When it comes to security there are two common types of webmasters. The first includes those WordPress admins who cram their blogs with every possible security plugin, while the other type are webmasters that are happily ignorant of the various web dangers including hackers, malicious code, and spam attacks who don’t even imagine why they need any security plugin.

No matter which type of webmaster you are, below we have a list of security plugins any webmaster should consider for their WordPress website:

  1. Simple Backup – This WordPress plugin was developed to create and download backups of your WordPress website. Note: Simple Backup plugin creates a special directory in the root of your WordPress directory – usually its name is ‘simple-backup’ for backup files. Sometimes it’s necessary to create this directory manually (in case you get an error message). Requirements: It requires PHP 5.2 or higher version, WordPress 3.3 or newer version, Linux Style Server, mysqldump (for DB backup) and tar, zip, gzip, or bzip (for compression of files).
  2. Ask Apache Password Protect – This is quite an unusual security plugin. Unlike other similar plugins it works not at the level of application but at the network level and does not use php to prevent attacks as it starts functioning before php. Ask Apache Password Protect was developed to stop attacks before they even reach your blog. Requirements: The plugin requires Apache web server and hosting support for .htaccess files.
  3. Login Dongle – Nobody will be able to log in but you. As simple as a pie! Login Dongle plugin protects your login information with the help of security question as an additional security layer. Note: Your login page stays unchanged, so attackers won’t know how to guess the answer to your security question. And even if someone uses your computer and browser that fills in the login form automatically, still this person will not be able to log in! And you can install it with any other login plugin. Requirements: WordPress 1.0 or newer versions.
  4. Sideways8 Custom Login and Registration – This plugin was designed in such a way that you and your users never see the built-in login option, registration form, and password reset form of your WordPress. Additionally you’ll be able to add some custom content to the login, forgot password, registration and password reset pages. Requirements: WordPress 3.3 or newer versions.
  5. Exploit Scanner – This plugin will look through your WordPress files and database to find any signs of some malicious activity. It also examines your active plugins for unusual filenames. And don’t be afraid – it won’t delete anything! You are the one that will make the decision! Requirements: WordPress 3.3 or higher versions.
  6. WordPress AntiVirus – It’s an easy-to-use plugin that will automatically and regularly monitor any kind of malicious injections and warn you of any possible attacks. What is even more, it has a multilingual support. Requirements: PHP 5.1 and WordPress version 2.8.
  7. WebsiteDefender – WebsiteDefender plugin is another free WordPress plugin that can offer you a list of useful security options. Among them are: scanning your blog for security configuration mistakes, offering easy solutions of security issues, hiding your WP version, checking your files permissions, removing WP Generator META tag from the core code etc. Requirements: WordPress 3.0 or higher version, PHP5.
  8. WordPress HTTPS (SSL) – This plugin was created as an all-in-one solution (includes private and shared SSL, force SSL per page option, admin panel security and ‘partially encrypted’ errors solutions) for your WordPress SSL. Requirements: WordPress 3.0 or higher versions.
  9. Anti-spam plugin – This plugin blocks spam in your posts’ comments automatically and invisibly both for users and for admins. What are its main advantages? First of all, it has no captcha; additionally, it has no moderation queues and no options. So, you can forget about spam forever! Requirements: WordPress 3.0 or newer.
  10. Theme Authenticity Checker – It’s a plugin that can scan all your theme files and let you know if there is any suspicious or unwanted code hidden. That’s a great tool for avoiding non-wanted advertising mostly, but before deleting any piece of code from your theme’s source files we suggest that you contact theme author to obtain some additional information about it. Requirements: WordPress 3.0 or newer versions.

This article was contributed by Diane Parks, a Template Monster representative who is fond of WordPress themes, plugins and tutorials.

Kyle Eslick is WordPress enthusiast who took his passion for WordPress to the next level in 2007 by launching WPHacks.com as a place to share hacks, tutorials, etc. Follow Kyle on Twitter @KyleEslick!

  1. christev says:

    I was looking for some security measure for my blog. then arrived your blog. You’ve shared the great list of WordPress plugins. I would say the great challenge when it comes to choose WordPress Security Plugins is to find the magic combination. that which gives optimal cover without conflicts or overlapping functionality for websites. Thanks for share.

  2. Don’t forget the importance of using secure passwords for your accounts and only installing plugins/themes from reliable sources. A handy tool for generating passwords: http://www.pctools.com/guides/password/

  3. Lahiru Jay says:

    I came across a security plugin that covers everything from login name to firewall called “All In One Security + Firewall”. After testing it, I removed all the other security plugins and using only that one now. Works like a charm on all the WP sites I manage.

  4. Lahiru Jay says:

    I came across a security plugin that covers everything from login name to firewall called “All In One Security + Firewall”. After testing it, I removed all the other security plugins and using only that one now. Works like a charm on all the WP sites I manage.

  5. Zachary Smith says:

    this is a great article!

  6. Online making money says:

    I really want this method. thanks for sharing all the tips .

  7. Allie D. says:

    Great post — I’m now using WPEngine for easy backups and hopefully security. Also use very, very strong passwords on everything.

  8. SEOinUS says:

    Thank you very much for all these wordpress security plugins.

  9. Hostmaa says:

    We can provide more security to wordpress through all these plugins. Thanks for sharing.

  10. Skillmills says:

    Thank you for always keeping me up to date with these security plugin! Great post.

  11. DeskRoll says:

    Definitely too much security is never enough. Will be using 1,6 and 7 on some blogs of mine.