When it comes to security there are two common types of webmasters. The first includes those WordPress admins who cram their blogs with every possible security plugin, while the other type are webmasters that are happily ignorant of the various web dangers including hackers, malicious code, and spam attacks who don’t even imagine why they need any security plugin.
No matter which type of webmaster you are, below we have a list of security plugins any webmaster should consider for their WordPress website:
- Simple Backup – This WordPress plugin was developed to create and download backups of your WordPress website. Note: Simple Backup plugin creates a special directory in the root of your WordPress directory – usually its name is ‘simple-backup’ for backup files. Sometimes it’s necessary to create this directory manually (in case you get an error message). Requirements: It requires PHP 5.2 or higher version, WordPress 3.3 or newer version, Linux Style Server, mysqldump (for DB backup) and tar, zip, gzip, or bzip (for compression of files).
- Ask Apache Password Protect – This is quite an unusual security plugin. Unlike other similar plugins it works not at the level of application but at the network level and does not use php to prevent attacks as it starts functioning before php. Ask Apache Password Protect was developed to stop attacks before they even reach your blog. Requirements: The plugin requires Apache web server and hosting support for .htaccess files.
- Login Dongle – Nobody will be able to log in but you. As simple as a pie! Login Dongle plugin protects your login information with the help of security question as an additional security layer. Note: Your login page stays unchanged, so attackers won’t know how to guess the answer to your security question. And even if someone uses your computer and browser that fills in the login form automatically, still this person will not be able to log in! And you can install it with any other login plugin. Requirements: WordPress 1.0 or newer versions.
- Sideways8 Custom Login and Registration – This plugin was designed in such a way that you and your users never see the built-in login option, registration form, and password reset form of your WordPress. Additionally you’ll be able to add some custom content to the login, forgot password, registration and password reset pages. Requirements: WordPress 3.3 or newer versions.
- Exploit Scanner – This plugin will look through your WordPress files and database to find any signs of some malicious activity. It also examines your active plugins for unusual filenames. And don’t be afraid – it won’t delete anything! You are the one that will make the decision! Requirements: WordPress 3.3 or higher versions.
- WordPress AntiVirus – It’s an easy-to-use plugin that will automatically and regularly monitor any kind of malicious injections and warn you of any possible attacks. What is even more, it has a multilingual support. Requirements: PHP 5.1 and WordPress version 2.8.
- WebsiteDefender – WebsiteDefender plugin is another free WordPress plugin that can offer you a list of useful security options. Among them are: scanning your blog for security configuration mistakes, offering easy solutions of security issues, hiding your WP version, checking your files permissions, removing WP Generator META tag from the core code etc. Requirements: WordPress 3.0 or higher version, PHP5.
- WordPress HTTPS (SSL) – This plugin was created as an all-in-one solution (includes private and shared SSL, force SSL per page option, admin panel security and ‘partially encrypted’ errors solutions) for your WordPress SSL. Requirements: WordPress 3.0 or higher versions.
- Anti-spam plugin – This plugin blocks spam in your posts’ comments automatically and invisibly both for users and for admins. What are its main advantages? First of all, it has no captcha; additionally, it has no moderation queues and no options. So, you can forget about spam forever! Requirements: WordPress 3.0 or newer.
- Theme Authenticity Checker – It’s a plugin that can scan all your theme files and let you know if there is any suspicious or unwanted code hidden. That’s a great tool for avoiding non-wanted advertising mostly, but before deleting any piece of code from your theme’s source files we suggest that you contact theme author to obtain some additional information about it. Requirements: WordPress 3.0 or newer versions.
This article was contributed by Diane Parks, a Template Monster representative who is fond of WordPress themes, plugins and tutorials.