• X

    Best WordPress Security Plugins To Protect WordPress Blog

    By in Wordpress plugin

    Bluehost hosting

    Best WordPress security plugins Best WordPress Security Plugins To Protect WordPress BlogWordPress is the most preferred blogging platform for many people. It has some of the excellent features like theme and plug-in which enhance the blogger’s experience. This article focuses on the popular security plugins that your WordPress blog website needs to have in order to prevent hacking or spamming activities and improve the security system.

    One way to protect your blog is by implementing security measures from day one, you can always use .htaccess method to hardened your security, but as we know WordPress is full of plugins and extending our top WordPress security plugins post, here I’m sharing some of the best WordPress security plugins, which will help you to make your blog more secure. As Harsh has discussed earlier, using too many plugins may hamper down your site performance, I recommend you to read the description and use only few of these plugins which you actually need. Though, some of the plugins listed below like Login lockdown and Akismet are one of those security plugins, which I highly recommend you to Install. Apart from these plugins, I recommend you to read following posts which will help you to harden your blog security further:

    Best WordPress Security plugins to live a hackfree life:

    As we say, prevention is better than cure, and same is with your WordPress blog security. WordPress is php and mysql based system and it’s vulnerable to hack attempt, so make sure you setup a proper backup system to take backup of your database and wp-content folder on regular basis. You can look into VaultPress now, which has become a mature premium backup solution and VaultPress team will further help you to maximize security by offering some expert advice’s.

    Login Lock:

    Add the Login Lock plug-in to get the advantage of strong password policies. The password policy settings allows you to define the length of the password, password strength and password re-usage. You can save your website when hacked by pushing the “panic button” which forces all your users to logout and resets their passwords to a random value requesting them via e-mail to change password before logging into your website. This plug-in helps you to track login attempts to your website and blocks IP addresses when there are multiple attempts to login and the login is failed. This plug-in records the IP address and the time of every attempt to login that gets failed. The login settings also allow you to configure a specific time for immediate logout of idle users with no activity. Download Login lock.

    Chap Secure Login:

    Chap secure login plug-in is an easy to use, zero-configuration plugin which is ready to use once activated. This plug-in uses the Chap protocol to encrypt the password while logging into your website and transmits the username unencrypted.
    The password is first concealed with a random number generated by the session and then transformed by the SHA-256 hash algorithm. On an insecure channel with no secure protocols use this plug-in to disallow showing your password. <Download Chap secure plugin>

    WP Security Scan:

    The WordPress security scan plug-in is a free plug-in so you can download and add it to your blog anytime. A web security service called the WebsiteDefender has taken over the plug-in and it does not require you to subscribe to this service. Using this plugin, you will able to monitor your blog for any admin password changes, hide the current version of WordPress you are using, scan your blog for all possible security attacks.

    The WP version is embedded and shown in the head section. This can be removed by using this plug-in. The plug-in provides security settings for database, password and file permissions. This plug-in allows securing your database to any other unusual prefix different from the default database table prefix “wp”. <Download Wp security plugin>

    Restricted Site Access:

    WordPress restricted site Best WordPress Security Plugins To Protect WordPress Blog

    If you intend to restrict access for users/ visitors on one part of your website then add this plug-in to your blog. For example, you can restrict one part of your website for parallel development or testing. Adding this plug-in will help you handle unwanted visitors to your blog or site as you can define the visibility settings for the same.

    Restricted site access implies that visitors who are not logged in to your or allowed by IP address will not able to browse your site. You can a re-direct them to a custom location or display a message, or send them to login page. You will also be able to add a range of imp addresses as well as yours to an unrestricted list. The re-direct location can be any path of your choice, choose to send the visitor to the same path and set the HTTP status code to facilitate a friendly search engine. <Download plugin>

    One-time password:

    The One-time password is RFC 2289 compliant that allows to you to use a single password per login to your website or blog. When you login with a password, it is valid for that particular session till you logout. Once you logout you will not able to use the same password again to login. Use this plug-in to protect your WordPress password, in internet cafes or in an unsecured environment. One-time password2.0 allows you to manage administrative actions with a one-time password. <Download OTP plugin>

    WP-DB-Backup:

    Use this plugin to take a backup of your database at regular intervals. You will able to configure the back-up settings and once the intervals are set, the plug-in automatically takes a backup of your database and sends it to your e-mail. You can back up the core WordPress database tables as well as custom tables created by plugins. If your blog is hacked, you can easily import the files and restore the database using the backup. <Download WP Db Backup>

    Though a better solution would be taking a complete wp-content backup and you can use service like Managewp and configure a backup system using Amazon S3 or dropbox.

    BulletProof Security:

    BulletProof security Best WordPress Security Plugins To Protect WordPress Blog

    BulletProof Security plug-in is the ultimate plug-in that uses .htaccess website security files to protect your root website folder and wp-admin folder and also provides additional website security protection. The different security modes are Root .htaccess security protection, wp-admin .htaccess security protection, Deny All .htaccess self protection, WordPress default .htaccess mode and .htaccess Maintenance Mode (503 Website under Maintenance).

    When you would like to work on your website, use the BPS maintenance mode and allow only yourself to access your WordPress Dashboard or add specific ip addresses which can also access your Dashboard in maintenance mode.
    In BulletProof Security Mode your WordPress website is protected against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking. <Download BP security plugin>

    Anti-Virus for WordPress:

    Similar to using an anti-virus program for your system, add the anti-virus plugin for your WordPress blog to protect it from virus attacks. This plug-in performs a virus check on your database tables and template files and displays alerts if found. You set the scan to check for any malware or virus daily and report be sent to your e-mail. <Download WordPress Antivirus plugin>

    Akismet:

    Akismet Best WordPress Security Plugins To Protect WordPress Blog

    Akismet fights against comment and trackback spam and keeps your blog secured through its Akismet web service. To use this plug-in, you need an API key which you can get from Akismet.com. A comment status history is where you can list of comments that were found as spam. If any comment has a missing link or a hidden link they will be highlighted and you will get more information from the spam and unspam reports. <Download Akismet>

    WordPress community has a plugin database of more than 18000 plugins ranging from security to adding widgets. Choose to add plugins that will keep your WordPress site a safe and secure free from virus and hackers. I hope you enjoyed reading my choice of best WordPress security plugins, and if you believe I missed something do let me know via comments.

    If you find this article useful, don’t forget to share it on Facebook and check ShoutMeLoud WordPress guide for more such articles.

    Subscribe to Download WordPress Guide Worth $99

    Discover more awesome articles

    Article by

    has written 1 articles.

    If you like This post, you can follow ShoutMeLoud on Twitter. Subscribe to Blogging tips via RSS or EMAIL to receive instant updates.

    { 10 comments… read them below or add one }

    Don

    Really useful article.

    I recommend the login lock, WPDB back and Akismet to everyone. They are the ones that I use to secure my blog

    Reply

    Sandip Bhagat

    I will give it a try. I just wanted to know while using wp-db backup should i use the default options or have to change anything there ?

    Reply

    Mahesh

    nice post caroline, currently I am using login lock plugin in my blog and i will definitely try other ones. thanks for the post.

    Reply

    Vivek Nath.R

    For spam comment protection, combination of Askimet and GASP is a better option.

    Reply

    Avneesh Sachdeva

    Recently one of my frieind’s blog got infected with a malware after a hack. I will definitely suggest this article to my friend and try them myself too. Thanks for the important information.

    Reply

    ProTechGeek

    I have been using Chap Secure Login and WP Security Plugin by websitedefender.

    Reply

    piyushgoyal1

    for spam protection akismit and gasp both are good

    Reply

    Albert

    Cool plugins,I’ll install BulletProof Security,WP-DB-Backup soon,Akismet is already included in my wordpress blog.

    Reply

    Gouri

    Great compilation here. I would like to add Captcha too to the list; it’s great for preventing login attempts by bots.

    Reply

    Mike

    This is the perfect list here. I’m definitely going to use these. In the past month 3 of my sites have been hacked and has really been getting on my nerves. Great article Caroline. I’m looking forward to hack free sites.

    Reply

    Leave a Comment

    Previous post:

    Next post:

    `