5 Essential Wordpress Plugins for Enhanced Security

As far as I am concerned, Wordpress is the best blogging platform as well as the most extend-able and customizable CMS out there. If I am preparing for a new project, the first question I ask is, “Can this site be effectively powered by Wordpress?” My guess is that 9 times out of 10 that it will be. There are very few clients out there who have a website in mind that is so ridiculously large and complicated that Wordpress can’t handle (such as a department store, and they will have their own teams anyway). Besides the fact that Wordpress is exceptionally powerful, it is exceptionally popular.

This is where it gets a little sticky. Since Wordpress is so popular and has such a large user-base, it is therefore all the most likely to be exploited by hackers and malicious users. In all honesty, there is no perfectly secure anything on the web or on computers, but it gets close. This being said, Wordpress is somewhat susceptible to attack. There are many things you can do to enhance the security of your Wordpress installation and plugins are one of the more helpful ones. (I will come back and post more about other things you can do to protect Wordpress without plugins.

1. WP Security Scan

I love this one. There are several features that will give you a good idea of how secure your Wordpress installation really is. It does not have means of changing many issues from the Dashboard, however, but if you are savvy enough to have your own Wordpress installation, you should be savy enough to fix the issues it will alert you to.

2. Login Lockdown

This plugin will give you some extra security on login. Should there be someone trying to crack into your Administrator’s account using brute force attacks or simply guessing at your password, Wordpress alone will not prevent them from doing this indefinitely until your password is cracked. This plugin will limit the number of login attempts that can be made and will prevent login attempts after a certain number of login failures. It will also log any failures and lockouts that occur in your database.

3. AntiVirus

This is a really neat plugin. Here is the WP Antivirus’ description of their own plugin: “Viruses, worms and malware exist for WordPress and could easily attack your WordPress installation. AntiVirus for WordPress monitors malicious injections and warns you of any possible attacks”.

4. Wordpress Firewall

It intelligently whitelists and blacklists pathological-looking phrases based on which field they appear within in a page request (unknown/numeric parameters vs. known post bodies, comment bodies, etc.). Its purpose is not to replace prompt and responsible upgrading, but rather to mitigate 0-day attacks and let bloggers sleep better at night.

5. Wordpress Exploit Scanner

This one is absolutely fantastic! If there ever is a hacker that gets into your site to add or take malicious content, it is almost inevitable that they will leave some code behind. This plugin can scan just about, if not everything in your Wordpress installation for hacker trails. It even comes with an MD5 hash of itself to compare with what it should be in the Wordpress.org plugin repo.