WordPress

WordPress Plugin #1: Security

This isn’t a post about a ‘single’ plugin for WordPress that deals with security of your blog. Rather it is a generic title for the different levels and elements of security that you can, and should, apply to your blog to secure your content against hackers.

Note: In this series I’ll delve into some of the better plugins available for WordPress that I am already using, or about to start using. I’m aiming to highlight 30 of the better plugins.

If you have a blog that has an admin panel that you login to via the website (WordPress, Blogger, etc) then you ought to have thought long and hard about it’s security. And I’m talking longer and harder than whether replacing the ‘e’ in your password, that is based on your cats name, with a ’3′!

If you look through the (long) list of plugins that supposedly help with various aspects of securing your blog you’ll never get any work done, or actually get around to securing it. So, here is a list of ones I use, have used, should be using, or have been recommended.

Secure WordPress
This plugin removes error information on login page, adds index.html to plugin directory, removes the wp-version, except in admin area.

WP Security Scan
This plugin will scan your WordPress installation for security vulnerabilities and it will suggest some corrective actions.

Secure Files
This plugin allows you to upload and download files from outside of your web document root for security purposes. It can be used to can restrict file downloads to users that are logged in, or have a certain user level.

Askimet
Akismet is possibly the most important and useful plugin you will ever install. Akismet checks your comments against the Akismet web service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen.

Invisible Defender
This plugin protects registration, login and comment forms from spambots by adding two extra fields hidden by CSS.

Maximum Security for WordPress
This plugin guards against intrusion; tracks a plethora of events; blocks malicious content that could harm your readers and your search engine ranking; and includes a strong Web application firewall along with a full blown intrusion prevention system.

AskApache Password Protect
This plugin doesn’t control WordPress or mess with your database, instead it utilizes fast, tried-and-true built-in Security features to add multiple layers of security to your blog. This plugin is specifically designed and regularly updated specifically to stop automated and unskilled attackers attempts to exploit vulnerabilities on your blog resulting in a hacked site.

AntiVirus for WordPress
AntiVirus for WordPress is a smart and effective solution to protect your blog against exploits and spam injections, including; monitors possible platform vulnerabilities, virus injections, malicious links, etc. It can also send you email notifications and whitelisting.

One excellent website I came across deals with the things you should do to your WordPress blog post-install – “How to secure your WordPress blog: Repel attackers with these tips on creating a secure installation”. Read more on the TechRadar website: www.techradar.com

You might also want to look at the these other interesting links on what and how you can make your WordPress blog more secure;