WordPress is a powerful publishing platform that is easy to use and offers anyone the possibility to start a blog in no time. Because of its versatility and a large quantity of third-party plugins, WordPress quickly became “the” solution for a large number of bloggers around the world. While some see potential security issues in deploying extra plugins, there are some good ones that will fuel up your blog’s security. Here are some of them:
This plugin adds some serious password protection to your WordPress Blog’s admin directory. It adds a 2nd layer of security to your blog by requiring a username and password to access anything in the /wp-admin/ folder.
The plugin is simple, you just choose a username and password and you are done. It writes the .htaccess file, without messing it up. It also encrypts your password and creates the .htpasswd file, as well as setting the correct security-enhanced file permissions on both. This plugin automatically picks all the right settings for where to save the .htpasswd and .htaccess files, but you can easily change those settings to anything you want. You can change it whenever you want right from your WordPress Admin Panel.
2) Force SSL
This plugin will force HTTPS connections for security purposes. Of course, you will need a web server “equipped” with a proper SSL certificate to use it. Force SSL works by redirecting any requests for pages via http to https, so no one will be able to access the contest through an insecure http connection.
3) Secure Files
This WordPress plugin allows you to upload and download documents that are, because of security purposes, stored outside of your web document root.
Secure Files works by allowing you to create a directory that is outside of your web document root and to upload/download files from it directly from within the WordPress Administrative Interface.
Login LockDown records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range.
This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Administrators can release locked out IP ranges manually from the panel.
This is the WordPress plugin version of an already existing PHP form mailer script. This plugin has a wide range of features including: Support for multiple instances, an easy to use dynamic form generation system (any number of fields, in any order), multiple recipients, multiple file attachments, optional auto reply feature, an image verification system, numerous security features (including protection against email header injection), a message template system, multiple languages, and too many other things to list.
This plugin was designed to be easy to use, while still being extremely flexible. If you just want a simple contact form, you can set one up with just a few clicks. For those of you who need something a bit more advanced, you can completely customize the plugin to fit your needs – whether it is 5 fields or 500.