Most wordpress users haven’t taken the issue of security seriously, mainly because their site hasn’t been compromised.
I am not a fan of plugins but sometimes one may have to use them especially in this scenerio of wordpress security
Below are list of top wordpress plugins to help secure your website, and description of their functionality.
- Better WP Security
This plugin take away the worry of securing your wordpress blog. It an all-in-one action packed security plugin.
It functions include: Remove the meta “Generator” tag, Change the urls for WordPress dashboard including login, admin, Completely turn off the ability to login for a given time period, Change the WordPress database table prefix, Change wp-content path,Scan your site to instantly tell where vulnerabilities are and fix them, Ban troublesome BOT, Prevent brute force, backup and email database and lots more. - Wordfence Security
This security plugin include a firewall, anti-virus scanning, malicious URL scanning and live traffic including crawlers. Some wordfence functions are: Scans for many known backdoors, Checks the strength of all user and admin passwords, Monitor your DNS security for unauthorized DNS changes, firewall to block common security threats like fake Googlebots, malicious scans from hackers and botnets, Rate limit or block security threats like aggressive crawlers, scrapers and bots doing security scans for vulnerabilities in your site. - BulletProof Security
I strongly recommend this plugin because it does all it security work in .htaccess file. Don’t forget .htaccess files are processed first before any other code on your website. In other words, hackers malicious scripts are stopped by BulletProof Security .htaccess files before those scripts even have a chance to reach the php coding in WordPress.
It functions include: protection against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts, one-click .htaccess WordPress security protection, protects wp-config.php, bb-config.php, php.ini, php5.ini, install.php and readme.html with .htaccess security protection, Security Logging, HTTP Error Logging. One-click Website Maintenance Mode (HTTP 503), Additional website security checks: DB errors off, file and folder permissions check, System Info: PHP, MySQL, OS, Server, Memory Usage, IP, SAPI, DNS, Max Upload… Built-in .htaccess file editing, uploading and downloading. - WordPress Sentinel
Wordpress Sentinel tracks all files in a WordPress installation (core, themes, plugins) and then periodically rechecks and notifies the administrator of any files that have changed in any way. Most attacks against WordPress sites will install rogue code wherever they can – in new and existing files in the themes, plugins and even in the WordPress core files. This plugin is designed to tell the administrator exactly what files have been touched and when in order to make hack detection and recovery much easier. - VIP Scanner
The plugin itself is simple a UI for the VIP Scanner library, which does all the heavy lifting. The library allows you to create arbitrary “Checks” (e.g. UndefinedFunctionCheck), group them together as Reviews (WordPress.org Theme Review), and run them against themes, plugins, directories, single files.
The use of one or combination of the plugin above will help improve your wordpress blog/website security.