Protect Your Blog! It is a tragic thing, but several blogs get hacked every second and once you get hacked, it can be really hazardous to put everything back in order again. So to avoid or minimize that risk I publish a list with some good plugins to protect your blog from being hacked.
I am not an expert on the subject, but after some research around the web I picked out these WordPress Plugins!
Protect Your Blog
1: Secure WordPress
Secure WordPress beefs up the security of your WordPress installation by removing error information on login pages, adds index.html to plugin directories, hides the WordPress version and are easy to use and will just run in the background for you. The plugin does the following:
- Removes error-information on login-page
- Adds index.php plugin-directory (virtual)
- Removes the wp-version, except in admin-area
- Removes Really Simple Discovery
- Removes Windows Live Writer
- Remove core update information for non-admins
- Remove plugin-update information for non-admins
- Remove theme-update informationfor non-admins (only WP 2.8 and higher)
- Hide wp-version in backend-dashboard for non-admins
- Block bad queries
2. Block Bad Queries (BBQ)
This script checks for excessively long request strings (i.e., greater than 255 characters), as well as the presence of either “evil(” or “base64” in the request URI. These sorts of nefarious requests were implicated in the September 2009 WordPress attacks.
3. Login Lockdown
Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Admisitrators can release locked out IP ranges manually from the panel. Compatible up to: 2.8.4 for sure, but it hasn´t been updated for a long time.
4: WP Security Scan
This plugin scans your WordPress installation for security vulnerabilities and suggests corrective actions:
- File permissions
- Database security
- Version hiding
- WordPress admin protection/security
Better WP Security
As most WordPress attacks are a result of plugin vulnerabilities, weak passwords, and obsolete software. Better WP Security will hide the places those vulnerabilities live keeping an attacker from learning too much about your site and keeping them away from sensitive areas like login, admin, etc. It has a very high ranking and I have it installed on my site.
- Remove the meta “Generator” tag
- Change the urls for WordPress dashboard including login, admin, and more
- Completely turn off the ability to login for a given time period (away mode)
- Remove theme, plugin, and core update notifications from users who do not have permission to update them
- Remove Windows Live Write header information
- Remove RSD header information
- Rename “admin” account
- Change the WordPress database table prefix
- Change wp-content path
- Removes login error messages
- Display a random version number to non administrative users anywhere version is used