Part 2 Of this Post is here: Lifesaving WordPress Security Plugins To Secure Your WordPress Blog – Part 2
As you know, WordPress is without a doubt the most popular CMS on the internet right now. It is backed by very large number of contributors who contribute to develop plug-ins, themes and other fixes. These are good points about WP, then what about bad?. Since WP is a opensource blogging platform, the source code is freely available for everyone which makes it easier for hackers to exploit.
It’s not meant that, the WordPress source code is written badly, WordPress is very well written CMS, then what makes WordPress installation exploitable? here is your answer..the tweaks blogger made on their WordPress installation by adding poorly written Plugins or freely available sponsored themes which opens doors for hacker to exploit.
Let’s see some of the best security Plugins for WordPress in this article.
WP Security Scan (WPSS):
WP Security Scan is one of the best free WordPress security Plugins. WPSS silently checks your blog’s files for security vulnerabilities and comes up with suggestions for you to do.
WPSS plug-in helps you to secure following:
- WP Passwords / DB Passwords: Checks the password strength as per WP standards.
- WP Installation File Permissions: Checks WP file permissions for writable or readable attributes.
- WP Database Security: Let user to change the database table prefix from wp_ (default) to user desired ones.
- WordPress Version hiding: Hides WordPress version being displayed in source of your webpage.
- WordPress admin protection/security
- Removes WP Generator META tag from core code
Better WP Security
This is one of the best and my favourite WordPress security plug-in. Better WP Security plug-ins scans your WordPress files, themes and Plugins as well as .htaccess and helps protecting your site.
Better WP Security plug-in capable of doing following setups in your blog and helps you to protect your blog.
- Removing the meta “Generator” tag where WordPress version shows.
- Changing the urls for WordPress dashboard including login, admin etc.
- Completely turning off the ability to login for a given time period (away mode) if there are any Intrusion detected.
- Removing theme, plug-in, and WordPress core update notifications from the users who do not have permission to update them.
- Removing Windows Live Write header information.
- Removing RSD header information.
- Renaming “admin” account, if required by user.
- Changing the ID on the user with ID 1.
- Changing the WordPress database table prefix (if its set to default Wp_ value)
- Changing wp-content path.
- Removing login error messages.
- Displaying a random version number to non administrative users anywhere version is used.
There are many more settings possible with Better WP security plug-in, which you can read here.
This plug-in is another gem in WordPress Security plug-in repository. BulletProof security plug-in helps to protect your blog against major WordPress threats like XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection exploit attempts.
One of the best options in BPS plug-in I love is; Built-in .htaccess file editing, uploading and downloading. Using this option you can edit, upload or download your present .htaccess file without FTP your hosting account.
BPS plug-in has a security Maintenance Mode, which you can when use to bring your blog into maintenance mode in a single click –no extra Plugins required.
Sucuri SiteCheck Malware Scanner
This malware scanner let you know whether your site is blacklisted due to malware or not. Along with this option, SiteCheck Malware Scanner offers free scanning for spam and other security issues like .htaccess redirections, hidden eval code (Base64), etc.
One of the best options this plug-in offer is; Sucuri 1-Click WordPress Hardening. This option checks; whether the WordPress installation has the latest updated version, whether your WordPress version is hidden from being displayed in webpage source code, is your WordPress upload directory is writable or allows PHP execution or if it is browsable using url etc.
Anti-Malware by ELI at GOTMLS.NET
This plug-in also known as Get Off Those Maliciously Loaded Scripts plug-in. This free WordPress Anti-Virus/Anti-Malware plug-in scans your whole blog including Plugins directory, wp-content directory, and your public html directory separately as per your requirement.
To get most out of the plug-in you need to register for their domain GOTMLS.NET to get latest definitions of “known threats” and added features like automatic removal and patches for specific security threats and vulnerabilities.