Keeping your information secure on the Internet is a never ending battle. You need to keep your OS, anti-virus, anti-adware, and anti-spyware all up to date. And your WordPress blog is not an exception to this. So today will be a look at the various plugins available to help increase the security of your blog.
Secure WordPress has a nice selection of options for making your blog harder to hack. It hides your WordPress version number and creates an index.html in your plugin directory to keep that information hidden. It also allows you to remove the Real Simple Discovery and Windows Live Writer links from your blog header if you do not plan to use either of those methods of remote blogging. Two of the options are very useful for multi-user blogs. You can remove the ability of non-admins to use or even see the upgrade abilities for both the core WordPress files and any plugins. Finally you can choose to remove both the tooltips and error messages from the login page.
Not much available on this plugin, but it takes care of some of the most basic things to make you blog more secure. Hiding the upgrade stuff is obviously not useful for single user blogs, but does give you options if your blog expands. And one other nice touch is the ability to delete the plugin settings from your database if you decide to remove it. It would be nice if more plugins had this ability.
Admin SSL is designed to give you a secure connection to your admin login page, as well as some others. You can also set up some pages to not use SSL, if this is required for proper use like xmlrpc. It also allows you the option of adding other pages if you need to. It is easy to set up, and there are good instructions and a FAQ on the plugin at its homepage.
The contact form is nice, with options for various fields, including a customizable drop down menu that can be required. You can also have technical information about the sender included, if you are having problems with harassment. And there are some buttons included to show how many spam have been blocked by the plugin. The documentation is very good, and linked to directly from the setup page.
There are some plugins that conflict with this one. The known list is on the documentation page. The button for how many spam have been blocked is a nice touch, but it does require getting into your PHP files. A widget option, like the one for Akismet, would be much nicer for the average user. But the downsides for this plugin are fairly minor. It is plug and play, you do not have to do anything to get it working. The added options are just some nice touches in addition to its main function.
Invisible Defender is another spam protection plugin, which is even more plug and play than WP-SpamFree. There are no options, you just install and activate the plugin and it starts working. It uses CSS styling and some input fields to detect spambots, returning a 403 error when they are found. Easy to install and use, the only question is effectiveness, which only time will tell.
Login LockDown helps prevent a brute force attack on your blog login. You can set how many times it will allow retries from the same IP address within a certain amount of time before it blocks more attempts. Another easy way to help keep unwanted people out of your stuff.
Here are five ways to make your blog more secure. They are all easy to use and seem to do the job they are designed for. None of them cover a large number of areas, but they seem to be able to work together for the most part. It is doubtful you would need both spam blockers, especially if you also have Akismet, but even they do not seem to conflict.
You should give serious consideration to these plugins, or others like them, for securing your blog. Along with standard things like backing up your blog regularly, keeping it more secure will help keep your blogging experience enjoyable.