1. WordPress Database Backup (http://www.ilfilosofo.com/blog/wp-db-backup/)
URL: http://www.ilfilosofo.com/blog/wp-db-backup/.
Description: This plugin does exactly what it says, it backs up your entire WP installation. This has got to be one of the first plugins you install upon first installation. You can back it up to your hard drive, on a server or even to a specified email address. Whether it be a rogue plugin or a hacker (or yourself) that crashes WP, WP Database Backup will reinstate everything as it should be. I like to think of it as my “WP system restore“.
2. Semisecure Login (http://jamesmallen.net)
URL: http://jamesmallen.net/2007/09/16/semisecure-login/.
Description: Semisecure increases the security of your WP Login, it uses client-side MD5 encryption on the password. JavaScript is required to enable encryption. When JavaScript is not available, the password is transmitted in plaintext (as normal), but authentication still completes in this case.
3. AskApache Password Protect (http://www.askapache.com)
URL: http://www.askapache.com/wordpress/htaccess-password-protect.html.
Description: This will secure your WP Admin with a very powerful htaccess password protection, preventing all unwanted bots from entering your site.
4. Force SSL (http://almosteffortless.com/)
URL: http://almosteffortless.com/wordpress/force-ssl/.
Description: For those will an SSL certificate, the Force SSL plugin for WordPress forces for an HTTPS connection for security purposes. This is useful for those who with to enforce a higher level of security regarding the delivery of WordPress content to the browser.
5. WP Security Scan (http://wordpress.org/extend/plugins)
URL: http://wordpress.org/extend/plugins/wp-security-scan/.
Description: I love this plugin, it scans your site for security issues and checks passwords, file permissions, database security, WP version hiding and WordPress admin protection/security. It also makes me a little paranoid.
6. Secure Files (http://wordpress.org/extend/plugins)
URL: http://wordpress.org/extend/plugins/secure-files/#post-271.
Description: This plugin allows you to upload and download files from outside of your web document root for security purposes. When used in conjunction with a plugin that requires a user to be logged in to see your site, you can restrict file downloads to users that are logged in.
7. WP-SpamFree (http://www.hybrid6.com/)
URL: http://www.hybrid6.com/webgeek/plugins/wp-spamfree.
Description: I had heard a lot about this plugin before I tried it, it said it is better than Akismet. To be honest I never noticed much difference (I get 500+ spam a day at the moment) between the two. User choice I suppose. I wish there was a way to stop the spammers instead.
8. BackUpWordPress (http://wordpress.designpraxis.at)
URL: http://wordpress.designpraxis.at/plugins/backupwordpress/.
Description: Almost identical as the first plugin, just not as straight forward. The list of features goes on and on, this is for the WP Pro. Some features: Database backup including uploaded files, plugins, etc.; EMail notofication on new backups; Trigger backup manually; Set schedules for your backups; restore backups; Staggered SQL import; Automatically continue unfinished backups in background; Language Support. (And thats just the Easy Mode, wait until you see the advanced).
9. Anonymous WordPress Plugin Updates (http://f00f.de/)
URL: http://f00f.de/blog/2007/10/02/plugin-anonymous-wordpress-plugin-updates.html.
Description: Anonymizes the plugin update checking system which is a new feature in WordPress 2.3. The plugin prevents WordPress from transmitting a list of active plugins, the blog url and WordPress version. Ideal for privacy-aware administrators of WordPress installation.
10. Replace WP-Version (http://wordpress.org/extend/plugins/)
URL: http://wordpress.org/extend/plugins/replace-wp-version/#post-2859.
Description: (We have all read about the security issue of showing your WP version, this resolves it).
If you’re running an older version of WordPress, anyone can view source to see what attacks might work against your blog. This plugin replace the WP-version with a random string < WP 2.4 and eliminate WP-version > WP 2.4
I love WordPress as the best blogging platform, well personally speaking it has evolved as a complete CMS for community,e-commerce sites & other site s, but well that can be a topic of discussion in a entire diff post. Being the most popular one hackers too concentrate more on hacking, cracking sites build on wordpress. So there are some tweaks plugins which helps to make your wordpress site more secure & free from hacking.
#
WordPress Database Backup - This plugin does exactly what it says, it backs up your entire WP installation. This has got to be one of the first plugins you install upon first installation. You can back it up to your hard drive, on a server or even to a specified email address. Whether it be a rogue plugin or a hacker (or yourself) that crashes WP, WP Database Backup will reinstate everything as it should be. I like to think of it as my “WP system restore“.
#
Semisecure Login - Semisecure increases the security of your WP Login, it uses client-side MD5 encryption on the password. JavaScript is required to enable encryption. When JavaScript is not available, the password is transmitted in plaintext (as normal), but authentication still completes in this case.
#
AskApache Password Protect - This will secure your WP Admin with a very powerful htaccess password protection, preventing all unwanted bots from entering your site.
#
Force SSL - For those will an SSL certificate, the Force SSL plugin for WordPress forces for an HTTPS connection for security purposes. This is useful for those who with to enforce a higher level of security regarding the delivery of WordPress content to the browser.
#
WP Security Scan - I love this plugin, it scans your site for security issues and checks passwords, file permissions, database security, WP version hiding and WordPress admin protection/security. It also makes me a little paranoid.
#
Secure Files - This plugin allows you to upload and download files from outside of your web document root for security purposes. When used in conjunction with a plugin that requires a user to be logged in to see your site, you can restrict file downloads to users that are logged in.
#
WP-SpamFree - I had heard a lot about this plugin before I tried it, it said it is better than Akismet. To be honest I never noticed much difference (I get 500+ spam a day at the moment) between the two. User choice I suppose. I wish there was a way to stop the spammers instead.
#
BackUpWordPress - Almost identical as the first plugin, just not as straight forward. The list of features goes on and on, this is for the WP Pro. Some features: Database backup including uploaded files, plugins, etc.; EMail notofication on new backups; Trigger backup manually; Set schedules for your backups; restore backups; Staggered SQL import; Automatically continue unfinished backups in background; Language Support. (And thats just the Easy Mode, wait until you see the advanced).
#
Anonymous WordPress Plugin Updates - Anonymizes the plugin update checking system which is a new feature in WordPress 2.3. The plugin prevents WordPress from transmitting a list of active plugins, the blog url and WordPress version. Ideal for privacy-aware administrators of WordPress installation.
# Replace WP-Version -We have all read about the security issue of showing your WP version, this resolves it.
If you’re running an older version of WordPress, anyone can view source to see what attacks might work against your blog. This plugin replace the WP-version with a random string < WP 2.4 and eliminate WP-version > WP 2.4.
Upcoming 2.9 version of WordPress will have minor changes,addons,improvements in security, administration as most wordpress updates happen. This time WordPress 2.9 will have the possibility to update all your Plugins, which have an update available, in one step. That makes maintenance work for the blog more simple and faster as you do not need to each plugin seperately.