I use this plugin to make my wordpress site more secure: 1. WP Security Scan WP Security Scan checks your WordPress website/blog for security vulnerabilities and suggests corrective actions such as: - Passwords - File permissions - Database security - Version hiding - WordPress admin protection/security - Removes WP Generator META tag from core code Download at http://wordpress.org/extend/plugins/wp-security-scan/ 2. Limit Login Attempts Limit the number of login attempts possible both through normal login as well as using auth cookies. By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease. Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible. Features Limit the number of retry attempts when logging in (for each IP). Fully customizable - Limit the number of attempts to log in using auth cookies in same way - Informs user about remaining retries or lockout time on login page - Optional logging, optional email notification - Handles server behind reverse proxy - It is possible to whitelist IPs using a filter. But you probably shouldn't. Download at http://wordpress.org/extend/plugins/limit-login-attempts/ Hope usefull for you all, just let me know if you know more good plugin for security too
My webhost told me to install https://www.opensource-excellence.com/shop/ose-wordpress-firewall.html since some bots were trying to find my pass. And it seems to be working fine. I also use Limit Login Attempts, but that only blocks IP, if the attack comes from a bot net it won't help.
FeenuX: These plugins aren't really useful and they will just slow down your blog. I recommend reading this: http://halfelf.org/2013/false-security/
@ Devtard, just because a guy blogged about it, it doesn't mean it's law. That's just his opinion. If my webhost tells me to install something, i do it because they know what's best for their servers and for my website.
This person is not a guy, FYI. She is a WP core contributor. Of yourse that you don't have to take the post seriously; but it would be silly not to. When there is a thread about WordPress security, there are always some random guys who mention some random plugins that are supposed to keep you safe. I always try to point out that these "security" plugins are useless, because they are. Like what? If they are not capable to prevent your WP from being attacked by a botnet (which was happening a few weeks ago) and they tell you to install a plugin instead, you might want to think about hosting your site elsewhere, because this is just nonsense. This is a stupid assumption but I couldn't made up anything better; there is no need to install any plugins to make your WP more safe. By the way, more code always equals more bugs and potential security threats.