Security is always top priority.
Why?
Because hackers are now everywhere and it pays to be cautious as well as protected and prepared.
I am reading in forums about so many people where their sites are being hacked, so don’t wait till your site is hacked but start protecting your site right now.
Here are some of the best WordPress Security Plugins and tips that can help you in securing your own personal space, which is your site. You would not want anyone destroying it, right?
1. Secure WordPress.
This is a very useful plugin because it does a lot for your wordpress blog. It removes error-information on login-page, hides your wp-version in backend-dashboard and much more.
Download Link: http://wordpress.org/extend/plugins/secure-wordpress/
2. WP Security Scan
This plugin will scan your entire WordPress installation and will suggest improvements regarding security vulnerabilities like passwords, database security, file permissions, admin security.
Download Link: http://wordpress.org/extend/plugins/wp-security-scan/
3. Login Lockdown
It takes note of the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Administrators can release locked out IP ranges manually from the panel.
Download Link: http://www.bad-neighborhood.com/login-lockdown.html
4. AskApache Password Protect
From the name itself, it is a plug-in that protects your wordpress blog password. It protects everything from your wp-admin directory to your wp-content, plug-in and much more. You can always edit it right from your own WordPress Admin Panel.
Download Link: http://wordpress.org/extend/plugins/askapache-password-protect/
5. WP-DBManager
This is one of the plugin that is most widely used to optimize database, repair database, backup database, restore database, delete backup database, drop/empty tables and run selected queries. WP-DBManager also supports automatic scheduling of backing up and optimizing of database.
Download Link: http://wordpress.org/extend/plugins/wp-dbmanager/
6. WP-SpamFree
An extremely powerful anti-spam plugin for WordPress that eliminates comment spam, including trackback and pingback spam. It works invisibly without CAPTCHA’s, or other inconvenience to site visitors. The plugin includes spam-free contact form feature as well. Finally, you can enjoy a spam-free WordPress blog!
I recently installed this plugin and I hardly get any spam nowadays
Download Link: http://www.hybrid6.com/webgeek/plugins/wp-spamfree
7. Angsuman’s WordPress Guard Plugin
Angsuman’s WordPress Guard Plugin is a WordPress security plugin that protects the vulnerable areas of your blog from outside access with an additional layer of security.
Download Link: http://taragana.com/products/free-wordpress-plugins/wordpress-guard-plugin/
8. Password
Make sure you create a password that is made up of lowercase, UPPERCASE and symbols. If you have kept the password that was generated for you when you installed WordPress, CHANGE IT NOW. There have been many cases where hackers have gained access to sites via the passwords which are generated by the hosting company.
9. Username
Change your Administrator username from “Admin” to something else. Most hackers realize that for 99% of blogs, the username is ‘admin’. Make it harder for them and change it.
10. WordPress Versions
Keep your WordPress version up to date. Especially when WordPress issue a minor upgrade from within a version. For instance, if you are on version 2.8.4 always upgrade to WordPress 2.8.5 and 2.8.6.
When WordPress 2.9 came out recently, I didn’t upgrade as it was a major upgrade i.e. 2.8 to 2.9. I always wait until WordPress issue the minor upgrade i.e. 2.9.1 to the major upgrade. There could be security and other problems within the major version. I am now on version 2.9.1.
Remember to backup your blog before upgrading.
11. Plugin Versions
Keep your plugins up to date. Often plugins are updated due to security reasons. But before you upgrade, ensure the latest version is compatible with the version of WordPress you are using?
It is very important to keep your blog secure. Thirty minutes work now can stop you having to experience many hours of frustration of recovering from a hacked blog.
What experiences have you had with these plugins and are there other security tips you’d recommend. Share your views in the comments below.
______________________________________________________________________________________
Andrew
at WeBuildYourBlog.com is the most responsive and flexible person
I've worked with.
Thank you Andrew for your patience in getting my website and on-line courses on-line and selling. You were fantastic in learning the delivery platform software that I had chosen and you were across the complexities quickly. Your detailed approach in setting guidelines and deliverables bought my focus back to where it should be and got the job done. Thank you for all your efforts it was a pleasure.
Andrew
has extensive knowledge about internet marketing, SEO and building web
sites/blogs. His course explained everything in an easy to understand
way and I now have a web site that is generating me new clients and
producing income from internet product sales.
Andrew Rondeau is the genius behind http://www.webuildyourblog.com.
Andrew
is highly knowledgeable about blogs, and you can get your blog up and running
successfully and fast. Andrew has helped me immeasurably with
my blog and he is patient and good natured and a wonderful teacher. 
I happened to stumble upon Andrew's website (WeBuildYourBlog.com) while searching for blogging services that would help me start my very own blog. I was a total newbie when it came to the blogging world. Fast forward 3 months and not only do I have my own awesome blog, but friends and family are actually asking me how to start their own blog and I am able to set their blogs up for them! In only 3 months under Andrew's guidance I went from total newbie to being sought after. Thanks Andrew!
I wanted a stylish website that presented my original abstract art in a visually attractive way. Andrew came highly recommended to me as a "no nonsense" practitioner. He does exactly what he says he will do: I give him the parameters to work within and he provides a quick and precise service. You will receive nothing but the best from Andrew!
I
am very happy to provide a testimonial for Andrew Rondeau. All the parts of
the process of working with Andrew were a pleasure. He clarified what I was
wanting and he delivered it without fuss. He was courteous and prompt in all
his dealings with me. I have no hesitation in recommending Andrew to anyone
who wants work done on their blog.
Without Andrew, I wouldn't even have a blog -- I would still just be sitting here, staring at my computer, feeling confused and helpless. With Andrew, I no longer fear confusion and it's impossible to feel helpless. He exerts any and all necessary efforts to resolve any problem or perplexity -- quickly, kindly, intelligently, up to and including IM exchanges in real time via skype. I would urge anyone at any level of expertise (or not) to make the most of his extraordinary talent.
I
was impressed with the excellent service. 
I was introduced to Andrew by a dear friend Corinne Edwards and Andrew as transformed by blog in ways that have reaped results. My membership has gone up and my blog always looks clean and easy to read. Whenever I send Andrew a request to check out - it's ALWAYS prompt and easy to understand. In my humble opinion he is the BEST when it comes to knowledge of the blogging world.
Andrew is an asset to our ongoing website and social media needs. He responds quickly, accurately, and cost effectively. Andrew plays a consultative role in many aspects to our online needs.
I
approached Andrew in February 2010, because I needed to enhance the way I communicated
my business. 
Andrew was kind enough to offer up his own time as part of an initiative to make the world a better place, and I was one of the beneficiaries of that effort. He spent an hour with me working on improving my bounce rate; he suggested several helpful strategies. Most importantly, he helped me with some key processes to help speed up my site, which had bogged down considerably with overuse of graphics. Andrew helped me get set up with Rackspace, which helped so much. From a load time of almost 30 seconds, the site sped up to about a 6 second load. Thanks so much, Andrew!
Having worked with Andrew on and off over the last year, I have found him to be very patient, helpful and easy to work with. He is also very knowledgeable, supportive and a true expert.
Andrew is the real deal and he knows his stuff! His customer service is superb and he gets your work done FAST! You won't need to wait around for endless weeks to see results. Most importantly he works on the site as if it's his own, thus you are assured that you will get the best quality service. I now give Andrew all of my new and old sites to work on. Trust me; you cannot go wrong with this gentleman!
The
end result is a fantastic site that is attracting a lot more attention
and visitors than my old one.
The best blog builder, and the best blog maintenance, I've ever met is Andrew Rondeau. This fellow is an authentic professional in every sense of the word. He's lightning fast, knowledgeable, competent, a skilled listener. He goes the extra mile. He's able to share his passion for his work and products without being pushy. He as other great internet skills, too, but his most impressive attribute is mastery of website building.
I've spent insane amounts of money in the past with former webmasters until I discovered Andrew Rondeau.
I have been online since 1996 and in that time I have been involved in the development of almost 400 web sites for my clients. I have worked with a wide variety of vendors and I have to tell you that Andrew @ We Build Your Blog has far exceeded my expectations. In addition to his vast knowledge and expertise, he is a genuinely great guy, who always goes the extra mile. I highly recommend him, in fact I only recommend him now for web development.
Andrew is highly knowledgeable about blogs and very customer service focused. I knew nothing about blogs and Andrew was very kind, patient, pleasant to work with, receptive and responsive. Work was delivered in timely manner and if I need anything done for blog again I would use Andrew. If you are looking for quality work, excellent customer service and someone that really gets YOU and your needs, I recommend Andrew!.
Hi, Andrew Rondeau here and this blog, my blog, will not lie to you. I will give it to you straight.This blog is about blogging, the Internet and sharing my experiences and advice on
I never thought about hackers getting into my blogs until I saw your site. I also wasn’t aware that most people used admin. for a user name. I am going go back in and secure my blogs a little more effectively now.
Twitter: andrewrondeau
Katie,
Thanks for dropping by. I would certainly make your site as secure as possible. It’s certainly worth the effort.
Andrew
I‘ve faced such type of problem in one of my e commerce site. Every month I was facing hacking problem. But first time I am hearing that hackers are hacking blog.
Anyway thanks for alert, I will try to protect my blog.
Twitter: andrewrondeau
You are welcome, Chris. It’s certainly worth adding some security.
Andrew
Hackers take great joy in bypassing passwords, I’ve done it myself.
- Your job is to make passwords unpredictable.
It is wrong to tell people that passwords can be broken without explaining the proper way to choose one that will be more difficult to break.
- Given enough time every password can be broken.
You should choose a password that is seven or more characters long. Don’t use a word that is found in a dictionary – a program can be written to check every word in a dictionary.
Once you use a password that you consider good, don’t use a sequence of that password (Tolkien1, Tolkien2, Tolkien3)
Try making up an acronym – JDwfLTismf (“Jack Daniels whiskey from Lynchburg, Tennessee is my favorite”). Unless you know me well enough to know that I like Jack there would be no reason to consider that phrase. If you did know my like for Jack there is still no reason to consider this as a possible password.
Try and misspell a word using one or more special characters in the center of the word, like Disné#Land.
Since many passwords are case sensitive, use upper and lower case.
When it comes time to change passwords, I take the local newspaper and choose a word. The word for today is Doonesbury, which I modify to be D00n3sb_r. Or take the word lightbulb and spell it 1igh+b_1B. It is actually very simple, once you get the hang of it.
Take the word “automated” and on a US keyboard type one character to the right “siyp,syrf” and doing this means that you can use your family name if you want to.
For sites that do not have any money related information I use one password. I take an unnatural word combination, like an adverb and a noun (an adverb, broadly defined, is a word which modifies any word other than a nouns), combine them the make a word that does not exist in the dictionary. SlowlyTruck is a combined word that does not appear when searched on the internet. Slightly change the spelling and you really have a wonderful password – how about Sl0w1yTruck
I only use one password for sites like blogs. For sites that have money related things I use the ideas referenced above, but since I have a good memory I really screw the text up. I have also taken a text file and just typed a dozen or so characters, and whatever came out was a password.
Change your password at work every two months and personal passwords as often as you feel necessary.
Change your password now. Don’t wait for the prompt.
Twitter: andrewrondeau
Richard,
Thanks for taking the time out to write such great advice and sharing your tips/ideas. I’m sure many of us will benefit.
Andrew
I’ve often wondered if writing these posts was a good idea. What better target for a smart-ass hacker?
Thanks man, good plugins.
.-= Dennis Edell´s last blog ..Blog Move Is Immanent! I’m Looking For Launch Partners… =-.
Twitter: andrewrondeau
That thought went through my head as well, Dennis, as I was pressing the ‘publish’ button. If you don’t hear from me for a few days, you know why – I’ve been hacked!
Andrew
Andrew – thanks this is a very useful guide and one I will make use of. Other things I have read about security go into technical stuff that’s beyond me. What I do for passwords is have a file on a flash drive that I keep passwords on (the file itself has a bland name and non of the passwords are identified as such of course) – all totally random characters. I copy and paste them as required. This stops any hacker reading you keystrokes. I think it was Kevin Riley who recommended this. It can be a pain having to plug in the flash drive, but it “feels” more secure!
.-= David Rogers´s last blog ..Build Self Confidence Fast =-.
Twitter: andrewrondeau
David,
We all have different ways and what works for some do not work for others. You’ve found a method that works for you!
I hope the plugins help.
Andrew
The first plugin on your list “Secure WordPress” makes a fair number of back-end security upgrades to your wordpress blog, particularly if you’re granting access to multiple users. Even if the Secure WordPress plugin is a bit more than a single-user wordpress blogger might want, I’d recommend creating a blank “index.php” in the plugin-directory, which the plugin would do for you. Having this file in the plugin directory, keeps people from being able to determine which plugins you’re running on your blog.
.-= will@laser hair removal´s last blog ..Speculating about Tiger Woods’s Groomed Chest: Chest Hair Removal for Men =-.
Twitter: andrewrondeau
Will,
Thanks for sharing that sound advice.
Andrew
Gosh, my blog is very vulnerable. I need to install these plugin on my WordPress. Thanks for sharing this.
.-= Walter´s last blog ..Criticism: the unwanted mentor =-.
Twitter: andrewrondeau
Walter
I really recommend it. A few minutes effort now can make all the difference. Of course, we can never be 100% secure.
Andrew
Hi Andrew,
Thanks for sharing these security related wordpress plugins. I have installed few of them right away.
Thanks
gedet
.-= gedet basumatary´s last blog ..Search IFSC code of Any Bank in India Easily =-.
Twitter: andrewrondeau
Gedet
You are welcome. I hope they help.
Andrew
You know, years ago, this post would have really sounded like a ridiculous Sci-Fi movie premise. Blogging and making money online has gained so much momentum that now Blog and website security is a serious issue. I’m glad you posted this because honestly, I had no clue where to even begin. Now I know there are some more measures I should take. Thanks.
.-= Kiesha @ The Affiliate Marketer’s Help Desk´s last blog ..10 tips to getting more retweets =-.
Twitter: andrewrondeau
Kiesha
You are welcome – I hope they make a difference.
Andrew
Twitter: thatgirlisfunny
Well, now I’m nervous. I will go in and have a look at which of these plug-ins to install. Excellent list, Andrew!
.-= Cheryl from thatgirlisfunny´s last blog ..Female UFC Fight Fans Are Hot! Actually, You Do Want to Date These Girls =-.
Twitter: andrewrondeau
Thanks, Cheryl. Be safe!
I’m totally new to the plugins that you listed here Andrew, am going to check out them 1 by 1.
For the username, try to use different username between login username and the name you used to displayed in the post, i.e. “By Andrew Rondeau”. I used to use the same username for both, but I’ve changed it few months ago.
WordPress keep upgrading wordpress version to prevent any spam or virus that may harm our blog, no doubt they really did a great job on that! I’ve yet to upgrade mine to the latest 2.9.1, going to upgrade soon.
Best Regards,
Lee
Twitter: andrewrondeau
Lee,
Good advice about the username – thanks for pointing that out.
Re: upgrade. Check your plugins still work and backup beforehand.
All the best,
Andrew
I think the basic stuff is the most important. Keep your installation up to date and specifically, watch out for security updates. Keep a password only you know (and not your host) and make it strong enough. Keep your computer clean of keyloggers.
.-= Anne Moss´s last blog ..Does Skype Owe You Money? They’re Willing to Pay =-.
Twitter: andrewrondeau
Anne
I agree the basic stuff is important but it is no longer secure enough. I’ve a few blogging friends who have been hacked recently and they only had the basic stuff in place. For a few minutes extra effort I would take more precautions.
Andrew
Well, security should always be on top of every ones list and must never be taken lightly. My blog was hacked some time ago and it was no joke, lost a lot of information and I was not happy at all.
Twitter: andrewrondeau
Totally agree, George.
It’s not nice when you are hacked!
Bit like backing up. A few years ago, I lost all the family photos and some work when my hard disk got corrupted. Now I backup at least once a week.
Andrew
[...] Best WordPress Plugins to improve the Security of your Blog – WeBuildYourBlog Security is always top priority. Why? Because hackers are now everywhere [...]
[...] learn to accept rejection: this is natural, everyone fails sometimes, even the best among us. 6) Best WordPress Plugins to improve the Security of your Blog – WeBuildYourBlog Security is always top priority. Why? Because hackers are now everywhere [...]
[...] Og fra We Build Your Blog kommer et bud på plugins, der kan forbedre din blogs sikkerhed. [...]
I’m using wp-dbmanager and show an error message, and then I updrage to 2.9.1 and hope the message still there
Twitter: andrewrondeau
Latief,
You still getting the error message? What is it?
Andrew
[...] income presents Best WordPress Plugins to improve the Security of your Blog posted at Blog income. saying, Security is always top priority.Why?Because hackers are now [...]
Thanks for your submission to the Seventy Sixth edition of the Blog Carnival: Blogging. Your post has been accepted and its live:
http://thatsblog.com/blog-carnival-blogging/blog-carnival-blogging-seventy-sixth-edition
-ThatsBlog.com
[...] more from the original source: Best WordPress Plugins to improve the Security of your Blog :: How to make blog and a blog income Tags: plugin, [...]
[...] Best WordPress Plugins to improve the Security of your Blog [...]
I kinda prefer Limit Log-in Attempts to Login Lockdown as the former sends out an email informing of any attempt to illegally access your dashboard
I use Wp Spam Free too and it’s the best thing that could happen to any blogger in terms of spam control.
Twitter: andrewrondeau
Udegbunam
Why would I want to see hundreds of emails telling me the person couldn’t get access?
Andrew
That’s an interesting angle I haven’t looked @ before. hundreds of email alerting me to the situation will only get me in serious panic mode
Good article, and just to add to this list is another plugin which I have found really useful (if you allow people to register on your site) is Stop Spammer Registrations Plugin – http://wordpress.org/extend/plugins/stop-spammer-registrations-plugin/
Basically, anytime someone tries to register on your site, the email is checked against the StopFourmSpam database. If a match is found they are denied registration access.
Twitter: andrewrondeau
James,
great share – thanks.
Andrew
Andrew recently posted..Tips For Outsourcing Properly And Successfully
Hackers love to break into innocent and new blogs and put their backlinks in them. Getting your wordpress site hacked can cause drastic drops in rankings. Every method possible to protect and secure your blog should be used to prevent it.