WordPress is a popular blogging CMS software that is very secure when properly installed. Site owners can take security a step further by installing the following plugins, especially when running WordPress in a cheap hosting environment.
WordPress Security Scan
This basic security plugin will look at the database, passwords and permissions for files and alert the site owner to any needed changes. It also hides the version of WordPress and adds extra protection to the administrative area.
This plugin should be installed by all WordPress site owners. It’s simple and easy to understand.
Going a few steps further than WordPress Security Scan, this add-on provides an index page for the plugin folder, does away with error messages on the login page and blocks any bad queries. It also hides version and plugin update information from everyone except admins.
Removing version information is crucial because hackers won’t know what they’re dealing with and will move on to less secure installs on free domain names.
Forms are a favorite target by spambots. Invisible Defender protects forms by providing extra fields which are visible to spambots but hidden from the user by style code. When the fields are filled, indicating a bot, the plugin returns a 403 error, which blocks the bot and protects the blog.
This plugin keeps a tally of blocked bots in the admin area so site owners can see how effective it is.
Brute force password attempts are a big problem for any site, especially since many people don’t choose secure passwords. This plugin timestamps and records the IP address of any bad login attempt. When a certain number of attempts are reached, the IP string is blocked from the site. The default block time is one hour but this can be adjusted by the site owner. There is also a manual option for lifting the block.
Theme Authenticity Checker (TAC)
TAC works by checking all installed WordPress themes for suspicious code, especially BASE 64, which can obfuscate the code’s intended purpose. When bad code is found, TAC will show the exact location in the theme files. The latest version of TAC also reveals static links within theme code. These are not always harmful but it is good to know about them.
And remember, the best way to avoid bad code is to not use free themes.