Currently reading: Top 10 Security and Protection Plugins for Wordpress

Top 10 Security and Protection Plugins for Wordpress

April 8, 2008 | Blogmarks | del.icio.us | Digg it | Furl | reddit | Spurl | StumbleUpon

With every site you build there are going to be security risks and issues, there is no way around this, it is going to happen. All we can do is minimize the damage, be ready for it and take action. Wordpress is now the most popular Blogging Engine, this will not mean an increase attacks, but it will have the highest potential of attacks.
I haven’t included Akismet, because I am sure everyone has heard about it.
Antway, here are my Top 10 Security Plugins for Wordpress.

1. WordPress Database Backup (http://www.ilfilosofo.com/blog/wp-db-backup/)

URL: http://www.ilfilosofo.com/blog/wp-db-backup/.
Description: This plugin does exactly what it says, it backs up your entire WP installation. This has got to be one of the first plugins you install upon first installation. You can back it up to your hard drive, on a server or even to a specified email address. Whether it be a rogue plugin or a hacker (or yourself) that crashes WP, WP Database Backup will reinstate everything as it should be. I like to think of it as my “WP system restore“.

2. Semisecure Login (http://jamesmallen.net)

URL: http://jamesmallen.net/2007/09/16/semisecure-login/.
Description: Semisecure increases the security of your WP Login, it uses client-side MD5 encryption on the password. JavaScript is required to enable encryption. When JavaScript is not available, the password is transmitted in plaintext (as normal), but authentication still completes in this case.

3. AskApache Password Protect (http://www.askapache.com)

URL: http://www.askapache.com/wordpress/htaccess-password-protect.html.
Description: This will secure your WP Admin with a very powerful htaccess password protection, preventing all unwanted bots from entering your site.

4. Force SSL (http://almosteffortless.com/)

URL: http://almosteffortless.com/wordpress/force-ssl/.
Description: For those will an SSL certificate, the Force SSL plugin for Wordpress forces for an HTTPS connection for security purposes. This is useful for those who with to enforce a higher level of security regarding the delivery of Wordpress content to the browser.

5. WP Security Scan (http://wordpress.org/extend/plugins)

URL: http://wordpress.org/extend/plugins/wp-security-scan/.
Description: I love this plugin, it scans your site for security issues and checks passwords, file permissions, database security, WP version hiding and WordPress admin protection/security. It also makes me a little paranoid.

6. Secure Files (http://wordpress.org/extend/plugins)

URL: http://wordpress.org/extend/plugins/secure-files/#post-271.
Description: This plugin allows you to upload and download files from outside of your web document root for security purposes. When used in conjunction with a plugin that requires a user to be logged in to see your site, you can restrict file downloads to users that are logged in.

7. WP-SpamFree (http://www.hybrid6.com/)

URL: http://www.hybrid6.com/webgeek/plugins/wp-spamfree.
Description: I had heard a lot about this plugin before I tried it, it said it is better than Akismet. To be honest I never noticed much difference (I get 500+ spam a day at the moment) between the two. User choice I suppose. I wish there was a way to stop the spammers instead.

8. BackUpWordPress (http://wordpress.designpraxis.at)

URL: http://wordpress.designpraxis.at/plugins/backupwordpress/.
Description: Almost identical as the first plugin, just not as straight forward. The list of features goes on and on, this is for the WP Pro. Some features: Database backup including uploaded files, plugins, etc.; EMail notofication on new backups; Trigger backup manually; Set schedules for your backups; restore backups; Staggered SQL import; Automatically continue unfinished backups in background; Language Support. (And thats just the Easy Mode, wait until you see the advanced).

9. Anonymous Wordpress Plugin Updates (http://f00f.de/)

URL: http://f00f.de/blog/2007/10/02/plugin-anonymous-wordpress-plugin-updates.html.
Description: Anonymizes the plugin update checking system which is a new feature in WordPress 2.3. The plugin prevents WordPress from transmitting a list of active plugins, the blog url and WordPress version. Ideal for privacy-aware administrators of WordPress installation.

10. Replace WP-Version (http://wordpress.org/extend/plugins/)

URL: http://wordpress.org/extend/plugins/replace-wp-version/#post-2859.
Description: (We have all read about the security issue of showing your WP version, this resolves it).
If you’re running an older version of WordPress, anyone can view source to see what attacks might work against your blog. This plugin replace the WP-version with a random string < WP 2.4 and eliminate WP-version > WP 2.4.

Read more articles from the Wordpress, Wordpress Plugins, Wordpress Tips blog topic.
To stay up to date with this article and subscribe to our RSS 2.0 feed. You can also trackback from your own site.
Social Bookmarks: | Blogmarks | del.icio.us | Digg it | Furl | reddit | Spurl | StumbleUpon

Comments

Name (required)

Email (required)

Website

Write your comment below.

67 Comments so far

  1. linux4life on April 8, 2008 10:44 am

    Great list! I didn’t know many of these plugins, so I really need to improve the security of my blog

  2. Frank on April 14, 2008 9:16 pm

    another nice plugin for security: WP Adminprotection

  3. Alex @ WordPress Web 2.0 Guide on April 16, 2008 3:15 am

    Great list of plugins although I still think that some of the functions that those plugins do are easier accomplished by simply editing the file (like hide the version) and it will reduce the load on your host … I guess some plugins are designed to help less experienced users …

    Great list non-less.

    Alex

  4. Richard on April 16, 2008 6:14 am

    re: WP Security Scan (http://wordpress.org/extend/plugins)
    See “issues” with this plugins at at http://wordpress.org/support/topic/165807

    selective quotes include: “Was that meant to be an April Fool’s joke? Being concerned about security, I downloaded this plugin, ran it, set my permissions to the “suggested corrective actions” and when trying to access my site, all I got were errors. I had to reset my permissions as best as I could and got it to work again.

    Either this is a bad joke or awfully written code by someone who doesn’t have a clue as to what WP permissions should be.”

  5. ジェイソン (Jason) on April 16, 2008 6:38 am

    The Replace WP-Version plugin is pretty slick. I’ve been doing this manually for the last few releases. It’s good to see that everyone can easily do this, now :)

    Thanks for the list!

  6. Carter Mason on April 16, 2008 7:45 am

    The biggest difference between wp-spamfree and akismet is that wp-spamfree stops the comment before it gets sent, and is extremely accurate at detecting bots from humans without captchas.

    I no longer have to look through a huge list of comments in akismet to find the false-positives. There aren’t any!

  7. Mike Cherim on April 16, 2008 8:15 am

    I had that problem with Akismet. I still had to much spam, but in a different queue. I added Mike Jolley’s comment stopper and it has been a blessing. Now I have no spam, only legit comments.

    http://blue-anvil.com/archives/wordpress-comment-spam-stopper-plugin

  8. Kelson on April 16, 2008 10:45 am

    A couple of notes:

    Having worked with lots of spam filters, I’m *extremely* suspicious of anything that claims to have “no false positives.” The only way to guarantee that is to never block anything.

    Semisecure Login does not appear to work with WP 2.5, probably because of the new password storage scheme.

  9. Carter Mason on April 16, 2008 12:03 pm

    Yes, I would be suspicious, too. But… the developer has been extremely quick to release updates whenever there is any type of quirk, and if you read through the documentation, you will understand why wp-spamfree blocks bots and not humans.

  10. Rémy Roy on April 16, 2008 12:36 pm

    “I wish there was a way to stop the spammers instead.”

    There are many ways but one is to use a CAPTCHA. I suggest you have a look at my CAPTCHA available at http://www.remyroy.com/yacaptcha/ .

  11. Geoserv on April 16, 2008 4:46 pm

    STUMBLED!

    I just started blogging, this post will come on handy.

    VOTED for you at:
    http://www.newsdots.com/software/top-10-security-and-protection-plugins-for-wordpress-speckyboy-wordpress-and-design/

  12. BeyondRandom on April 17, 2008 4:51 am

    I have most but not all…thanks for the tips!

  13. Matt on April 17, 2008 7:25 am

    Last time I tried AskApache PassPro I was not able to make it work with another scheme I had set up called, “Hiding WordPress Installation Files”

    My question is this, Do you think the AskApache protection is more important that the protection provided by hiding the WordPress installatin files? Thanks.

  14. Richard H on April 17, 2008 2:08 pm

    I agree with Alex regarding “simply editing the file” instead of using some of these plugins, but still, a pretty decent list.

    Thanks.

  15. Richard on April 17, 2008 6:00 pm

    Great list. I like it.

  16. Adam K on April 18, 2008 12:34 pm

    I’m surprised Bad Behavior didn’t make this list; it does what you said you wanted: to stop spammers.

    I’ve used it for a long time, and it definitely cut down the load of spam comments and such… one downside is that it makes it take a lot longer to reload a page when editing (regular viewing seems fine, it’s the editing process that gets slowed down).

  17. AskApache on April 18, 2008 11:46 pm

    In response to Matt.

    The latest version of AskApache Password Protection has a lot of new features. Other than staying updated to the latest version of WordPress and having decent passwords, NOTHING can secure your blog better and more completely than this plugin.

    2 new features enable you to turn on or off wp-includes/wp-content/wp-admin protection.

    The wp-admin directory is password protected to erect a 1st line of defense against maliciousness. Hackers cannot even begin to try to hack your wp-admin until they get past that.

    The wp-includes and wp-content folders are protected by disallowing any direct requests for files other than the static files like images, css, js, etc.

    And of course I backup my databases like crazy, all the time.

    Great list speckyboy!

  18. Enrique on April 19, 2008 4:34 pm

    WP-SECURITY-SCAN:

    WARNING! It generated almost 5 gigas error.log.

    I had to contact my hosting provider, after erasing it, to flush my logs

  19. Gurcay on April 25, 2008 7:39 am

    thanks. :)

  20. illegalcrew on April 25, 2008 7:44 am

    great list.

  21. Firewall Script on May 8, 2008 5:19 am

    Great PHP based firewall that plugs into any php based site, wordpress included: Firewall Script.

Trackbacks

  1. » Top 10 Security and Protection Plugins for Wordpress Webcreatives
  2. botheredByBees
  3. Fatih Hayrioğlu’nun not defteri » 11 Nisan 2008 web’den seçme haberler
  4. 10 Security and Protection Plugins for Wordpress
  5. Burzycki.org - Tech and Interesting Facts
  6. 10 Security and Protection Plugins for Wordpress | Web 3.0 Technology.com
  7. Bloglinks 15/2008 | DimidoBlog
  8. WordPress Plugins für mehr Sicherheit - bueltge.de [by:ltge.de]
  9. I 10 migliori plugin di sicurezza e protezione per WordPress | Crisis
  10. Despre securitatea temelor WordPress | CNET.ro
  11. Wordpress: Plugins für mehr Sicherheit « Grund, Specky, Plugins, Wordpress, Seiten, Spamlinks, Wordpressblogs, Hackern « Volderette
  12. Weblog Tools Collection » Blog Archive » 10 Security Plugins For WP
  13. 10 plugins para mejorar la seguridad de nuestro Wordpress | aNieto2K
  14. 10 plugins para melhorar a segurança do Wordpress | Open Mania
  15. 10 plugins para garantir a segurança e proteção do seu blog movido a WordPress | Neto Cury Blog
  16. Quasi.dot › links for 2008-04-17
  17. Plugins para mantener la seguridad de nuestro blog | gEEK tHE pLANET
  18. Wordpress用お勧めセキュリティープラグイン | Nutspress
  19. Top 10 Plugins para blindar tu WordPress | Mangas Verdes
  20. My Worklog » Blog Archive » Top 10 Security and Protection Plugins for Wordpress
  21. saucybeige blog » Blog Archive » links for 2008-04-17
  22. 10 plugins para asegurar tu Wordpress | Tinta Fantasma
  23. Seguridad en Wordpress: 10 plugins necesarios | Denken Über
  24. links for 2008-04-17 « toonz
  25. 10 plugins de seguridad y protecctión para nuestro Wordpress at ZyruS WeB
  26. Plugins para mejorar la seguridad de Wordpress
  27. 10大 WordPress 安全插件 - WordPress中文站
  28. Web 2.0: Los 10 mejores plugins de seguridad para Wordpress - Bitelia
  29. 10 Plugins de Seguridad para Wordpress | Tu Lugar en Internet
  30. links for 2008-04-19 | Krispy's Blog vol gevraagde en ongevraagde meningen
  31. Links for 19-04-2008 | Velcro City Tourist Board
  32. 10 plugins para mejorar la seguridad de nuestro Wordpress » Ricotero's Blog
  33. Xtreme-gameZ - Vive En Tu Mundo, Juega En El Nuestro...
  34. Seguridad en Wordpress: 10 plugins necesarios - Chuchadas.cl
  35. 10 плагинов для безопасности WordPress блога | Блог про блоги от Дмитрия Донченко
  36. 晴天里的一道光
  37. Top 10 Security and Protection Plugins for Wordpress | Creation Robot
  38. I migliori 10 plugin per la sicurezza dei blog Wordpress - Geekissimo
  39. Wordpress için 10 güvenlik eklentisi | Güncel Blog
  40. Wordpress i
  41. 10 plugins de seguridad para WordPress | Pere MAJORAL
  42. Hersohbet.Com Yeni bir sohbet, yeni bir arkadaş istiyorsan doğru yerdesin. » Blog Archive » Wordpress için 10 güvenlik eklentisi
  43. 10 plugins para mejorar la seguridad de nuestro Wordpress « Blog’s CSoer
  44. Blog de Elliot Fernández » 10 plugins per millorar la seguretat de Wordpress
  45. Безопасность Wordpress | Raz0r.name - блог о web-безопасности
  46. Seguridad en WP - 10 Plugins | Aborregate

Related Articles