Lots of bloggers and website administrators fail to recognize the importance of securing their site. I couldn’t imagine running a site that brought in some decent money a month and not taking a few minutes to secure it. From attacks like the hidden iFrame injection (Trojan virus) or even someone hacking the password and attempting to blackmail you, the work needed to fix these problems is much greater than the effort it takes to make sure it doesn’t happen to you.
Google takes it very seriously if your site is spreading malware content (which you will more than likely have no clue your site is even doing it) and will post an advisory to such sites in the search engine results. Visitors will see the message “This site may harm your computer” when trying to access your website/blog and by that time the damage is done. The cascading effect on the search engine rankings, resulting in low traffic and money. Advertisers may not show interest on your website.
TAC (Theme Authenticity Checker)
TAC stands for
Theme Authenticity Checker. Currently, TAC searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code. As of v1.3 TAC also searches for and displays static links.
Download : http://wordpress.org/extend/plugins/tac/
Akismet
Akismet checks your comments against the Akismet web service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen.
Download : http://wordpress.org/extend/plugins/akismet/
Chap Secure Login
Whenever you try to login into your website, you can use this plugin to trasmit your password encrypted. The encryption process is done by the Chap protocol; this is particularly useful when you can’t use ssl or other kinds of secure protocols. By activating the ChapSecureLogin plugin, the only information transmitted unencrypted is the username; password is hided with a random number (nonce) generated by the session – and opportunely transformed by the md5 algorithm.
Download : http://wordpress.org/extend/plugins/chap-secure-login/
Invisible Defender
This plugin protects registration, login and comment forms from spambots by adding two extra fields hidden by CSS. This approach gave me 100% anti-spam protection on one of my sites.
Download : http://wordpress.org/extend/plugins/invisible-defender/
NoSpamNX
NoSpamNX automaticly adds additional formfields to your comment form, invisible to the users. If a spambot fills these fields blindly (which 99.9% of all spambots do), the comment will not be saved. You can decide if you want to block these spambots, mark them as spam or put them in moderation queue. Furthermore, you can put common spam-phrases on a blacklist.
Download : http://wordpress.org/extend/plugins/nospamnx/
Secure WordPress
Little help to secure your WordPress installation: Remove Error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.
Download : http://wordpress.org/extend/plugins/secure-wordpress/
Semisecure Login Reimagined
Semisecure Login Reimagined increases the security of the login process using an RSA public-key to encrypt the password on the client-side when a user logs in. The server side then decrypts the encrypted password with the private key. JavaScript is required to enable encryption. It is most useful for situations where SSL is not available, but the administrator wishes to have some additional security measures in place without sacrificing convenience.
Download : http://wordpress.org/extend/plugins/semisecure-login-reimagined/
Stealth Login
This plugin allows you to create custom URLs for logging in, logging out, administration and registering for your WordPress blog. Instead of advertising your login url on your , you can create a url of your choice that can be easier to remember than wp-login.php, for example you could set your login url to http://www.myblog.com/login for an easy way to login to your website.
Download : http://wordpress.org/extend/plugins/stealth-login/
WordPress Database Backup
WordPress database backup creates backups of your core WordPress tables as well as other tables of your choice in the same database.
Download : http://wordpress.org/extend/plugins/wp-db-backup/
WordPress File Monitor
Monitors your WordPress installation for added/deleted/changed files. When a change is detected an email alert can be sent to a specified address.
Download : http://wordpress.org/extend/plugins/wordpress-file-monitor/
WordPress Firewall Plugin
This WordPress plugin investigates web requests with simple WordPress-specific heuristics to identify and stop most obvious attacks. There exist a few powerful generic modules that do this; but they’re not always installed on web servers, and difficult to configure.
It intelligently whitelists and blacklists pathological-looking phrases based on which field they appear within in a page request (unknown/numeric parameters vs. known post bodies, comment bodies, etc.)
Download : http://www.seoegghead.com/software/downloads/wordpress-firewall.seo
WordPress Guard Plugin
Angsuman’s WordPress Guard Plugin is a must-have WordPress security plugin that protects the vulnerable areas of your blog from outside access with an additional layer of security.
Download : http://www.seoegghead.com/software/downloads/wordpress-firewall.seo
WP-DBManager
wp-dephorm protects your users from the prying eyes of phorm. This is achieved by setting a cookie to opt out of the phorm information mining. Your blog viewers will not have their information stored and used in marketing campaigns whilst viewing your site.
Download : http://wordpress.org/extend/plugins/wp-dbmanager/
WP Security Scan
Scans your WordPress installation for security vulnerabilities and suggests corrective actions.
-passwords
-file permissions
-database security
-version hiding
-WordPress admin protection/security
-removes WP Generator META tag from core code
Download : http://wordpress.org/extend/plugins/wp-security-scan/
WP-SpamFree WordPress Spam Plugin – Powerful Anti-Spam Protection!
An extremely powerful anti-spam plugin for WordPress that eliminates comment spam, including trackback and pingback spam. It works invisibly without CAPTCHA’s, or other inconvenience to site visitors. The plugin includes spam-free contact form feature as well.
Download : http://www.hybrid6.com/webgeek/plugins/wp-spamfree