Best WordPress Plugins to improve the Security of your Blog

blog securitySecurity is always top priority.


Because hackers are now everywhere and it pays to be cautious as well as protected and prepared.

I am reading in forums about so many people where their sites are being hacked, so don’t wait till your site is hacked but start protecting your site right now.

Here are some of the best WordPress Security Plugins and tips that can help you in securing your own personal space, which is your site. You would not want anyone destroying it, right?

1. Secure WordPress.

This is a very useful plugin because it does a lot for your wordpress blog. It removes error-information on login-page, hides your wp-version in backend-dashboard and much more.

Download Link:

2. WP Security Scan
This plugin will scan your entire WordPress installation and will suggest improvements regarding security vulnerabilities like passwords, database security, file permissions, admin security.

Download Link:

3. Login Lockdown

It takes note of the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Administrators can release locked out IP ranges manually from the panel.

Download Link:

4. AskApache Password Protect

From the name itself, it is a plug-in that protects your wordpress blog password. It protects everything from your wp-admin directory to your wp-content, plug-in and much more. You can always edit it right from your own WordPress Admin Panel.

Download Link:

5. WP-DBManager

This is one of the plugin that is most widely used to optimize database, repair database, backup database, restore database, delete backup database, drop/empty tables and run selected queries. WP-DBManager also supports automatic scheduling of backing up and optimizing of database.

Download Link:

6. WP-SpamFree
An extremely powerful anti-spam plugin for WordPress that eliminates comment spam, including trackback and pingback spam. It works invisibly without CAPTCHA’s, or other inconvenience to site visitors. The plugin includes spam-free contact form feature as well. Finally, you can enjoy a spam-free WordPress blog!
I recently installed this plugin and I hardly get any spam nowadays

Download Link:

7. Angsuman’s WordPress Guard Plugin

Angsuman’s WordPress Guard Plugin is a WordPress security plugin that protects the vulnerable areas of your blog from outside access with an additional layer of security.

Download Link:

8. Password

Make sure you create a password that is made up of lowercase, UPPERCASE and symbols.  If you have kept the password that was generated for you when you installed WordPress, CHANGE IT NOW. There have been many cases where hackers have gained access to sites via the passwords which are generated by the hosting company.

9. Username

Change your Administrator username from “Admin” to something else. Most hackers realize that for 99% of blogs, the username is ‘admin’. Make it harder for them and change it.

10. WordPress Versions

Keep your WordPress version up to date. Especially when WordPress issue a minor upgrade from within a version. For instance, if you are on version 2.8.4 always upgrade to WordPress 2.8.5 and 2.8.6.

When WordPress 2.9 came out recently, I didn’t upgrade as it was a major upgrade i.e. 2.8 to 2.9.  I always wait until WordPress issue the minor upgrade i.e. 2.9.1 to the major upgrade. There could be security and other problems within the major version. I am now on version 2.9.1.

Remember to backup your blog before upgrading.

11. Plugin Versions

Keep your plugins up to date. Often plugins are updated due to security reasons. But before you upgrade, ensure the latest version is compatible with the version of WordPress you are using?

It is very important to keep your blog secure. Thirty minutes work now can stop you having to experience many hours of frustration of recovering from a hacked blog.

What experiences have you had with these plugins and are there other security tips you’d recommend. Share your views in the comments below.


, , , , , , ,

42 Responses to Best WordPress Plugins to improve the Security of your Blog

  1. KatieJones January 18, 2010 at 2:40 am #

    I never thought about hackers getting into my blogs until I saw your site. I also wasn’t aware that most people used admin. for a user name. I am going go back in and secure my blogs a little more effectively now.

    • Andrew Rondeau January 18, 2010 at 9:23 am #


      Thanks for dropping by. I would certainly make your site as secure as possible. It’s certainly worth the effort.


  2. Chris Peterson January 18, 2010 at 11:59 am #

    I‘ve faced such type of problem in one of my e commerce site. Every month I was facing hacking problem. But first time I am hearing that hackers are hacking blog.

    Anyway thanks for alert, I will try to protect my blog.

    • Andrew Rondeau January 19, 2010 at 8:17 am #

      You are welcome, Chris. It’s certainly worth adding some security.


  3. McLaughlin January 18, 2010 at 3:04 pm #

    Hackers take great joy in bypassing passwords, I’ve done it myself.

    – Your job is to make passwords unpredictable.

    It is wrong to tell people that passwords can be broken without explaining the proper way to choose one that will be more difficult to break.

    – Given enough time every password can be broken.

    You should choose a password that is seven or more characters long. Don’t use a word that is found in a dictionary – a program can be written to check every word in a dictionary.

    Once you use a password that you consider good, don’t use a sequence of that password (Tolkien1, Tolkien2, Tolkien3)

    Try making up an acronym – JDwfLTismf (“Jack Daniels whiskey from Lynchburg, Tennessee is my favorite”). Unless you know me well enough to know that I like Jack there would be no reason to consider that phrase. If you did know my like for Jack there is still no reason to consider this as a possible password.

    Try and misspell a word using one or more special characters in the center of the word, like Disné#Land.

    Since many passwords are case sensitive, use upper and lower case.

    When it comes time to change passwords, I take the local newspaper and choose a word. The word for today is Doonesbury, which I modify to be D00n3sb_r. Or take the word lightbulb and spell it 1igh+b_1B. It is actually very simple, once you get the hang of it.

    Take the word “automated” and on a US keyboard type one character to the right “siyp,syrf” and doing this means that you can use your family name if you want to.

    For sites that do not have any money related information I use one password. I take an unnatural word combination, like an adverb and a noun (an adverb, broadly defined, is a word which modifies any word other than a nouns), combine them the make a word that does not exist in the dictionary. SlowlyTruck is a combined word that does not appear when searched on the internet. Slightly change the spelling and you really have a wonderful password – how about Sl0w1yTruck

    I only use one password for sites like blogs. For sites that have money related things I use the ideas referenced above, but since I have a good memory I really screw the text up. I have also taken a text file and just typed a dozen or so characters, and whatever came out was a password.

    Change your password at work every two months and personal passwords as often as you feel necessary.

    Change your password now. Don’t wait for the prompt.

    • Andrew Rondeau January 19, 2010 at 8:19 am #


      Thanks for taking the time out to write such great advice and sharing your tips/ideas. I’m sure many of us will benefit.


  4. Dennis Edell January 18, 2010 at 4:20 pm #

    I’ve often wondered if writing these posts was a good idea. What better target for a smart-ass hacker? 😉

    Thanks man, good plugins. 🙂
    .-= Dennis Edell´s last blog ..Blog Move Is Immanent! I’m Looking For Launch Partners… =-.

    • Andrew Rondeau January 19, 2010 at 8:20 am #

      That thought went through my head as well, Dennis, as I was pressing the ‘publish’ button. If you don’t hear from me for a few days, you know why – I’ve been hacked!


  5. David Rogers January 18, 2010 at 6:20 pm #

    Andrew – thanks this is a very useful guide and one I will make use of. Other things I have read about security go into technical stuff that’s beyond me. What I do for passwords is have a file on a flash drive that I keep passwords on (the file itself has a bland name and non of the passwords are identified as such of course) – all totally random characters. I copy and paste them as required. This stops any hacker reading you keystrokes. I think it was Kevin Riley who recommended this. It can be a pain having to plug in the flash drive, but it “feels” more secure!
    .-= David Rogers´s last blog ..Build Self Confidence Fast =-.

    • Andrew Rondeau January 19, 2010 at 8:21 am #


      We all have different ways and what works for some do not work for others. You’ve found a method that works for you!

      I hope the plugins help.


  6. will January 18, 2010 at 7:47 pm #

    The first plugin on your list “Secure WordPress” makes a fair number of back-end security upgrades to your wordpress blog, particularly if you’re granting access to multiple users. Even if the Secure WordPress plugin is a bit more than a single-user wordpress blogger might want, I’d recommend creating a blank “index.php” in the plugin-directory, which the plugin would do for you. Having this file in the plugin directory, keeps people from being able to determine which plugins you’re running on your blog.
    .-= will@laser hair removal´s last blog ..Speculating about Tiger Woods’s Groomed Chest: Chest Hair Removal for Men =-.

    • Andrew Rondeau January 19, 2010 at 8:22 am #


      Thanks for sharing that sound advice.


  7. Walter January 19, 2010 at 2:16 pm #

    Gosh, my blog is very vulnerable. I need to install these plugin on my WordPress. Thanks for sharing this. 🙂
    .-= Walter´s last blog ..Criticism: the unwanted mentor =-.

    • Andrew Rondeau January 20, 2010 at 2:45 pm #


      I really recommend it. A few minutes effort now can make all the difference. Of course, we can never be 100% secure.


  8. gedet basumatary January 19, 2010 at 6:07 pm #

    Hi Andrew,

    Thanks for sharing these security related wordpress plugins. I have installed few of them right away.

    .-= gedet basumatary´s last blog ..Search IFSC code of Any Bank in India Easily =-.

    • Andrew Rondeau January 20, 2010 at 2:45 pm #


      You are welcome. I hope they help.


  9. Kiesha January 19, 2010 at 6:58 pm #

    You know, years ago, this post would have really sounded like a ridiculous Sci-Fi movie premise. Blogging and making money online has gained so much momentum that now Blog and website security is a serious issue. I’m glad you posted this because honestly, I had no clue where to even begin. Now I know there are some more measures I should take. Thanks.
    .-= Kiesha @ The Affiliate Marketer’s Help Desk´s last blog ..10 tips to getting more retweets =-.

    • Andrew Rondeau January 20, 2010 at 2:47 pm #


      You are welcome – I hope they make a difference.


  10. Cheryl from thatgirlisfunny January 19, 2010 at 7:14 pm #

    Well, now I’m nervous. I will go in and have a look at which of these plug-ins to install. Excellent list, Andrew!
    .-= Cheryl from thatgirlisfunny´s last blog ..Female UFC Fight Fans Are Hot! Actually, You Do Want to Date These Girls =-.

  11. Lee Ka Hoong January 20, 2010 at 1:45 am #

    I’m totally new to the plugins that you listed here Andrew, am going to check out them 1 by 1.

    For the username, try to use different username between login username and the name you used to displayed in the post, i.e. “By Andrew Rondeau”. I used to use the same username for both, but I’ve changed it few months ago.

    WordPress keep upgrading wordpress version to prevent any spam or virus that may harm our blog, no doubt they really did a great job on that! I’ve yet to upgrade mine to the latest 2.9.1, going to upgrade soon.

    Best Regards,

    • Andrew Rondeau January 20, 2010 at 2:48 pm #


      Good advice about the username – thanks for pointing that out.

      Re: upgrade. Check your plugins still work and backup beforehand.

      All the best,


  12. Anne Moss January 20, 2010 at 12:44 pm #

    I think the basic stuff is the most important. Keep your installation up to date and specifically, watch out for security updates. Keep a password only you know (and not your host) and make it strong enough. Keep your computer clean of keyloggers.
    .-= Anne Moss´s last blog ..Does Skype Owe You Money? They’re Willing to Pay =-.

    • Andrew Rondeau January 20, 2010 at 2:51 pm #


      I agree the basic stuff is important but it is no longer secure enough. I’ve a few blogging friends who have been hacked recently and they only had the basic stuff in place. For a few minutes extra effort I would take more precautions.


  13. George Serradinho January 21, 2010 at 9:49 am #

    Well, security should always be on top of every ones list and must never be taken lightly. My blog was hacked some time ago and it was no joke, lost a lot of information and I was not happy at all.

    • Andrew Rondeau January 22, 2010 at 10:20 am #

      Totally agree, George.

      It’s not nice when you are hacked!

      Bit like backing up. A few years ago, I lost all the family photos and some work when my hard disk got corrupted. Now I backup at least once a week.


  14. Latief January 25, 2010 at 4:06 pm #

    I’m using wp-dbmanager and show an error message, and then I updrage to 2.9.1 and hope the message still there

    • Andrew Rondeau January 26, 2010 at 8:05 am #


      You still getting the error message? What is it?


  15. February 1, 2010 at 6:36 pm #

    Thanks for your submission to the Seventy Sixth edition of the Blog Carnival: Blogging. Your post has been accepted and its live:

  16. Udegbunam Chukwudi February 26, 2010 at 7:58 pm #

    I kinda prefer Limit Log-in Attempts to Login Lockdown as the former sends out an email informing of any attempt to illegally access your dashboard 😉
    I use Wp Spam Free too and it’s the best thing that could happen to any blogger in terms of spam control.

    • Andrew Rondeau February 27, 2010 at 8:09 am #


      Why would I want to see hundreds of emails telling me the person couldn’t get access?


      • Udegbunam Chukwudi February 27, 2010 at 4:55 pm #

        That’s an interesting angle I haven’t looked @ before. hundreds of email alerting me to the situation will only get me in serious panic mode 😉

  17. James September 1, 2010 at 3:26 pm #

    Good article, and just to add to this list is another plugin which I have found really useful (if you allow people to register on your site) is Stop Spammer Registrations Plugin –

    Basically, anytime someone tries to register on your site, the email is checked against the StopFourmSpam database. If a match is found they are denied registration access.

    • Andrew September 5, 2010 at 10:54 am #


      great share – thanks.


  18. Robert Doebler August 16, 2011 at 9:04 am #

    Hackers love to break into innocent and new blogs and put their backlinks in them. Getting your wordpress site hacked can cause drastic drops in rankings. Every method possible to protect and secure your blog should be used to prevent it.


  1. 10 Blog Tips To Teach You How To Blog - January 24, 2010

    […] Best WordPress Plugins to improve the Security of your Blog – WeBuildYourBlog Security is always top priority. Why? Because hackers are now everywhere […]

  2. Sunday Killer Link Love Post #9 - - January 24, 2010

    […] learn to accept rejection: this is natural, everyone fails sometimes, even the best among us. 6) Best WordPress Plugins to improve the Security of your Blog – WeBuildYourBlog Security is always top priority. Why? Because hackers are now everywhere […]

  3. Gode ting fra mine Twitter-kontakter - January 24, 2010

    […] Og fra We Build Your Blog kommer et bud på plugins, der kan forbedre din blogs sikkerhed. […]

  4. Blog Carnival: Blogging: Seventy Sixth Edition Blog Carnival- Blogging - February 1, 2010

    […] income presents Best WordPress Plugins to improve the Security of your Blog posted at Blog income. saying, Security is always top priority.Why?Because hackers are now […]

  5. » Blog Archive » Best Wordpress Plugins to improve the Security of your Blog :: How to make blog and a blog income - February 19, 2010

    […] more from the original source: Best WordPress Plugins to improve the Security of your Blog :: How to make blog and a blog income Tags: plugin, […]

  6. Top SEO & Speed Wordpress Plugins To Boost Off 2010 - February 21, 2010

    […] Best WordPress Plugins to improve the Security of your Blog […]

  7. 101 Things I Learned While Building This Blog - March 15, 2016

    […] Secure your site […]

Leave a Reply

Please note: Here at, we welcome your comments...supportive, critical or otherwise. However, we censor and delete all comments if they contain the following: Off-topic statements, links to sales pages or services, abusive content, vulgarity, personal attacks, spam or simply saying 'nice post...keep it up!'. Those who violate this policy will be blocked from commenting.