Image Map

26 Feb 2014

Top 3 WordPress Plugins that Enhance Security

WordPress is a solid foundation to power a website. However, security is an issue. These top 3 plugins will enhance WordPress security.

WordPress now powers more than 60 million websites, which has made it a popular target for spammers and hackers. Fortunately there are effective ways to harden WordPress security without much effort. Here are 3 simple plugins to enhance overall security.

Rename the Login Page using “Rename wp-login.php”

There’s been a recent escalation in attacks against WordPress login pages worldwide.

Utilizing “brute-force” attacks, hackers created bots to target the login page of WordPress sites by guessing the password multiple times

A few years ago you could add a plugin that blocked the bot’s IP address after a certain number of guesses, and that was it. In this new wave of attacks the bots command thousands of IP numbers and use them simultaneously to attack a specific site.

This attack has caused entire servers to crash as the database tries to process all the login attempts made on the wp-login.php URL.

So our first recommended plugin is called “Rename wp-login.php,” which changes your login URL so that all the bots accessing “wp-login.php” will no longer see a login page. Only you will know your new unique login URL.

Confuse the Bots with “Invisible Captcha”

We’ve all seen the Captcha boxes on websites where we have to type words or numbers into a box to verify we’re human.

There is another clever way to stop bots in their tracks by placing an “Invisible Captcha” on the page that humans with Web browsers don’t see. However, many of the bots do see this hidden form field, and when one tries to fill in the invisible field, their comment is sent directly to the spam folder.

The nice thing about “Invisible Captcha” is that it requires no extra work on your blog visitor’s part but can work with existing Captcha’s like Askimet.

Disallow bots with “Bad Behavior”

This next clever anti-bot plugin also works in the background so your blog visitors don’t notice anything different but the bots do.

The plugin “Bad Behavior” analyzes the code a visitor uses when accessing the site. As many bots have broken code or incomplete headers and such while they comb the web, this plugin recognizes this and instantly blocks access so they can’t even scan the site.

This plugin not only reduces a lot of comment and trackback spam, but saves server CPU as the bots can’t load the full site. Disallowing bots with “Bad Behavior” not only makes WordPress more secure, but allows it to run faster because it is not processing additional bot traffic.

Of course no plug-in is 100% effective, but the plugins mentioned in this article require minimal effort and can make a dramatic difference for any WordPress installation.

 has 18 years of IT experience as a consultant for Online Institute and is also a writer and webmaster for the OLI Hosting Blog.

 

Leave a Reply