They’re free, easily usable and safe. In this post, I take a look some plugins aimed at making your site even more secure.
1 - Login LockDown
Description:
Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Admisitrators can release locked out IP ranges manually from the panel.
2 - WP Security Scan
Description:
Scans your WordPress installation for security vulnerabilities and suggests corrective actions.
-passwords
-file permissions
-database security
-version hiding
-WordPress admin protection/security
-removes WP Generator META tag from core code
3 - Admin SSL
Description:
Admin SSL secures login page, admin area, posts, pages - whatever you want - using Private or Shared SSL. Once you have activated the plugin please go to the Admin SSL config page to enable SSL, and read the installation instructions.
Each time you update Admin SSL, please read the FAQ and installation instructions in case there is some important information relating to the update.
Features:
1. Forces SSL on all pages where passwords can be entered.
2. Works with both Private and Shared SSL.
3. Can be installed on WordPress MU to force SSL across all blogs (only works if you have a Private SSL certificate installed) from WPMU 1.3 upwards.
4. Custom additional URLS (e.g. wp-admin/) can be secured through the config page.
5. You can choose where you want the Admin SSL config page to appear!
6. Works on WordPress 2.2 - 2.7; it will not work on previous versions.
4 - WordPress Firewall
Description:
This WordPress plugin investigates web requests with simple WordPress-specific heuristics to identify and stop most obvious attacks. There exist a few powerful generic modules that do this; but they're not always installed on web servers, and difficult to configure.
It intelligently whitelists and blacklists pathological-looking phrases based on which field they appear within in a page request (unknown/numeric parameters vs. known post bodies, comment bodies, etc.). Its purpose is not to replace prompt and responsible upgrading, but rather to mitigate 0-day attacks and let bloggers sleep better at night.
5 - Secure WordPress
Description:
Little help to secure your WordPress installation: Remove Error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.
1. removes error-information on login-page
2. adds index.php plugin-directory (virtual)
3. removes the wp-version, except in admin-area
4. removes Really Simple Discovery
5. removes Windows Live Writer
6. remove core update information for non-admins
7. remove plugin-update information for non-admins
8. remove theme-update informationfor non-admins (only WP 2.8 and higher)
9. hide wp-version in backend-dashboard for non-admins
10. Add string for use WP Scanner
11. Block bad queries
6 - AntiVirus
Description:
AntiVirus for WordPress is a smart and effective solution to protect your blog against exploits and spam injections. AntiVirus protection for your blog.
Features
* WordPress 3.x ready: Design as well as technical
* Detect the current WordPress permalink back door
* Quick & Dirty: activate, check, done!
* Manual testing with immediate result of the infected files
* Daily automatic check with email notification
* Whitelist: Mark the suspicion as "No virus"
* Clean up after uninstall the plugin
* English, German, Italian, Persian, Russian
7 - Admin Log
Description:
Displays a list of all the admin pages accessed in the Blog admin area. This is updated every time a page in the admin area is accessed. Information displayed includes: admin page accessed, user, and time of access.
This is very useful if more than one person maintains your Blog, so you can see exactly who is accessing the admin pages, what they are doing, and when! The log is save as a text file called 'admin_log.txt', in the Plugin directory. This makes it easy to export for use outside of your WordPress Blog if required.
8 - Login Encrypt
Description:
Login Encrypt is a security plugin. It uses a complex combination of DES and RSA. It was first developed by ELSERVER for securing login in the hosting control panel, and then released as a WordPress plugin.
The way it works (fast explanation): * A Javascript appended to the wp-login generates, each time a user logs in, a unique DES key. Using that key, the password of the user is encrypted. * The Javascript encrypts the DES unique key using the RSA public key (generated when the plugin is activated). * The encripted password and the encrypted DES unique key are sended to the server. * A hook when login in checks if a encrypted DES unique key is received. If does, decrypts it using the secure RSA private key. * Then, decrypts the password using the DES unique key.
9 - WordPress Database Backup
Description:
WP-DB-Backup allows you easily to backup your core WordPress database tables.
0 nhận xét:
Post a Comment