With every site you build there are going to be security risks and issues, there is no way around this, it is going to happen. All we can do is minimize the damage, be ready for it and take action. Wordpress is now the most popular Blogging Engine, this will not mean an increase attacks, but it will have the highest potential of attacks.
I haven’t included Akismet, because I am sure everyone has heard about it.
Antway, here are my Top 10 Security Plugins for Wordpress.
1. WordPress Database Backup (http://www.ilfilosofo.com/blog/wp-db-backup/)
URL: http://www.ilfilosofo.com/blog/wp-db-backup/.
Description: This plugin does exactly what it says, it backs up your entire WP installation. This has got to be one of the first plugins you install upon first installation. You can back it up to your hard drive, on a server or even to a specified email address. Whether it be a rogue plugin or a hacker (or yourself) that crashes WP, WP Database Backup will reinstate everything as it should be. I like to think of it as my “WP system restore“.
2. Semisecure Login (http://jamesmallen.net)
URL: http://jamesmallen.net/2007/09/16/semisecure-login/.
Description: Semisecure increases the security of your WP Login, it uses client-side MD5 encryption on the password. JavaScript is required to enable encryption. When JavaScript is not available, the password is transmitted in plaintext (as normal), but authentication still completes in this case.
3. AskApache Password Protect (http://www.askapache.com)
URL: http://www.askapache.com/wordpress/htaccess-password-protect.html.
Description: This will secure your WP Admin with a very powerful htaccess password protection, preventing all unwanted bots from entering your site.
4. Force SSL (http://almosteffortless.com/)
URL: http://almosteffortless.com/wordpress/force-ssl/.
Description: For those will an SSL certificate, the Force SSL plugin for Wordpress forces for an HTTPS connection for security purposes. This is useful for those who with to enforce a higher level of security regarding the delivery of Wordpress content to the browser.
5. WP Security Scan (http://wordpress.org/extend/plugins)
URL: http://wordpress.org/extend/plugins/wp-security-scan/.
Description: I love this plugin, it scans your site for security issues and checks passwords, file permissions, database security, WP version hiding and WordPress admin protection/security. It also makes me a little paranoid.
6. Secure Files (http://wordpress.org/extend/plugins)
URL: http://wordpress.org/extend/plugins/secure-files/#post-271.
Description: This plugin allows you to upload and download files from outside of your web document root for security purposes. When used in conjunction with a plugin that requires a user to be logged in to see your site, you can restrict file downloads to users that are logged in.
7. WP-SpamFree (http://www.hybrid6.com/)
URL: http://www.hybrid6.com/webgeek/plugins/wp-spamfree.
Description: I had heard a lot about this plugin before I tried it, it said it is better than Akismet. To be honest I never noticed much difference (I get 500+ spam a day at the moment) between the two. User choice I suppose. I wish there was a way to stop the spammers instead.
8. BackUpWordPress (http://wordpress.designpraxis.at)
URL: http://wordpress.designpraxis.at/plugins/backupwordpress/.
Description: Almost identical as the first plugin, just not as straight forward. The list of features goes on and on, this is for the WP Pro. Some features: Database backup including uploaded files, plugins, etc.; EMail notofication on new backups; Trigger backup manually; Set schedules for your backups; restore backups; Staggered SQL import; Automatically continue unfinished backups in background; Language Support. (And thats just the Easy Mode, wait until you see the advanced).
9. Anonymous Wordpress Plugin Updates (http://f00f.de/)
URL: http://f00f.de/blog/2007/10/02/plugin-anonymous-wordpress-plugin-updates.html.
Description: Anonymizes the plugin update checking system which is a new feature in WordPress 2.3. The plugin prevents WordPress from transmitting a list of active plugins, the blog url and WordPress version. Ideal for privacy-aware administrators of WordPress installation.
10. Replace WP-Version (http://wordpress.org/extend/plugins/)
URL: http://wordpress.org/extend/plugins/replace-wp-version/#post-2859.
Description: (We have all read about the security issue of showing your WP version, this resolves it).
If you’re running an older version of WordPress, anyone can view source to see what attacks might work against your blog. This plugin replace the WP-version with a random string < WP 2.4 and eliminate WP-version > WP 2.4.
There are 42 Comments › Leave your comment
Leave a Reply
73 Trackbacks
- » Top 10 Security and Protection Plugins for Wordpress Webcreatives
- botheredByBees
- Fatih Hayrioğlu’nun not defteri » 11 Nisan 2008 web’den seçme haberler
- 10 Security and Protection Plugins for Wordpress
- Burzycki.org - Tech and Interesting Facts
- 10 Security and Protection Plugins for Wordpress | Web 3.0 Technology.com
- Bloglinks 15/2008 | DimidoBlog
- WordPress Plugins für mehr Sicherheit - bueltge.de [by:ltge.de]
- I 10 migliori plugin di sicurezza e protezione per WordPress | Crisis
- Despre securitatea temelor WordPress | CNET.ro
- Wordpress: Plugins für mehr Sicherheit « Grund, Specky, Plugins, Wordpress, Seiten, Spamlinks, Wordpressblogs, Hackern « Volderette
- Weblog Tools Collection » Blog Archive » 10 Security Plugins For WP
- 10 plugins para mejorar la seguridad de nuestro Wordpress | aNieto2K
- 10 plugins para melhorar a segurança do Wordpress | Open Mania
- 10 plugins para garantir a segurança e proteção do seu blog movido a WordPress | Neto Cury Blog
- Quasi.dot › links for 2008-04-17
- Plugins para mantener la seguridad de nuestro blog | gEEK tHE pLANET
- Wordpress用お勧めセキュリティープラグイン | Nutspress
- Top 10 Plugins para blindar tu WordPress | Mangas Verdes
- My Worklog » Blog Archive » Top 10 Security and Protection Plugins for Wordpress
- saucybeige blog » Blog Archive » links for 2008-04-17
- 10 plugins para asegurar tu Wordpress | Tinta Fantasma
- Seguridad en Wordpress: 10 plugins necesarios | Denken Über
- links for 2008-04-17 « toonz
- 10 plugins de seguridad y protecctión para nuestro Wordpress at ZyruS WeB
- Plugins para mejorar la seguridad de Wordpress
- 10大 WordPress 安全插件 - WordPress中文站
- Web 2.0: Los 10 mejores plugins de seguridad para Wordpress - Bitelia
- 10 Plugins de Seguridad para Wordpress | Tu Lugar en Internet
- links for 2008-04-19 | Krispy's Blog vol gevraagde en ongevraagde meningen
- Links for 19-04-2008 | Velcro City Tourist Board
- 10 plugins para mejorar la seguridad de nuestro Wordpress » Ricotero's Blog
- Xtreme-gameZ - Vive En Tu Mundo, Juega En El Nuestro...
- Seguridad en Wordpress: 10 plugins necesarios - Chuchadas.cl
- 10 плагинов для безопасности WordPress блога | Блог про блоги от Дмитрия Донченко
- 晴天里的一道光
- Top 10 Security and Protection Plugins for Wordpress | Creation Robot
- I migliori 10 plugin per la sicurezza dei blog Wordpress - Geekissimo
- Wordpress için 10 güvenlik eklentisi | Güncel Blog
- Wordpress i
- 10 plugins de seguridad para WordPress | Pere MAJORAL
- Hersohbet.Com Yeni bir sohbet, yeni bir arkadaş istiyorsan doğru yerdesin. » Blog Archive » Wordpress için 10 güvenlik eklentisi
- 10 plugins para mejorar la seguridad de nuestro Wordpress « Blog’s CSoer
- Blog de Elliot Fernández » 10 plugins per millorar la seguretat de Wordpress
- Безопасность Wordpress | Raz0r.name - блог о web-безопасности
- Seguridad en WP - 10 Plugins | Aborregate
- Pêle-mêle #3 : Planete Freeware
- 10个最有用的Wordpress安全和防护插件 : 幸福收藏夹
- Dieresys » Blog Archive » Securizando WordPress
- How Hard is Your WordPress? | The BookmarkMoney Blog
- 十大 WordPress 安全插件(譯) | PLAYS 的教學、紀錄、分享網
- 10个最有用的Wordpress安全和防护插件 | 第七封印
- 10个最有用的Wordpress安全和防护插件 at 第七封印
- keycn.com » Blog Archive » WordPress资源大全
- MoAnt.Com » Blog Archive » 10个最有用的Wordpress安全和防护插件
- waffle : links for 2008-06-21
- Top Color Blogs » Blog Archive » 2nd Plug-in to Install - WP Security Scan
- Top 10 plugins de seguridad para Wordpress - Guia Breve
- Securing Wordpress | Honoka Memoirs
- Geliştirme Araç ve Dökümanları - gKAANs.oRg » Wordpress’te Güvenlik - Bölüm 2
- How Secure is Your WordPress Blog? | Blogging For Novice
- Sicurezza WordPress: tranquillizzate il paranoico in voi : Come guadagnare con un blog
- Plugins para mejorar la seguridad y el SEO de nuestro Wordpress « El Cubanito Web
- 10个最有用的Wordpress安全和防护插件 | 理处言语然自
- Top 10 Security and Protection Plugins for Wordpress - plugins, security, wordpress - Technically Personal!
- Cum sa iti protejezi blogul WordPress de hackeri? - SEO - Optimizare web
- Top 10 Security and Protection Plugins for Wordpress | 24/7 WEB PROS
- 十大 WordPress 安全插件(译) | Kele Path
- Top 10 Security and Protection Plugins for Wordpress | Make Money Live
- 10大 WordPress 安全插件 « wordpress 非官方中文站——助力中文wordpress
- Reader Question: Is WordPress Safe To Use? : Performancing
- Sorry For The Downtime (Part 2)
- Links der Woche – 75 Euro AdWords-Gutschein, Googlopoly, Alexa und mehr > Tipps > AdWords-Gutschein, Alexa, Google, Gutschein, Ranking



























8 Apr, 2008
Great list! I didn’t know many of these plugins, so I really need to improve the security of my blog
14 Apr, 2008
another nice plugin for security: WP Adminprotection
16 Apr, 2008
Great list of plugins although I still think that some of the functions that those plugins do are easier accomplished by simply editing the file (like hide the version) and it will reduce the load on your host … I guess some plugins are designed to help less experienced users …
Great list non-less.
Alex
16 Apr, 2008
re: WP Security Scan (http://wordpress.org/extend/plugins)
See “issues” with this plugins at at http://wordpress.org/support/topic/165807
selective quotes include: “Was that meant to be an April Fool’s joke? Being concerned about security, I downloaded this plugin, ran it, set my permissions to the “suggested corrective actions” and when trying to access my site, all I got were errors. I had to reset my permissions as best as I could and got it to work again.
Either this is a bad joke or awfully written code by someone who doesn’t have a clue as to what WP permissions should be.”
16 Apr, 2008
The Replace WP-Version plugin is pretty slick. I’ve been doing this manually for the last few releases. It’s good to see that everyone can easily do this, now :)
Thanks for the list!
16 Apr, 2008
The biggest difference between wp-spamfree and akismet is that wp-spamfree stops the comment before it gets sent, and is extremely accurate at detecting bots from humans without captchas.
I no longer have to look through a huge list of comments in akismet to find the false-positives. There aren’t any!
16 Apr, 2008
I had that problem with Akismet. I still had to much spam, but in a different queue. I added Mike Jolley’s comment stopper and it has been a blessing. Now I have no spam, only legit comments.
http://blue-anvil.com/archives/wordpress-comment-spam-stopper-plugin
16 Apr, 2008
A couple of notes:
Having worked with lots of spam filters, I’m *extremely* suspicious of anything that claims to have “no false positives.” The only way to guarantee that is to never block anything.
Semisecure Login does not appear to work with WP 2.5, probably because of the new password storage scheme.
16 Apr, 2008
Yes, I would be suspicious, too. But… the developer has been extremely quick to release updates whenever there is any type of quirk, and if you read through the documentation, you will understand why wp-spamfree blocks bots and not humans.
16 Apr, 2008
“I wish there was a way to stop the spammers instead.”
There are many ways but one is to use a CAPTCHA. I suggest you have a look at my CAPTCHA available at http://www.remyroy.com/yacaptcha/ .
16 Apr, 2008
STUMBLED!
I just started blogging, this post will come on handy.
VOTED for you at:
http://www.newsdots.com/software/top-10-security-and-protection-plugins-for-wordpress-speckyboy-wordpress-and-design/
17 Apr, 2008
I have most but not all…thanks for the tips!
17 Apr, 2008
Last time I tried AskApache PassPro I was not able to make it work with another scheme I had set up called, “Hiding WordPress Installation Files”
My question is this, Do you think the AskApache protection is more important that the protection provided by hiding the WordPress installatin files? Thanks.
17 Apr, 2008
I agree with Alex regarding “simply editing the file” instead of using some of these plugins, but still, a pretty decent list.
Thanks.
17 Apr, 2008
Great list. I like it.
18 Apr, 2008
I’m surprised Bad Behavior didn’t make this list; it does what you said you wanted: to stop spammers.
I’ve used it for a long time, and it definitely cut down the load of spam comments and such… one downside is that it makes it take a lot longer to reload a page when editing (regular viewing seems fine, it’s the editing process that gets slowed down).
18 Apr, 2008
In response to Matt.
The latest version of AskApache Password Protection has a lot of new features. Other than staying updated to the latest version of WordPress and having decent passwords, NOTHING can secure your blog better and more completely than this plugin.
2 new features enable you to turn on or off wp-includes/wp-content/wp-admin protection.
The wp-admin directory is password protected to erect a 1st line of defense against maliciousness. Hackers cannot even begin to try to hack your wp-admin until they get past that.
The wp-includes and wp-content folders are protected by disallowing any direct requests for files other than the static files like images, css, js, etc.
And of course I backup my databases like crazy, all the time.
Great list speckyboy!
19 Apr, 2008
WP-SECURITY-SCAN:
WARNING! It generated almost 5 gigas error.log.
I had to contact my hosting provider, after erasing it, to flush my logs
25 Apr, 2008
thanks. :)
25 Apr, 2008
great list.
8 May, 2008
Great PHP based firewall that plugs into any php based site, wordpress included: Firewall Script.
23 May, 2008
I already use some of them, plugins are very useful.
27 May, 2008
Thanks for this useful plugin.
30 May, 2008
Keep up the good work! 10q
22 Jun, 2008
Thanks a lot for the useful list and the descriptions! It’s a pleasure that you always provide such toplists on your blog.
6 Sep, 2008
Thanks, you nice post that helped me alot.
21 Sep, 2008
great list! a lot of options for wp more secure!
thanks
21 Sep, 2008
WP-SECURITY-SCAN:
5 Nov, 2008
Very good post! Thank you for the work done!
2 Jan, 2009
There’s a brand new available that you can add to your list if/when you decide to update: “Maximum Security for Worpdress” – see the Web site for a long list of powerful features.
2 Feb, 2009
Very nice list, all installed ;)
26 Apr, 2009
Very useful, I am using at the moment 3 of this list of pluggins in mu blogs and I recommend everybody to use it.
Roberto
8 Jul, 2009
Hm that sounds good but I would like to know more details.
8 Jul, 2009
Great list thanks… this will help me
15 Jul, 2009
Your news is a cool stuff man, keep it going.
30 Jul, 2009
Thanks for the list..nice collection :D
31 Jul, 2009
That’s good man, keep it going.
5 Aug, 2009
Good story for me but please more details.
6 Aug, 2009
Good information to me.
19 Sep, 2009
Stunning blog and good article. High 5 for u man !
15 Oct, 2009
Security and protection for anyone’s website is a must have. Out of this list I would think the backup tools are probably most important. Backup Backup Backup – or one day you might lose it all. Which, trust me, is horrible.
6 Jan, 2010
This is a very good stuff man. But you can be more specific next time. See ya !