You can keep your blog secure by installing a number of WordPress security plugins. However, instead of activating too many plugins that have the same features, same purpose and even same function because of the conflicts between them, you should consider using only these top plugins that help you to do the best job.


Here is the list of Top WordPress Security Plugins that have all the features you need. If you are using some other plugins that are better, you can help me by writing about them in the comment box below.


Akismet is a wonderful plugin for spam protection. It checks your comments against the Akismet web service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen. The spam filter of this service is really cool.


AskApache Password Protect

With AskApache Password Protect, you can set password for your admin dashboard, also with any files folder in your web host without messing with your database. This plugin is specifically designed and regularly updated specifically to stop automated and unskilled attackers attempts to exploit vulnerabilities on your blog resulting in a hacked site.


Secure WordPress

It will help to secure WordPress installation by removing miscellaneous items after the installation process which may aid hackers: Remove Error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.


Admin Log

I’m using this plugin to keep tracking all foot prints of users logged in to the blog admin area. This is updated every time a page in the admin area is accessed. Information that is displayed includes: admin page accessed, user, and time of access.


Login Lockdown

Login Lockdown is a great security plugin to prevent some people guessing your password to login to your site. It records the IP address and timestamp of every failed login attempt. This helps to prevent brute force password discovery.


Limit Login Attempts 

These plugins are very useful for protecting WordPress login page if you combine them into a set of 3.

Limit Login Attempts will shut down anybody who fails X number of logins from a specific IP address (using auth cookies). It keeps tracking all failed IPs, emails you in the event of a lockout, and is the perfect solution for keeping nosy relatives out of your admin area.


User Locker

User Locker plugin is a great solution to limit the number of invalid logins for specific user. Once the plugin has been installed, it is set by default to lock the user’s account after 5 invalid login attempts. Furthermore, you can manually lock any user via plugin setting. This is a really helpful for some blog, magazine that have more than one user.



Ban users by IP, IP Range, host name, user agent and referrer url from visiting your WordPress’s blog. It will display a custom ban message when the banned IP, IP range, host name, user agent or referrer url tries to visit you blog. You can also exclude certain IPs from being banned. There will be statistics recorded on how many times they attempt to visit your blog. It allows wildcard matching too.



WP Security Scan

Nice plugin helps you to scan your WordPress installation for security vulnerabilities and suggests corrective actions: passwords, file permissions, database security, version hiding, WordPress admin protection/security.


WordPress Database Backup

WordPress database backup creates backups of your core WordPress tables as well as other tables of your choice in the same database. It’s very simple to use! If you need only the backup feature for your blog database, this is your best choice.



One of the most widely used and must have plugin for wordpress is WP-DBManager. It is a very popular plugin for database management. This plugin is not only perfect for doing automated backups, it can also do things like database optimization and the admin pages for it to allow you to do the occasional query from within WordPress! You can schedule to back up your database and mail it to your email account. You can also run mysql query in plugin setting page. With WP-DBManager, you won’t need any other plugin for your wordpress database; you can find all the needed features in this all in one plugin.


Admin SSL

Secure WordPress login and admin pages for that extra bit of security with Admin SSL. This plugin forces SSL on all pages where passwords can be entered so that all information transmitted are encrypted. However, you have to own a SSL certificate before you can do it. If you are not willing to shell out the extra money to buy a private SSL certificate, you can ask your Web host about Shared SSL. Most webhosting provide Shared SSL for all their clients and it is easy to configure.


Stealth Login

Stealth Login obfuscates your login page by allowing you to define a custom login page rather than the default wp-login.php. In the event that your password is leaked, the hacker will also have a hard time finding the correct login URL. A good use of this is to prevent any malicious bots from accessing your wp-login.php file and attempting to break in.


TAC (Theme Authenticity Checker)

TAC helps you to scan your themes for any unwanted or potentially dangerous code. This is a helpful plugin for you to check any theme you download from anywhere to make sure that the theme is safe for using.


WP Sentry

This is a simple plugin just for privacy reason. WP Sentry restricts access to the post for specific users, groups…and a little more granular access controls.


Categories: Article, Tutorials, Wordpress


Notice: the_author_description is deprecated since version 2.8.0! Use the_author_meta('description') instead. in /home/greetbpn/public_html/ on line 4329
He is a freelance graphic designer with more than 15 years of design experience, including both print and web design.

.. Write a Guest Post ..

One Response so far.

  1. joomlaserviceprovider says:

    Greetings.We are pleased to announce the release of wSecure. wSecure hides your WordPress admin URL with a special key so that only you can access. The problem with WordPress is that anyone can tell if your site is WordPress by simply typing in the default URL to the administration area (i.e. wSecure helps you hide the fact that your website is built with Worpdress from prying eyes.

    Check out wSecure in action here:

Copyright © 2019