Top Best Free and Useful WordPress Security Plugins

This blog post discuss about the plugins for the over all WordPress security from the hackers, robots, spambots and other unwanted exploits.Admin SSL secures login page, admin area,posts and pages using Private and Shared SSL.Angsuman's Authenticated WordPress Plugin allows you to make WordPress site accessible to logged in users only.Angsuman's WordPress Guard Plugin protects the […]

This blog post discuss about the plugins for the over all WordPress security from the hackers, robots, spambots and other unwanted exploits.

    Admin SSL secures login page, admin area,posts and pages using Private and Shared SSL.

  1. Angsuman's Authenticated WordPress Plugin allows you to make WordPress site accessible to logged in users only.
  2. Angsuman's WordPress Guard Plugin protects the vulnerable areas of the blog from the external access with an additional layer of security. It has features such as Double security for WordPress Administration Panel, Protection over wp-admin directory and Protection against future vulnerabilities.
  3. WPantivirus protects blog from the spams, viruses and other unwanted exploits. It provides an Antivirus protection to your blog.
  4. AskApache Password Protect provides highly secured password protection to blog and protects admin's wp-admin directory, wp – includes, wp-content, plugins, etc. It prevents a lot of bots out there from the blog by not allowing them to come back again.
  5. Blog Securify is the integration of several simple but important security patches for popular blogging platform. It protects blog by forcing users to login over a secure communication channel, protecting session identifiers from incidental session leaks, etc.
  6. Bulletproof Security protects your blog from all XSS and SQL injection hacking attempts. It protects admin's wp-config.php with .htaccess protection.
  7. Chap Secure Login transmits password in encrypted form whenever you try to login into your blog or website for security of password from unwanted people and machines. The password is hidden or encrypted with a random number (nonce) generated by the session and transformed by MD5 algortihm.
  8. ExtraShield is a free mobile app which generates a unique 6 digit numbered "Security code" in every 50 seconds in you mobile phone and the code has to be entered into your WordPress account according to your WordPress Login Mode set in your profile page. Note that it works in Java enabled mobile phone only such as Nokia, Samsung etc.
  9. HTML Purified replaces default WordPress comments filters with HTML purifier ,removes all malicious codes such as XSS and makes your documents standard compliant.
  10. HTTP authentication enables you to use existing means of authenticating people to WordPress.
  11. Inspector WordPress checks each and every request to your blog and on the basis of admin defined conditions it interrupts the attacker's action and logs it.
  12. Limit Login Attempts limits the number of login attempts into your WordPress account.
  13. Login Lockdown prevents brute forced password discovery by disabling all login function for all requests within an IP range after recording maximum number of failed login attempt from that IP range within given period of time.
  14. MJP Security Plugin scans the database for possible XSS issues, limits login attempsts to one per ten seconds per user, checks all file permissions, logs all post requests, checks WodPress updates and does other various useful blog securing and maintaining functions.
  15. openWallet is a login system for the websites which replaces user names and passwords with digital key and a password.
  16. Phone Factor requires users to confirm a login attempt by accepting a call from the Phone Factor and pressing # key.
  17. Profiless removes menu icon to access profile page for the level 0 user in the WordPress admin panel and redirects the level 0 user to admin hoempage if it tries to access directly the profile page.
  18. Restrict Login By IP allows you to specify IP addresses from where the users are allowed to login. It requires PHP 5 or later, Apache, mod_access or mod_ authz_host.
  19. Safer Cookies makes the cookie of your blog or website specific to your IP address so that others cannot have acess to them from different computers.
  20. Safe-Signup Form uses JavaScript to determine if the form is submitted by a robot or a web browser to stop automated attacks.
  21. Secure WordPress removes error information on login page, adds index.html to plugin directory and removes the wp-version except in admin area.
  22. Semisecure Login uses client-side MD5 encryption on the password as a user logs in. In this way it increases the security of the blog.
  23. Semisecure Login Reimagined uses a combination of public and secret-key encryption to encrypt password on the client side when a user logs in and increases the security of Login process.
  24. Stealth Login allows you to create custom URLS for logging in, logging out, administration and registering for your WordPress blog.
  25. TAC (Theme Authenticity Checker) searches source files of every installed theme for signs of malicious code. You can quickly determine the area requiring code cleanup in order to use the theme properly and safely.
  26. Threat Scan Plugin searches for things out of place in the content directory as well as the database.
  27. TTC User Registration Bot Detector bounces most of the bot attempts at user registration on your blog and blacklists that email address and IP address automatically or manually as per your wish.
  28. Ultimate Security Check helps you to identify the securtiy problems with your WordPress installation by scanning your blog for the known threats and grading it on the basis of the way it has been protected.
  29. WordPress Firewall analyzes web requests with simple WordPress heuristics to identify and stop most obvious attacks. It has intelligence to whitelist and blacklist pthlogical looking phrases based on the field they appear within a page request.
  30. WP-dephorm protects the users from the prying eyes of phorm.
  31. WP-Malwatch alerts you quickly if the evidence of foul play by the hackers are found in your blog.
  32. WP-Recover allows you to get back into wordpress easily when you accidentally stuff something up.
  33. Ultimate Security Check helps you identify security problems with your wordpress installation. It scans your blog and give a security grade based on passed tests.
  34. Invalidate Logged Out Cookies will immediately invalidate your auth cookies when you manually log out.
  35. Restricted Site Access limit access to visitors who're logged in or at specific IP addresses. Many options for handling blocked visitors. Great for Intranets, dev sites.
  36. BTEV Bluetrait Event Viewer monitors events that occur in your WordPress install.
  37. WP Super Secure and Fast htaccess plugin allow you to improve security and speed of your wordpress blog.