WordPress Security Plugins
by James Hicks - Friday, 30 November 2007.
WordPress is a powerful publishing platform that is easy to use and offers anyone the possibility to start a blog in no time. Because of its versatility and a large quantity of third-party plugins, WordPress quickly became "the" solution for a large number of bloggers around the world. While some see potential security issues in deploying extra plugins, there are some good ones that will fuel up your blog's security. Here are some of them:

1) AskApache Password Protect

This plugin adds some serious password protection to your WordPress Blog's admin directory. It adds a 2nd layer of security to your blog by requiring a username and password to access anything in the /wp-admin/ folder.



The plugin is simple, you just choose a username and password and you are done. It writes the .htaccess file, without messing it up. It also encrypts your password and creates the .htpasswd file, as well as setting the correct security-enhanced file permissions on both. This plugin automatically picks all the right settings for where to save the .htpasswd and .htaccess files, but you can easily change those settings to anything you want. You can change it whenever you want right from your WordPress Admin Panel.

2) Force SSL

This plugin will force HTTPS connections for security purposes. Of course, you will need a web server "equipped" with a proper SSL certificate to use it. Force SSL works by redirecting any requests for pages via http to https, so no one will be able to access the contest through an insecure http connection.

3) Secure Files

This WordPress plugin allows you to upload and download documents that are, because of security purposes, stored outside of your web document root.



Secure Files works by allowing you to create a directory that is outside of your web document root and to upload/download files from it directly from within the WordPress Administrative Interface.

4) Login LockDown

Login LockDown records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range.



This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Administrators can release locked out IP ranges manually from the panel.

5) Secure Form Mailer Plugin For Wordpress

This is the WordPress plugin version of an already existing PHP form mailer script. This plugin has a wide range of features including: Support for multiple instances, an easy to use dynamic form generation system (any number of fields, in any order), multiple recipients, multiple file attachments, optional auto reply feature, an image verification system, numerous security features (including protection against email header injection), a message template system, multiple languages, and too many other things to list.

Spotlight

Free security software identifies cloud vulnerabilities

Posted on 21 October 2104.  |  Designed for IT and security professionals, the service gives a view of the data exchanged with partner and cloud applications beyond the network firewall. Completely passive, it runs on non-production systems, and does not require firewall changes.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Oct 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //