You can keep your blog secure by installing a number of WordPress security plugins. However, instead of activating too many plugins that have the same features, same purpose and even same function because of the conflicts between them, you should consider using only these top plugins that help you to do the best job.
Here is the list of Top WordPress Security Plugins that have all the features you need. If you are using some other plugins that are better, you can help me by writing about them in the comment box below.
Akismet is a wonderful plugin for spam protection. It checks your comments against the Akismet web service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen. The spam filter of this service is really cool.
With AskApache Password Protect, you can set password for your admin dashboard, also with any files folder in your web host without messing with your database. This plugin is specifically designed and regularly updated specifically to stop automated and unskilled attackers attempts to exploit vulnerabilities on your blog resulting in a hacked site.
It will help to secure WordPress installation by removing miscellaneous items after the installation process which may aid hackers: Remove Error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.
I’m using this plugin to keep tracking all foot prints of users logged in to the blog admin area. This is updated every time a page in the admin area is accessed. Information that is displayed includes: admin page accessed, user, and time of access.
Login Lockdown is a great security plugin to prevent some people guessing your password to login to your site. It records the IP address and timestamp of every failed login attempt. This helps to prevent brute force password discovery.
These plugins are very useful for protecting WordPress login page if you combine them into a set of 3.
Limit Login Attempts will shut down anybody who fails X number of logins from a specific IP address (using auth cookies). It keeps tracking all failed IPs, emails you in the event of a lockout, and is the perfect solution for keeping nosy relatives out of your admin area.
User Locker plugin is a great solution to limit the number of invalid logins for specific user. Once the plugin has been installed, it is set by default to lock the user’s account after 5 invalid login attempts. Furthermore, you can manually lock any user via plugin setting. This is a really helpful for some blog, magazine that have more than one user.
Ban users by IP, IP Range, host name, user agent and referrer url from visiting your WordPress’s blog. It will display a custom ban message when the banned IP, IP range, host name, user agent or referrer url tries to visit you blog. You can also exclude certain IPs from being banned. There will be statistics recorded on how many times they attempt to visit your blog. It allows wildcard matching too.
Nice plugin helps you to scan your WordPress installation for security vulnerabilities and suggests corrective actions: passwords, file permissions, database security, version hiding, WordPress admin protection/security.
WordPress database backup creates backups of your core WordPress tables as well as other tables of your choice in the same database. It’s very simple to use! If you need only the backup feature for your blog database, this is your best choice.
One of the most widely used and must have plugin for wordpress is WP-DBManager. It is a very popular plugin for database management. This plugin is not only perfect for doing automated backups, it can also do things like database optimization and the admin pages for it to allow you to do the occasional query from within WordPress! You can schedule to back up your database and mail it to your email account. You can also run mysql query in plugin setting page. With WP-DBManager, you won’t need any other plugin for your wordpress database; you can find all the needed features in this all in one plugin.
Secure WordPress login and admin pages for that extra bit of security with Admin SSL. This plugin forces SSL on all pages where passwords can be entered so that all information transmitted are encrypted. However, you have to own a SSL certificate before you can do it. If you are not willing to shell out the extra money to buy a private SSL certificate, you can ask your Web host about Shared SSL. Most webhosting provide Shared SSL for all their clients and it is easy to configure.
Stealth Login obfuscates your login page by allowing you to define a custom login page rather than the default wp-login.php. In the event that your password is leaked, the hacker will also have a hard time finding the correct login URL. A good use of this is to prevent any malicious bots from accessing your wp-login.php file and attempting to break in.
TAC helps you to scan your themes for any unwanted or potentially dangerous code. This is a helpful plugin for you to check any theme you download from anywhere to make sure that the theme is safe for using.
This is a simple plugin just for privacy reason. WP Sentry restricts access to the post for specific users, groups…and a little more granular access controls.