1) AskApache Password Protect
This plugin adds some serious password protection to your WordPress Blog's admin directory. It adds a 2nd layer of security to your blog by requiring a username and password to access anything in the /wp-admin/ folder.
The plugin is simple, you just choose a username and password and you are done. It writes the .htaccess file, without messing it up. It also encrypts your password and creates the .htpasswd file, as well as setting the correct security-enhanced file permissions on both. This plugin automatically picks all the right settings for where to save the .htpasswd and .htaccess files, but you can easily change those settings to anything you want. You can change it whenever you want right from your WordPress Admin Panel.
2) Force SSL
This plugin will force HTTPS connections for security purposes. Of course, you will need a web server "equipped" with a proper SSL certificate to use it. Force SSL works by redirecting any requests for pages via http to https, so no one will be able to access the contest through an insecure http connection.
3) Secure Files
This WordPress plugin allows you to upload and download documents that are, because of security purposes, stored outside of your web document root.
Secure Files works by allowing you to create a directory that is outside of your web document root and to upload/download files from it directly from within the WordPress Administrative Interface.
4) Login LockDown
Login LockDown records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.