Limit Login Attempts: one of the best ways to keep your site secure against hack attacks is by finding and banning the IPs belonging to hackers. This plugin will notify you of that information as soon as your site is attacked.

WP Login Security: requires all the admins on your website to register and whitelist their IPs. If an IP is not recognized, an email will be sent to the admin’s registered email address with a one time password. Adds another layer of security to your blog.

Login Lock: a complete login protection system that enforces strong password policies, monitor hack attempts, and even bans abusers. Allows forced logouts by admins.

Google Authenticator: adds two factor authentication to your login page. You can define it for certain users (e.g. admins only).

One Time Password: planning to access your WordPress site on an unsafe network? This plugin creates one time passwords for those situations. Admin actions can be protected with one time passwords too.

Semisecure Login Reimagined: not a foolproof security solution for your login page. But it does use a combination of public/secret key encryption to protect passwords on the client side. Useful when SSL is not available.

ExtraShield: an exciting login protection plugin for WordPress that lets you log in to your WordPress account in a secure fashion using your mobile phone. Creates a new security code on your phone every 50 seconds!

I am interested to know your suggestions. Please share them below.

User Locker: sometimes people just forget their credentials and try different username/passwords out of desperation. But brute force attacks are very real, which is why you should ban abusers with this plugin.

User Spam Remover: this is a powerful plugin that can clean out your database from spammers and accounts that have not been used since their creation. You do have the option to define the time period after which inactive accounts are removed.

Wassup: have you ever wondered what people are doing on your website? This is a powerful plugin that spies on your visitors and keeps you informed if they are messing around with sensitive things.

Must Screamer: an effective security plugin that uses PHPIDS to detect attacks on your WordPress site. Enables you to ban and take the appropriate actions to protect your website.

SI Captcha For WordPress: sometimes you can turn abusers and spammers off by making it difficult for them to mess with your website. This powerful CAPTCHA solution is certainly capable of that.

User Access Manager: this is especially useful if you want to limit your content to just a group of people you have approved. This plugin essentially creates a private area on your blog.

User Role Editor: you can’t blame people for messing with your website if you have not paid enough attention to their roles on it.  This plugin allows you to manage your members’ roles more conveniently.

IP Allowed List: quite a strong plugin that turns your website into a private community open only to people you define. This probably won’t work for every type of website but is still pretty useful.

Secure Invites: don’t want everyone to have access to your sign up page? This is a script that lets you invite users to your website. Keeps track of the invites on your website.

Spammer Blocker: I personally have no patience for spammers. At least hackers try to destroy your business and need some skill to do it (not that it’s a good thing). Most spammers are just useless and use robots and annoying tactics. With Spammer Blocker, you can just drop the hammer on their IPs and get them out of your life.

How do you deal with rogue users on your site?

Adding a firewall to your WordPress install is one way to keep hackers out. Firewall plugins keep hackers and their queries from messing with your site and its database. No blog is hack proof. But the more difficult you make the process, the less likely it is for your website’s walls to get breached. These 6 firewall WordPress plugins let you do just that:

WordPress Firewall 2: a powerful firewall for your WordPress site that investigates requests and blocks the most obvious attacks. It protects your plugins as well. Best of all, it informs you when your site is being attacked. Sometimes, this could be too strong though.

Block Bad Queries (BBQ): takes care of suspicious URLs to keep your blog secure against malicious URL request attacks. Works great on older WordPress versions too.

Secure WordPress: if you have not taken the steps to make your website more secure already, this plugin is a good place to start. Not only blocks bad queries, it removes versions, tooltips, error messages, and much more.

Bullproof Security: a fast and powerful plugin that protects your site against XSS, SQL Injection and base64_encode hacking attacks. It turns off errors and other information that hackers can use to attack your site with.

AskApache Password Protect: you may not be able to stop all hack attacks, but thanks to plugins such as this one you can handle most automated attacks as well the ones performed by inexperienced hackers. Takes advantage of Apache’s core security features to keep your website safe.

F-Secure Safe Links: not a firewall per se, but it does allow you to keep track of the links posted on your website. Catches possible malicious links before they do any harm. This plugin protects your blog against comment attacks as well.

Please share your suggestions below.

Spammers use web bots to go through your website and mine e-mail addresses. While they don’t have permission to send e-mail to these addresses, they do it anyway. CryptX allows you to hide your e-mail addresses by using Javascript and Unicode. It covers both regular and mailto e-mail links. The plugin allows you to apply it to your content, comments, and other sections of your website.

I love the fact that you can add mailto to all your unlinked e-mail addresses. If you have been careless in that regard, you can fix that issue with one click. CrpytX also supports custom characters for @ and “.” signs in your e-mails.

You always have the option to turn CryptX off just in case it is not working for a certain article of yours or are just not interested in using it. It does not affect your site’s performance significantly, so it’s a decent option to go with.

Secure WordPress is one impressive plugin that takes care of those small little details on your blog and lets you focus on more complex measures. For starters, it gets rid of tool-tips and those little error messages that hackers look out for. It gets rid of WordPress version information as well.

Every WordPress expert would tell you that you need to make sure you protect your plugins directory from wandering eyes of the public. You never know what information people can find out about your blog and its security flaws by going through your plugins. This plugin automatically adds an index.php file to your directory to increase your website’s security.

Secure WordPress gets rid of update information for your plugins and themes too. So if you have multiple members on your blog, only those with proper rights will get to see all those messages.  To top if all off, you can get a free security scan for WordPress malware with this plugin.

Please keep in mind that you can do a lot of these steps by yourself. If you do not want to use a plugin to do the job for you, it will take you a bit of time to implement them. Secure WordPress does save you time though.

Secure WordPress Plugin enables you to reduce hack attacks on your blog by protecting your installation information and plugin lists. It automatically adds an index.php file to your directories to make sure hackers can’t gain access to your plugin list to use known security wholes in some of them. It also removes theme, plugin, and core update information from non-admins. It can even protect your blog against malicious URL requests.

I also like the fact that the plugin deactivates tool-tip and error messages from your WordPress login page. These small details may not look too important, but there are many hackers out there who succeed in their jobs by taking advantage of this information. So it never hurts to make their life difficult.

This plugin is not designed to make your WordPress 100% hack-proof. So you are going to need other security plugins to help defend your blog against hackers. Nevertheless, the plugin is very easy to use and does fix a few common WordPress issues. It’s free too.

WordPress is a great content management system that has somewhat leveled the playing field by allowing almost anyone to start a sophisticated blog without having to spend thousands of dollars developing a CMS from scratch. When you get started with blogging, you are probably not going get so many visitors. The early days are always going to be tough. But the last thing you want to do is take fundamental things for granted. By that I mean you shouldn’t assume for a second that just because you are not getting a lot of traffic, hackers are going to leave you alone. Your WordPress blog can be used by hackers to link out to their web properties or even as a tool to put harmful content on your users’ computers. Running a WordPress blog is a big responsibility, and you shouldn’t cut corners and forget about taking proper measures to keep your blog secured.

User Locker is a cool little plugin for WordPress that lets you protect your admin page against brute force and dictionary attacks. If you have a short password, your WordPress install can easily get hacked by a brute force attack. However, by using User Locker, you can lock users out after a few number of invalid tries.

I would encourage you to set this number to 3. Three tries should be enough for your users to get their username/password set right. And if they are who they say they are, they should have no trouble having their accounts activated again. They can always user the password lost feature to recover their password and unlock their account. In general, I am not a fan of allowing user registrations on my blog. It’s just too risky. But if you have to, you better make sure you take proper measures to protect your blog against hack attacks.

Download User Locker now. It’s free!