Here is the list of top 7 wordpress plugin to secure your wordpress blog. It is impossible to prevent every attack, but installation of security plugins can improve your wordpress protection . Let’s begin!
Limit the number of login attempts possible both through normal login as well as using auth cookies. By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease. Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.
WP Security Scan checks your WordPress website/blog for security vulnerabilities and suggests corrective actions such as:Passwords, File permissions, Database security, Version hiding , WordPress admin protection/security, Removes WP Generator META tag from core code
WordPress Security Plugin – Perform over 23 Basic Security Activities for your blog and get a free malware scan at the same time! See more details at
This WordPress plugin investigates web requests with simple WordPress-specific heuristics to identify and stop most obvious attacks. There exist a few powerful generic modules that do this; but they’re not always installed on web servers, and difficult to configure. It intelligently whitelists and blacklists pathological-looking phrases based on which field they appear within in a page request (unknown/numeric parameters vs. known post bodies, comment bodies, etc.). Its purpose is not to replace prompt and responsible upgrading, but rather to mitigate 0-day attacks and let bloggers sleep better at night.
Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Admisitrators can release locked out IP ranges manually from the panel.
This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames. It does not remove anything. That is left to the user to do.
Monitor files under your WordPress installation for changes. When a change occurs, be notified via email.