Posted October 6, 2011 by Zubair Khan in Blogging

15 WordPress Security Plugins to Protect Your Blog from Hackers

Recently Blogging has become an amazing way to shout your mind loudly to the world. Many people have blogs on many topics like Internet, Hacking, WordPress etc. But what if all the contents get lost one day and you don’t have the back up? So we need to stress on the importance of making your blog more secure. We need to update our blog with latest hacking preventive measures, as hackers devise new methods of attacking very fast. So in order to prevent your WordPress blog from getting hacked, we could install Plugins, which is an awesome service offered by WordPress. Installation of plugins helps us to stay in track with the latest updates. Or you should do manual coding which is a very tiresome job. We are listing some of the best WordPress Security Plugins here. Its not necessary that you install all of them. Just install according to your needs.

1) WP Security Scan 

Let us start with plug-scanners. WP Security Scanner hides WordPress version information. It also scans your blog for various vulnerabilities, such as File Privileges and Permissions. It also makes recommendations to correct them. In addition, this plugin allows you to change Database Prefix of your WordPress Blog.

2)  WP Secure 

If for any reason Wp Security scan will not work, try this one . WP Secure will scan your blog for 23 points of safety. Allows you to restrict other’s entry to the admin panel. It will only permit you to access the admin panel ( IP address is recognized )


3) BulletProof  Security

A useful plugin for safety. BulletProof Security allows you to protect your important files on your blog (wp-config.php, php.ini and php5.ini) through a file called .htaccess. There is a mode for the technical work on the blog. Disables error messages, hiding the version of WordPress and the permissions to check the folders and files.

4) WordPress File Monitor 

Useful plugin that monitors for changes in the files of your blog. In case it crawls over any suspicious activity like Unauthorized Edit, Add, Delete this plugin will send you an automated message to your Mail ID.

5)  AntiVirus

A handy plug in to check your blog for viruses and exploits. You can configure automatic daily test of sending the report to you on e-mail.

6) TimThumb Vulnerability Scanner

It was found that various WordPress Blogs were getting hacked due to the vulnerabilities inside your Timthumb.php file.(Timthumb.php is a file that most of the WordPress Themes use for resizing the images). After looking over it the experts found that the earlier version of timthumb contains Vulnerability which made those sites prone to Hacking. You can use this plugin to check for your timthumb vulnerability. It also updates with latest Timthumb.php version automatically. It is a must have plugin in every wordpress blog.

7) Enmask Captch

This plugin creates captcha field in your blog’s login page. Thus users need to type captcha before they can login to their WordPress Admin Panel. This plugin clearly wipes all possiblities for Bruteforcing your site. You can also Zoom the captcha image to avoid wrong inputs. Its also ideal for iPhone and Android devices.

8) Exploit Scanner

This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.

9) BlackHole Plugin

This is a nice plugin to lock down bots that disobey the rules mentioned in your site’s robot.txt file. And those bots which disobey are blacklisted and further they are denied access to your site.

10) TAC (Theme Authenticity Checker)

This plugin also checks vulnerabilities inside your theme. It also displays a link to theme code with line number, making it easy for us to correct the errors. It also scans static links.

11) Stealth Login

This plugin allows you to create new URLs for logging in, logging out, and registering your WordPress Blog. So people wouldn’t know the URL from where one can Login to your WordPress site. This plugin lets you alter default login page URL, and thus making it harder for the attackers to find your login URL. Instead of publishing your Login URL on your site’s homepage you can create a new URL like www.example.com/getinhere.php.


12) Admin SSL

Admin SSL plugin secures your site’s admin panel, Login area, Posts, Pages. This plugin will be using Private or Shared SSL. After activating the plugin, you have to go to the Admin SSL configuration page to enable SSL security.


13) Math Comment Spam Protection

This plugin creates a math question (a simple operation that won’t trouble people who are weak at mathematics) in your post’s comment form. Whenever a user needs to comment on your site he/she needs to solve this math operation. This plugin allows you to reduce spam comments. Nowadays many comment forms have captcha already integrated in it.

14) WP Email Guard

Spammers can’t crawl JS (JavaScript). Thus they can’t fetch anything posted in the form of JS. WP Email Guard Plugin protects your email addresses included on any post or page from being caught by spammers. This plugin converts normal Email links to javascript code, thus making it impossible for spammers to detect this Email ID in JS form.

15) Akismet

Last but not the least, Akismet is an anti spam plugin that comes with WordPress. Akismet checks your comments for spam and lets you review the spam it catches under your blog’s Comments section.

Zubair Khan

A technology enthusiast and avid gamer with an insatiable hunger for latest news and updates on anything digital.