This is guest post by TOM
For years, WordPress has been known for its weak security. The security issues WordPress has had is a laundry list of hacks and exploits that malicious users can use to access personal information, post unauthorized content or simply wreck your site, none of which you want to suffer.
Simple things like changing your default password and changing your mySQL table prefixes are the preventative measures that most webmasters can do, but you shouldn’t stop there. Hackers can intercept data exchanges between your server and your computer and user’s computers to get passwords and other information. Your themes and plugins could be compromised, sending sensitive information to outside computers or even allowing hackers access to your server. Spam attacks, iFrame injections, mySQL injections, and a host of other security risks associated with WordPress can leave your blog open to disaster. Fortunately, a number of plugins are available that will automate these security tasks and make your blog less vulnerable to attack. Below, you will find 10 plugins that you can use to lockdown your WordPress blog. You can click the link to go to each plugin’s Web site to get more information about how the plugin works and how to install the plugin into your WordPress site.
1. Angsuman’s WordPress Guard Plugin This plugin protects your WordPress blog from brute force password attacks. Brute force is where a hacker will attempt possible password combinations until it finds one that works on your site. It also exploits that attack outdated plugins and software that can give hackers access to your blog.
2. Bot Block This plugin prevents automated registrations on your site. It blocks multiple users from signing up from the same IP address and also looks up user IP addresses on a blacklist. Any blacklisted IP addresses are not allowed to register.
3. AskApache Password Protect This plugin adds additional filesystem level password protection via .htaccess files, making it easy to set and change the password for WordPress directories on your server itself to prevent unauthorized attacks that can occur outside WordPress.
4. WP Blogsecurify WP Blogsecurify works in several ways to harden WordPress. First, it forces logins to occur via SSL, reducing the chance that passwords and user names can be intercepted. Second, it prevents the leakage of session identifiers so that they can’t suffer from hijack exploits. Finally, it conceals database error information, so that information can’t be used in an attack.
5. WP Security Scan This multipurpose plugin will hide your WordPress version so it doesn’t advertise what specific vulnerabilities apply to your installation. It also checks for permission and password issues that leave your blog at risk.
6. Login LockDown Login LockDown logs all unsuccessful attempts to log in to your blog and records the IP address and time of each attempt. It will lockout IP ranges associated with failed logins to discourage malicious attempts to access your site.
7. WP-SpamFree This plugin works in a similar manner to Akismet to identify comments that are spam so they are not displayed on your blog. Spam comments can include links to malicious Web sites, or malicious code that can execute on your blog. This is an effective tool that helps deal with the WordPress comment spam problem.
8. Admin-SSL Admin-SSL funnels all your administrative activity through SSL, locking it down so no information can be intercepted between your computer and your blog. This works for both dedicated SSL and shared SSL configurations.
9. Anonymous WordPress Plugin Updates Since WordPress transmits information useful to hackers as it looks for plugin updates, Anonymous WordPress Plugin Updates can be used to remove identifying information such as your WordPress version and the URL of your blog. By keeping your plugin updates anonymous, you can make it harder for people to attack your site using data from plugin Web sites.
10. Theme Authenticity Checker This plugin checks to see if a theme you’ve uploaded contains malicious code. Since so many free themes are out there, you never know if someone has embedded back door access that they can use to manipulate your site.
Tom is a designer and writer who works for a UK based specialist offering HP Deskjet cartridges, toner, paper and other print accessories. You can read more of his posts on their blog.
Popularity: 20% [?]
If you enjoyed this post, make sure you subscribe to my RSS feed!
{ 3 trackbacks }