WordPress is most popular blogging platform. Now a days if any one think about top level domain blogging, WordPress blogging softwares comes first in mind. Due to huge popularity of WordPress, now it may be Hackers next target [may be hackers are hacking many wordpress blogs].
Currently WordPress itself doesn’t have that much security constraints in there software[though very frequent versions are launched by them, it is not that much secure], so better to take care about your wordpress blog by taking some preventive actions from hackers.
In this post, i will introduce you to few WordPress security related plug-ins that MUST be installed for a wordpress blog.If you know few more and good plug-ins please share with me.
Making a strong password is not the only key for a highly secure log-in. In wordpress default Username is “ADMIN“. Which is know to all, so just guest the password by “Guessing attack” or use “Brute force” attack and get the password. Changing of username from wordpress panel is not allowed and not possible, but it is possible through your database admin panel [Like PHPmyAdmin,etc] but it is much risky and tricky. Janis Elsts developed a nice plug-in for this work.
PLUG-IN : Change Admin Username
Download link [3KB]
Plug-in Homepage
This is a great plug-in for securing your wordpress blog, it will change your Admin Username as per your needs and hence Highly secure WordPress blog.
One more thing, do you want to keep track of IP address of user log-ins in your wordpress blog ? or want to keep eyes on failed [or successful] log-in attacks on your blog ?, there is one more nifty Plug-in developed by Stephen Merriman. Check it out.
PLUG-IN : Login Logger
Download link[3KB]
Plug-in Homepage
This plug-in will keep track of your blogs Log-in attempts with time and IP-address of logger.
This is one more plug-in called “WP Security Scan” this plug-in is well know for its security tests for WordPress security.
I am using all above plug-ins and yes all are working fine and they are really MUST HAVE for any wordpress blogger, else hackers on your way.
Nov 28, 2008 at 1:52 am
Thanks for the info man. The admin ID was changed during installation itself. Will check out the other plugin.
Cheers,
Ajith
Reply to this comment
Nov 28, 2008 at 10:55 am
Wow!!
Nice and very helpful post friend..I will try this.
now no one can hack my little blog!
Thanks for sharing such great information!
Reply to this comment
Nov 28, 2008 at 4:23 pm
really God info
Reply to this comment
Dec 1, 2008 at 2:00 pm
Thanks for the plugins. I will try to use it to make my blog more secure.
Reply to this comment
Dec 1, 2008 at 6:34 pm
Very nice share.Thanks.
Reply to this comment
May 27, 2009 at 6:47 pm
thanks for this info man,
its helpful
Reply to this comment
Jul 25, 2009 at 9:10 pm
Though I knew about WP Security Scan, It’s the first time I’m discovering the others, thanks for sharing. I think I’ll have to give them a try.
Reply to this comment
Sep 17, 2009 at 9:16 am
Well, my web hosting provider’s Fantastico Deluxe allowed me to choose the admin user name. One unfortunate client of mine is stuck using IIS5 via their web host and I just wanted to LAUGH out loud. Heck, I was an ASP/SQL Server-7/IIS5 (and Index Server) developer back in ’98 when I was an internship CompSci student in TDot (Toronto). That stuff is ANCIENT. Chryst!!!
Also, I strongly believe that the WP development team should make HTTPS log-ins MANDATORY as well as for password changes in the Profile section. Baaaaad!!
Thanks for the post though…great advice.
Reply to this comment
Jul 25, 2010 at 6:24 pm
Hey that was the great post but You must include the details of hiding admin directory and plugin directory
Reply to this comment
Jan 2, 2011 at 12:26 pm
I think we can use .htaccess and .htpassword for hide some pages. I don’t know whether it is correct or not. We can create best password so that we can prevent from brute force attacking.
Reply to this comment