Photo by ~ David Goehring, Flickr

Here are 3 easy to add plugins that you should consider adding to your website in order to make it more secure.

Before you do anything make sure you are using strong passwords that have both lower case and capital letters, numbers and special characters as well. Your password should at least be 8 digits long. Please back up your website before you add any new plugins.

Here is my Beginners top 3 list:

1. Add the “Limit Login Attempts” plugin

By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease. The “Limit Login Attempts” plugin will limit the retry attempts on your login page, and block users temporarily after more then 5 retries. You can modify the maximum number of attempts on the plugin’s setting page. In the rare case when your server is behind a proxy the plugin will ask you to check a check box on its setting page. If you have any trouble setting this plugin feel free to ask a question in my websites Ask a Question section.

2. Force all users to use strong passwords

Enforce strong password by adding the “Force Strong Passwords” plugin. Here is a list of some of the worst passwords used in 2014, make sure your one is not on the list. This plugin enforces your users to use strong password who have publish_posts, upload_files, edit_published_posts capabilities.

3. Hide your login page

Personally I think this plugin is the most simple and most ingenious plugin out there. Renaming your wp-login.php using the “Rename-wp-login” hides your login form from any would be attackers.  Once you add this plugin you can move your login page from wp-login.php to any URL you wish. Simple example: from demoblogdemo.com/wp-login.php to demoblogdemo.com/stargatesg1

Caution: if you forget your new login page url, you will have to modify the rwl_page option in your installation’s site meta table. More info in the plugins faq section.

If this article helped you or if you agree/disagree with my list let me know in the comment section! Thanks.


Disclaimer: These plugins are not enough to make your website completely secure. I will post an article for more advanced users and .htaccess file rules for admins, but if you are the average blogger hosting your own WordPress blog and you don’t have advanced security features, these plugins should at least give you some very basic security. At the time when this article was posted these plugins worked with the latest release of WordPress  4.1.  Please do your own research if these plugin work with your installation and has no conflicts with other plugins you use. Always backup your website before adding new plugins. Stay safe!