WordPress is one of today’s most popular publishing platforms. Like any other system, it needs security. What follows is a list of 5 practical plug-ins that extend its functionality in the security arena.
1. Secure WordPress
Removes error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area, remove core update information for non-admins, etc. In short, removes the things that can come in handy to hackers.
Allows users to authenticate to websites without having to create a new password, and to login to their local WordPress account using an OpenID, as well as enabling commenters to leave authenticated comments with it. The plugin also includes an OpenID provider, enabling users to login to OpenID-enabled sites using their own personal WordPress account.
3. WP Security Scan
Scans your WordPress installation for security vulnerabilities and suggests corrective actions regarding passwords, file permissions, database security, version hiding. WordPress admin protection/security, and removes WP Generator META tag from core code.
4. Chap Secure Login
Whenever you try to login into your website, you can use this plugin to trasmit your password encrypted. The encryption process is done by the Chap protocol; this is particularly useful when you can’t use ssl or other kinds of secure protocols. By activating the ChapSecureLogin plugin, the only information transmitted unencrypted is the username; password is hided with a random number generated by the session – and opportunely transformed by the md5 algorithm.
5. Admin SSL
Admin SSL secures login page, admin area, posts, pages – whatever you want – using Private or Shared SSL. It Forces SSL on all pages where passwords can be entered and works with both Private and Shared SSL.