Let me share my list of wordpress plugin to secure your wordpress blog site . It is really impossible to avoid every attack , but installing of defense plugins can boost your wordpress protection .
WordPress Limit Sign In Attempts
Restrict the number of sign in attempts possible both by standard login as well as using auth cookies . Default WordPress allows limitless login attempts usually through the log on page or by transmitting unique cookies . This enables passwords to be brute-force cracked with relative ease . Control Login Attempts, blocks an IP address from making more attempts after a set limit on retries is reached , helping to make a brute-force attack difficult or impossible .
WordPress Security Scan
WP Security Scan tests your WordPress blog for safety vulnerabilities and recommends corrective acts such as :Passwords , File permissions , Database protection , Version masking , WordPress admin security , Eliminates WordPress Generators meta tag from core code.
WordPress Security Plugin – More than 20 Standard Protection Tasks for your website and obtain a free virus scan at the same time.
This WordPress plugin investigates online requests with basic WordPress specific heuristics to detect and prevent most obvious attacks . There are also a couple of powerful generic components that will do this ; but they’re not always set up in web servers , and not easy to configure . It accurately whitelists and blacklists pathological looking key phrases based on which area they appear within in a page request.
WordPress Login Lockdown
Login LockDown documents the IP address and timestamp of each failed login attempt . If more than a certain number of attempts are detected within a short time frame from the similar IP range , then the login function will automatically disabled for all requests from that IP address . This will help to avoid brute force password breakthrough . At this point this wordpress plugin defaults to a 60 minute lock out after three unsuccessful login tries within five minutes . This can easily be customized through the options panel . Admisitrator can release blocked IP address manually from the options panel .
WordPress Exploit Scanner
This plugin searches the records on your site , along with content and ratings tables of your database for whatever suspicious . This also tests your listed active plugins for unusual filenames . This will not remove anything from your website . That would be left for the owner to do .
WordPress File Monitor
This will Keep track of data files under your WordPress set up for changes . Whenever a change happens , you will be notified via email .