1. WP Security Scan This plugin scans your entire site for security issues and checks passwords, folder/file permissions, database security, WP version hiding and WP admin protection and security. Don’t use if you have a weak heart, you could get a fright. Link - http://wordpress.org/extend/plugins/wp-security-scan/ 2. Wordpress Database Backup This is one of the plugins that you should almost have installed before you even think of installing your new theme. This plugin does exactly what the name says it does, it makes a entire backup of your wordpress content and can easily be managed. The content can either be backedup to a harddrive, server or even a email address. If its a hacker that crashes your WP installion or yourself, this plugin will restore it to its previous greatness. Link - http://www.ilfilosofo.com/blog/wp-db-backup/ 3. Replace WP-Version We all know by showing our WP versions we are more likely to be attacked by hackers. This plugins resolves the issue though. If you’re running a older version of wordpress anyone can view the source and then contemplate on what attacks might work against the installed version of wordpress. This plugin replaces the Version cue with a generated string which resolves the issue of showcasing your version. Link - http://wordpress.org/extend/plugins/replace-wp-version/#post-2859 4. WP Spam-Free Some say this plugin is better than Akismet but, I think it all depends on users choice for which plugin they want to use. I just wish there was a way to stop spammers in general, then we wont have to clean out our spam boxes with so much wasted comments everyday. Link - http://www.hybrid6.com/webgeek/plugins/wp-spamfree 5. AskApache Password Protect This plugin secures your WP Admin panel with a very powerful htaccess password protection, preventing all unwanted guests and bots to gain access to your site. Link - http://www.askapache.com/wordpress/htaccess-password-protect.html 6. Login Lockdown Login Lockdown records the IP address and timestamp of every failed WordPress admin login attempt. After a certain number of attempts that are detected within a short period of time from the same IP range, the login function is disabled for all requests from that range. You can find locked out IP ranges manually from the panel. Link - http://www.bad-neighborhood.com/login-lockdown.html 7. Angsuman’s Wordpress Guard Plugin A must-have Wordpress security plugin (compatible with all versions of Wordpress) that protects the vulnerable areas of your blog from outside access with an additional layer of security. Link - http://www.taragana.com/products/free-wordpress-plugins/wordpress-guard-plugin 8. Admin SSL This plug-in will work with both the private and shared SSL connections and it will force a SSL connection in every page where password can or has to be entered. It is very helpful to protect the admin area, posts and all the pages of your WordPress installation and secure the login page. Link - http://wordpress.org/extend/plugins/admin-ssl-secure-admin/ 9. Stealth Login Stealth Login obfuscates your login page by allowing you to define a custom login page rather than the default wp-login.php. In the event that your password is leaked, the hacker will also have a hard time finding the correct login URL. A good use of this is to prevent any malicious bots from accessing your wp-login.php file and attempting to break in. Link - http://wordpress.org/extend/plugins/stealth-login/ 10. Tips To Stay Protected * Always keep your plugins updated * Make sure you backup your databases regulary * Always have the latest version of Wordpress Installed * Protect your blog with a solid Password. What about your plugins? What ones do you use? Have you ever been unfortunate enough to get attacked? Share your experiences so others can benefit.
I just know that there is a wordpress plugin that can help us to change the wp-login.php link with another link we like that can be difficult to find by a hacker, this wordpress plugin it seems I could also use to minimize attacks by hackers in the search of wp-login.php
You always need to keep your plug in updated. Thats the most important thing. If a "secure" script is not updated then you might as well take it out. If you have many plug in that needs 777 be very careful with that as well.
AskApache Password Protect is completely worthless because WP uses the same folder for access of all WP users. For example, if you have a busy blog and decide to limit the commenting to only logged in users, none of them will be able to log in, unless you provide them with your Apache password. No new potential members will be able to create an account either. Hence useless for busy blogs. EDIT: this basically means that about 50% of the plugins listed are worthless as they rely on securing wp-admin. If yo do that, you will have blocked all users from ever signing up for your blog.
thanks alot im a nub in wordpress coding i never use any CMS for my website and its spend alot of time