This is guest post by TOM

For years, WordPress has been known for its weak security. The security issues WordPress has had is a laundry list of hacks and exploits that malicious users can use to access personal information, post unauthorized content or simply wreck your site, none of which you want to suffer.

Simple things like changing your default password and changing your mySQL table prefixes are the preventative measures that most webmasters can do, but you shouldn’t stop there. Hackers can intercept data exchanges between your server and your computer and user’s computers to get passwords and other information. Your themes and plugins could be compromised, sending sensitive information to outside computers or even allowing hackers access to your server. Spam attacks, iFrame injections, mySQL injections, and a host of other security risks associated with WordPress can leave your blog open to disaster. Fortunately, a number of plugins are available that will automate these security tasks and make your blog less vulnerable to attack. Below, you will find 10 plugins that you can use to lockdown your WordPress blog. You can click the link to go to each plugin’s Web site to get more information about how the plugin works and how to install the plugin into your WordPress site.

1. Angsuman’s WordPress Guard Plugin This plugin protects your WordPress blog from brute force password attacks. Brute force is where a hacker will attempt possible password combinations until it finds one that works on your site. It also exploits that attack outdated plugins and software that can give hackers access to your blog.

2. Bot Block This plugin prevents automated registrations on your site. It blocks multiple users from signing up from the same IP address and also looks up user IP addresses on a blacklist. Any blacklisted IP addresses are not allowed to register.

3. AskApache Password Protect This plugin adds additional filesystem level password protection via .htaccess files, making it easy to set and change the password for WordPress directories on your server itself to prevent unauthorized attacks that can occur outside WordPress.

4. WP Blogsecurify WP Blogsecurify works in several ways to harden WordPress. First, it forces logins to occur via SSL, reducing the chance that passwords and user names can be intercepted. Second, it prevents the leakage of session identifiers so that they can’t suffer from hijack exploits. Finally, it conceals database error information, so that information can’t be used in an attack.

5. WP Security Scan This multipurpose plugin will hide your WordPress version so it doesn’t advertise what specific vulnerabilities apply to your installation. It also checks for permission and password issues that leave your blog at risk.

6. Login LockDown Login LockDown logs all unsuccessful attempts to log in to your blog and records the IP address and time of each attempt. It will lockout IP ranges associated with failed logins to discourage malicious attempts to access your site.

7. WP-SpamFree This plugin works in a similar manner to Akismet to identify comments that are spam so they are not displayed on your blog. Spam comments can include links to malicious Web sites, or malicious code that can execute on your blog. This is an effective tool that helps deal with the WordPress comment spam problem.

8. Admin-SSL Admin-SSL funnels all your administrative activity through SSL, locking it down so no information can be intercepted between your computer and your blog. This works for both dedicated SSL and shared SSL configurations.

9. Anonymous WordPress Plugin Updates Since WordPress transmits information useful to hackers as it looks for plugin updates, Anonymous WordPress Plugin Updates can be used to remove identifying information such as your WordPress version and the URL of your blog. By keeping your plugin updates anonymous, you can make it harder for people to attack your site using data from plugin Web sites.

10. Theme Authenticity Checker This plugin checks to see if a theme you’ve uploaded contains malicious code. Since so many free themes are out there, you never know if someone has embedded back door access that they can use to manipulate your site.

Tom is a designer and writer who works for a UK based specialist offering HP Deskjet cartridges, toner, paper and other print accessories. You can read more of his posts on their blog.

I must feel regret not be regular updating my site. I was busy due to my commitments and some other issues. Now a day’s my schedule is too tight so not be able to write regular, on top of that my all sites get Virus attack so me and Dhaval (my younger Bro – Who is PHP techy ) was very busy to control the situations. Now all fine and I learn a lesson that How we can secure our Blog / wordpress Site.

Today I want to share my personal experience about how to secure your blog from Hacking, Virus Attack and from unauthorised access.

After attack on my site, I had visited many sites which talk about WordPress Security. The conclusion as well as common things are as follows.

• Keep latest version of WordPress and keep it updated time to time. You must keep visiting WordPress official blog or subscribe for it. This will help to get an updation about WordPress. Don’t waste time to update the WordPress patch if it “Security Patch”
• You must change default password which is generated by WordPress and Password should not be easy to remember. Password should be combination of Special Character, Numeric and alphabets.
• You should block Search Engine to crawl your WordPress related folders. Now don’t think much how to do this just add following line to your robots.txt

Disallow: /wp-*

• Did you ever realised that people can check which plugin you are using. Got shocked ? check just yoursite.com/wp-content/plugins/ If your hosting provider is good service then you will get an error else you will get shocked. Now what to do ? Confused ? Don’t worry guys. Say thanks to Matt Cutts he has shared brilliant idea. Just make one blank file named “Index.html” and put it at same folder. Now any one visit this folder they just get blank page or Install plugin named “Secure WordPress”
  

  Secure-WordPress-Plugin

• You must remove WordPress version information line from Meta : That line is look like following string (

If you had installed “Secure WordPress” plugin then you need not to worry too much this plugin will do the same. )

<meta content=”WordPress <?php bloginfo(‘version’); ?>” />

• Now you must lock your Login Page to make sure no one unauthorised person will login into system. Need not to worry you can check this plugin : Login LockDown . This will block your login page if any one try to hack for certain bad attempt.
  

  Login LockDown WordPress Security Plugin

• Now finally you want to implement multiple level of security then you must look at AskApache Password Protect “This plugin doesn’t control WordPress or mess with your database, instead it utilizes fast, tried-and-true built-in Security features to add multiple layers of security to your blog. This plugin is specifically designed and regularly updated specifically to stop automated and unskilled attackers attempts to exploit vulnerabilities on your blog resulting in a hacked site. ”   (This will work if you are using Apache Server)

This will provide your blog to more security and more reliability so that you can focus more on your work and feel protected.

Check Official Update from WordPress Blog : How to Keep WordPress Secure