, on Digg or you can subscribe via RSS.

Comments and Reactions

Pingback: » Top 10 Security and Protection Plugins for Wordpress Webcreatives
http://linux4life.netsons.org linux4life
Great list! I didn’t know many of these plugins, so I really need to improve the security of my blog
Pingback: botheredByBees
Pingback: Fatih Hayrioğlu’nun not defteri » 11 Nisan 2008 web’den seçme haberler
Pingback: 10 Security and Protection Plugins for Wordpress
Pingback: Burzycki.org - Tech and Interesting Facts
Pingback: 10 Security and Protection Plugins for Wordpress | Web 3.0 Technology.com
Pingback: Bloglinks 15/2008 | DimidoBlog
Pingback: I 10 migliori plugin di sicurezza e protezione per WordPress | Crisis
http://bueltge.de Frank
another nice plugin for security: WP Adminprotection
Pingback: Despre securitatea temelor WordPress | CNET.ro
Pingback: Wordpress: Plugins für mehr Sicherheit « Grund, Specky, Plugins, Wordpress, Seiten, Spamlinks, Wordpressblogs, Hackern « Volderette
Pingback: Weblog Tools Collection » Blog Archive » 10 Security Plugins For WP
Pingback: 10 plugins para mejorar la seguridad de nuestro Wordpress | aNieto2K
http://www.howtospoter.com Alex @ WordPress Web 2.0 Guide
Great list of plugins although I still think that some of the functions that those plugins do are easier accomplished by simply editing the file (like hide the version) and it will reduce the load on your host … I guess some plugins are designed to help less experienced users …
Great list non-less.
Alex
Richard
re: WP Security Scan (http://wordpress.org/extend/plugins)
See “issues” with this plugins at at http://wordpress.org/support/topic/165807
selective quotes include: “Was that meant to be an April Fool’s joke? Being concerned about security, I downloaded this plugin, ran it, set my permissions to the “suggested corrective actions” and when trying to access my site, all I got were errors. I had to reset my permissions as best as I could and got it to work again.
Either this is a bad joke or awfully written code by someone who doesn’t have a clue as to what WP permissions should be.”
http://www.j2fi.net/ ジェイソン (Jason)
The Replace WP-Version plugin is pretty slick. I’ve been doing this manually for the last few releases. It’s good to see that everyone can easily do this, now :)
Thanks for the list!
http://www.cartermason.com/ Carter Mason
The biggest difference between wp-spamfree and akismet is that wp-spamfree stops the comment before it gets sent, and is extremely accurate at detecting bots from humans without captchas.
I no longer have to look through a huge list of comments in akismet to find the false-positives. There aren’t any!
http://green-beast.com Mike Cherim
I had that problem with Akismet. I still had to much spam, but in a different queue. I added Mike Jolley’s comment stopper and it has been a blessing. Now I have no spam, only legit comments.
http://blue-anvil.com/archives/wordpress-comment-spam-stopper-plugin
http://www.hyperborea.org/journal/ Kelson
A couple of notes:
Having worked with lots of spam filters, I’m *extremely* suspicious of anything that claims to have “no false positives.” The only way to guarantee that is to never block anything.
Semisecure Login does not appear to work with WP 2.5, probably because of the new password storage scheme.
http://www.cartermason.com/ Carter Mason
Yes, I would be suspicious, too. But… the developer has been extremely quick to release updates whenever there is any type of quirk, and if you read through the documentation, you will understand why wp-spamfree blocks bots and not humans.
http://www.remyroy.com Rémy Roy
“I wish there was a way to stop the spammers instead.”
There are many ways but one is to use a CAPTCHA. I suggest you have a look at my CAPTCHA available at http://www.remyroy.com/yacaptcha/ .
Pingback: 10 plugins para melhorar a segurança do Wordpress | Open Mania
Pingback: 10 plugins para garantir a segurança e proteção do seu blog movido a WordPress | Neto Cury Blog
http://www.pliggs.com Geoserv
STUMBLED!
I just started blogging, this post will come on handy.
VOTED for you at:
http://www.newsdots.com/software/top-10-security-and-protection-plugins-for-wordpress-speckyboy-wordpress-and-design/
Pingback: Quasi.dot › links for 2008-04-17
Pingback: Plugins para mantener la seguridad de nuestro blog | gEEK tHE pLANET
Pingback: Wordpress用お勧めセキュリティープラグイン | Nutspress
Pingback: Top 10 Plugins para blindar tu WordPress | Mangas Verdes
Pingback: My Worklog » Blog Archive » Top 10 Security and Protection Plugins for Wordpress
Pingback: saucybeige blog » Blog Archive » links for 2008-04-17
http://beyondrandom.com BeyondRandom
I have most but not all…thanks for the tips!
Matt
Last time I tried AskApache PassPro I was not able to make it work with another scheme I had set up called, “Hiding WordPress Installation Files”
My question is this, Do you think the AskApache protection is more important that the protection provided by hiding the WordPress installatin files? Thanks.
Pingback: 10 plugins para asegurar tu Wordpress | Tinta Fantasma
Pingback: Seguridad en Wordpress: 10 plugins necesarios | Denken Über
http://www.wpproject.com Richard H
I agree with Alex regarding “simply editing the file” instead of using some of these plugins, but still, a pretty decent list.
Thanks.
Pingback: links for 2008-04-17 « toonz
Pingback: 10 plugins de seguridad y protecctión para nuestro Wordpress at ZyruS WeB
http://sbin.cn/blog Richard
Great list. I like it.
Pingback: Plugins para mejorar la seguridad de Wordpress
Pingback: 10大 WordPress 安全插件 - WordPress中文站
Pingback: Web 2.0: Los 10 mejores plugins de seguridad para Wordpress - Bitelia
Pingback: 10 Plugins de Seguridad para Wordpress | Tu Lugar en Internet
http://viverati.com Adam K
I’m surprised Bad Behavior didn’t make this list; it does what you said you wanted: to stop spammers.
I’ve used it for a long time, and it definitely cut down the load of spam comments and such… one downside is that it makes it take a lot longer to reload a page when editing (regular viewing seems fine, it’s the editing process that gets slowed down).
Pingback: links for 2008-04-19 | Krispy's Blog vol gevraagde en ongevraagde meningen
Pingback: Links for 19-04-2008 | Velcro City Tourist Board
http://www.askapache.com AskApache
In response to Matt.
The latest version of AskApache Password Protection has a lot of new features. Other than staying updated to the latest version of WordPress and having decent passwords, NOTHING can secure your blog better and more completely than this plugin.
2 new features enable you to turn on or off wp-includes/wp-content/wp-admin protection.
The wp-admin directory is password protected to erect a 1st line of defense against maliciousness. Hackers cannot even begin to try to hack your wp-admin until they get past that.
The wp-includes and wp-content folders are protected by disallowing any direct requests for files other than the static files like images, css, js, etc.
And of course I backup my databases like crazy, all the time.
Great list speckyboy!
Pingback: 10 plugins para mejorar la seguridad de nuestro Wordpress » Ricotero's Blog
http://enrique.brito.es/blog Enrique
WP-SECURITY-SCAN:
WARNING! It generated almost 5 gigas error.log.
I had to contact my hosting provider, after erasing it, to flush my logs
Pingback: Xtreme-gameZ - Vive En Tu Mundo, Juega En El Nuestro...
Pingback: Seguridad en Wordpress: 10 plugins necesarios - Chuchadas.cl
Pingback: 10 плагинов для безопасности WordPress блога | Блог про блоги от Дмитрия Донченко
Pingback: Top 10 Security and Protection Plugins for Wordpress | Creation Robot
Pingback: I migliori 10 plugin per la sicurezza dei blog Wordpress - Geekissimo
Pingback: Wordpress için 10 güvenlik eklentisi | Güncel Blog
Pingback: Wordpress i
http://www.gurcay.org Gurcay
thanks. :)
http://www.illegal-crew.org illegalcrew
great list.
Pingback: 10 plugins de seguridad para WordPress | Pere MAJORAL
Pingback: Hersohbet.Com Yeni bir sohbet, yeni bir arkadaş istiyorsan doğru yerdesin. » Blog Archive » Wordpress için 10 güvenlik eklentisi
Pingback: 10 plugins para mejorar la seguridad de nuestro Wordpress « Blog’s CSoer
Pingback: Blog de Elliot Fernández » 10 plugins per millorar la seguretat de Wordpress
Pingback: Безопасность Wordpress | Raz0r.name - блог о web-безопасности
http://tinyurl.com/3jdgaj Firewall Script
Great PHP based firewall that plugs into any php based site, wordpress included: Firewall Script.
Pingback: Seguridad en WP - 10 Plugins | Aborregate
Pingback: Pêle-mêle #3 : Planete Freeware
Pingback: 10个最有用的Wordpress安全和防护插件 : 幸福收藏夹
Pingback: Dieresys » Blog Archive » Securizando WordPress
Pingback: How Hard is Your WordPress? | The BookmarkMoney Blog
Pingback: 十大 WordPress 安全插件（譯） | PLAYS 的教學、紀錄、分享網
Pingback: 10个最有用的Wordpress安全和防护插件 | 第七封印
Pingback: 10个最有用的Wordpress安全和防护插件 at 第七封印
http://www.pathtochina.com/ Will
I already use some of them, plugins are very useful.
http://www.sjocuri.com jocuri
Thanks for this useful plugin.
http://www.e-joculete.ro jocuri
Keep up the good work! 10q
Pingback: keycn.com » Blog Archive » WordPress资源大全
Pingback: MoAnt.Com » Blog Archive » 10个最有用的Wordpress安全和防护插件
Pingback: waffle : links for 2008-06-21
http://www.kinderfahrrad.org Chris
Thanks a lot for the useful list and the descriptions! It’s a pleasure that you always provide such toplists on your blog.
Pingback: Top Color Blogs » Blog Archive » 2nd Plug-in to Install - WP Security Scan
Pingback: Top 10 plugins de seguridad para Wordpress - Guia Breve
Pingback: Securing Wordpress | Honoka Memoirs
http://www.typolight-blog.de Typolight
Thanks, you nice post that helped me alot.
Pingback: Geliştirme Araç ve Dökümanları - gKAANs.oRg » Wordpress’te Güvenlik - Bölüm 2
http://www.nadie007.com nadie007
great list! a lot of options for wp more secure!
thanks
http://www.jocuri10.org Jocuri
WP-SECURITY-SCAN:
Pingback: How Secure is Your WordPress Blog? | Blogging For Novice
http://filmnew.ru Victoria
Very good post! Thank you for the work done!
Pingback: Plugins para mejorar la seguridad y el SEO de nuestro Wordpress « El Cubanito Web
Pingback: 10个最有用的Wordpress安全和防护插件 | 　　　理处言语然自
http://wpsecurity.net Mark
There’s a brand new available that you can add to your list if/when you decide to update: “Maximum Security for Worpdress” – see the Web site for a long list of powerful features.
http://hosting.ber-art.nl Berrie Pelser
Very nice list, all installed ;)
Pingback: Top 10 Security and Protection Plugins for Wordpress - plugins, security, wordpress - Technically Personal!
Pingback: Cum sa iti protejezi blogul WordPress de hackeri? - SEO - Optimizare web
Pingback: Top 10 Security and Protection Plugins for Wordpress | 24/7 WEB PROS
Pingback: 十大 WordPress 安全插件（译） | Kele Path
Pingback: Top 10 Security and Protection Plugins for Wordpress | Make Money Live
http://www.recetasonline.net Roberto
Very useful, I am using at the moment 3 of this list of pluggins in mu blogs and I recommend everybody to use it.
Roberto
Pingback: 10大 WordPress 安全插件 « wordpress 非官方中文站——助力中文wordpress
http://rabsklep.co.cc romonoeroetoko
Hm that sounds good but I would like to know more details.
http://www.ekoob.com Raghu
Great list thanks… this will help me
Pingback: Reader Question: Is WordPress Safe To Use? : Performancing
http://kluby24.com.pl romonoeroetoko
Your news is a cool stuff man, keep it going.
http://www.joltivan.com Joltivan
Thanks for the list..nice collection :D
http://kluby24.com.pl amenodimeno
That’s good man, keep it going.
http://invista.com.pl amenodimeno
Good story for me but please more details.
http://karma-royal-canin.pl queroeropoo
Good information to me.
http://mkciromat.pl adamoerikom
Stunning blog and good article. High 5 for u man !
http://www.bettingasabusiness.com Sports Picks
Security and protection for anyone’s website is a must have. Out of this list I would think the backup tools are probably most important. Backup Backup Backup – or one day you might lose it all. Which, trust me, is horrible.
Pingback: Sorry For The Downtime (Part 2)
http://wydzialprawa.edu.pl adamusxyz
This is a very good stuff man. But you can be more specific next time. See ya !
Pingback: Links der Woche – 75 Euro AdWords-Gutschein, Googlopoly, Alexa und mehr > Tipps > AdWords-Gutschein, Alexa, Google, Gutschein, Ranking
http://www.jetztreduziert.de Rabatt Blog
Very nice list of plugins, always neglected security aspects so far, but I installed 5 of them right now. Never rely on your host only ;)
http://www.liliadayspa.com liliadayspa
thanks for the gret tips. i will have to try them for my site.
http://www.gratisbilder.de Gratisbilder
The security scan plugin is really handy, found something I instantly fixed. Thanks !
Pingback: Plugins para mejorar la seguridad y el SEO de nuestro Wordpress
http://gingermudd.com Ginger Mudd
Thank you for a great list.
Can any one answer this questions?
WP-Security Scan says it
-removes WP Generator ID META tag from core code
What does that mean exactly and how does it improve security?
http://seodelo.com/ Denis Polishchuk
Great list of plugins! From this list regularly use six plug-ins. The author thanks for useful information.
http://aspirinc.co.cc aspirinc
The Replace WP-Version plugin is pretty slick. I’ve been doing this manually for the last few releases. It’s good to see that everyone can easily do this, now :)
Thanks for the list!
http://thug.yw.sk gangsta4live
Thanxs bro.
http://theeasycash.hostzi.com/ The Easy Cash
Great list. You could also add Secure WordPress (http://wordpress.org/extend/plugins/secure-wordpress/) to the list.
http://computer-lautsprecher.org Computer Lautsprecher
great list, most of those plugins are already in use on my blog, but some were still new to me
http://jinlab.com mosjin
Great lists, love it!
http://www.constanta.ws Constanta
Great and helpful tips!
Thank you!
All The Best!
Best regards!
http://www.carpictures.co.cc carpictures
thanks greattttt
http://www.kaancan.co.cc patrx
great list, most of those plugins are already in use on my blog, but some were still new to me
http://www.onlinebillig.com Online Billig
The database backup one is great. I set it to mail me once a day, all I have to do is archive the backups. Awesome if you are running multiple blogs, no more PHP admin login!
Pingback: ThinkWap » Blog Archive » 10个最有用的WordPress安全和防护插件
http://www.fotografas.tai.lt Martynas
Very necessary information, alot of new plagins
http://www.technoda.ru Condicioner
WP-SpamFree is very good ad stopping spammers actually.
Richard Hardman
Hey I wonder if you can help me. I have an area on the site I am working in which I would like to make available to registered users, but still needs to be visible on the site. Once the user logs in they can gain access to the content. How do I force a User to login using their wordpress user ID & password to give them access to protected areas of the site
Pingback: 小河北博客 - 10个最有用的WordPress安全和防护插件
http://theperfectarts.com Linux7802
yes, the WP-SpamFree is really good