Those in the WordPress world understand that security is a key concern of any online application, and that includes with WordPress. After all, the majority of updates released by the WordPress team involve hardening – or securing – the WordPress platform against continuous ingenious attacks and vulnerabilities that are discovered.
No site is ever safe from being hacked, like in the real world, if someone really wants to break in they can, it’s just a matter of making yourself a much harder target so it’s not worthwhile.
You should check out the following ten plugins to harden WordPress to defend your blog.
- Login Lockdown: when someone attempts to access restricted areas of your blog by logging in, Login Lockdown records the attempt and its associated IP address. If multiple failed login attempts are detected that come from a group of similar addresses, Login Lockdown will deny further attempts from those addresses. This is an important tool that can protect your blog from dreaded brute force password attacks.
- WordPress File Monitor: check the files that run WordPress for anything that has been changed, deleted, or added. When an event has been detected, the plugin sends an email alert to a user-defined address. This plugin can be vital to bloggers defending themselves against SQL injection.
- Bot Block: harden your WordPress installation by preventing multiple registrations from the same IP address. It also compares new registrations with blacklisted IP addresses to make sure no known troublemakers are signing up. This is an effective tool in the fight against automated WordPress user registrations.
Even better, if there is no reason for you to allow user registrations, prevent this by going to Settings > General and under Membership unchecking the box that says “Anyone can register”.
- Admin Renamer Extended: everyone knows what the default administrative user name for WordPress is. That give hackers half the information they need to access your site. This plugin will change your administrator user names including the default admin and any other admin logins that have been created. It checks the validity of user names, user names that are unfilled, and for user names that already are present in the system. Keep attackers off guard by making them have to guess your admin usernames.
- HTTPS for WordPress: a plugin that forces users to login over secure connections. By sending authentication information over SSL, login information is encrypted between a user’s browser and the Web host. This eliminates the risk of interception associated with unsecured logins. This is an essential tool that will help prevent login credentials for your site from being compromised, however can be difficult to configure and is not always compatible with your web server or the latest version of WordPress, so be careful!
- WordPress Security Scan: finds vulnerable areas of your blog and recommends specific actions to take to harden it. Because there is so much involved in security, this is a great tool to help make sure you don’t miss anything.
- AskApache Password Protect: protects important folders like wp-admin, wp-include, and wp-content, guarding against automated and manual attacks against your WordPress blog.
- WordPress Exploit Scanner: this plugin will look through all the code in your posts, comments, and plugins looking for something suspicious. Often attacks on WordPress enter through these three paths, so take the time to guard against exploits by installing this plugin. Don’t worry about the plugin making any mistakes either because it relies on the blogger to take any necessary action.
- The WP-Scanner: scans for weaknesses within your WordPress installation, checks to make sure you have changed your table prefixes (you did, didn’t you?) and a variety of other important steps that need to be taken to harden your blog.
- Stealth Login: create unique URLs that are used when logging in and out of your blog. This plugin can also be used to keep registered users from logging in using the wp-login.php file. By making it difficult for attackers to find your login page, you have just made your blog more secure.
Finally you may want to check your wp-config.php file has file permissions of 644 and not higher – this has been the cause of the latest “security scare”.
This was a guest post by Tom Walker who is the lead editor of the CreativeCloud blog, which he runs on behalf of a leading supplier of franking machine ink based in the UK. Old school print ads, book art and modern print design are among the topics he most enjoys writing about.
If you’d like to write a guest post for Blog Tech Guy, get in touch here.
13 thoughts on “10 Plugins To Harden WordPress”
A wide range of Australian made UGG Boots and sheepskin leather products. Supra Shoes on hot sale now,we carry a large inventory from Supra Footwear, Including Supra Shoes,Supra Skytop And Supra Avenger,Supra Bandit,Supra Bullet.Huge Range, all with Fast, Free Delivery.
Bryant, the gap in the purchase price of shoes in kobeshoes.cc! Zoom discounts and cheap to buy the lowest price every day Kobe Shoes.Huge Puma Trainers Range at LQshoes Massive Sale Now On. Free Delivery to UK USA Canada… Buy Cheap Puma Shoes at Puma Shoes Online Store Now!Wholesale Authentic NFL Jerseys,Contain mens,womens and youths Cheap NFL Jerseys,Welcome to buy.Inc sell cheap Sunglasses,is a Oakley Sunglasses reseller store, Oakley NFL eyeglasses are sold as a cheap price.!NFL Cap.
Thanks for sharing this information.
I use some of them, but will add more. To make sure I can sleep at night. 🙂
hey! those are really interesting plugins…i will adds those today
hey! those are really interesting plugins…i will adds those today
Thanks, good stuff but very complicated for the average user of WordPress.
Check out my step-by-step guide for hardening WordPress 2.9.2
Good article ! I like it
I hope the information does help. It's not perfect of course but will help your site be a more difficult, and not worthwhile, target hopefully.
Thanks for the information my blog was recently hacked and had to be removed, was desperately looking for a solution to keep it from happening again. The information that you have provided will help.
Thanks for sharing, Tom. I do like the sound of the WordPress File Monitor.
Very true Terry, it's always good to be prepared!
Thanks for this information – my blog has been “hacked” before – luckily it was an easy fix at the time. Getting into a forbidden space seems to intrigue too many out there. Taking the precautions you outline will prevent headaches for many.