If you’re one among the millions of users of WordPress, and you really don’t have that much knowledge about what’s going on under the hood, your best bet to securing your website is to use plug-ins.
A month ago we presented 5 handy WordPress security plug-ins. Here is 5 more:
1. SecurePress Website Security Analyzer
The SecurePress widget installs enough free features to get you started towards securing your site. The ability to see and record your attacks is an excellent starting point. The reports and statistics available in the dashboard help you to better understand the level and magnitude of these attacks.
You will be alerted instantly of any hacking attempts and will also be able to automatically block (available with the Pro version).
2. Semisecure Login Reimagined
This plugin requires PHP to be compiled with openssl support, which is a pretty standard option for most hosts.
3. GD Press Tools
GD Press Tools is a collection of various administration, seo, maintenance, backup and security related tools. It can be integrated into the various WordPress admin panels, can perform maintenance operations, change some aspects of WordPress, etc. The plugin can also track posts and pages views for various popularity lists.
4. WordPress Exploit Scanner
This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.
It does not remove anything. That is left to the user to do.
5. User Locker
Default WordPress installation is vulnerable to brute force and dictionary attacks, because there is no limit how many times user can use invalid password before finding the correct one. This plugin closes this security hole by introducing maximum number of invalid login attempts. When someone exceeds this number, his/her account becomes locked, and can be unlocked only by requesting new password (using Lost Password option) or asking Admin for help (he/she can do it too). This makes brute force and dictionary attacks nearly impossible.
You can also disable selected user accounts, so users will not be able to log in even if they will know password. You can use this feature to ban selected users.