WordPress is an open source Content Management System (CMS), often used as a blog publishing application powered by PHP and MySQL. It has many features including a plugin architecture and a templating system. Used by over 12% of the 1,000,000 biggest websites, WordPress is the most popular CMS in use today. — Wikipedia
How To Secure Your WordPress Website/Blog
• Hardening WordPress
• 14 Effective Practical Security Tips for WordPress
• Hacked! Seven Tips For Fighting Back!
• Hardening WordPress
• Tips for Cleaning & Securing Your Website
• How to prevent your site from getting hacked. How to repair a damaged site. Website security precautions.
• Fixing An Infected Website
Security Scanning & Repair:
• Sucuri Security Scanner (free scan to detect malware, spam, security issues)
• Site Security Monitor
• Google Webmasters (assorted tools for managing websites; includes ability to scan for malware and ask Google to remove their malware warning page if your site has been tagged by Google as potentially dangerous)
• The Malware Warning Review Process
• Practical Guide to Dealing With Google’s Malware Warnings
Companies That Specialize In Hosting Secure WordPress Websites & Blogs:
• Page.ly (web hosting company that specializes in secure WordPress websites)
One of the leading security plugins for WordPress today. Remove error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.
This plugin helps you to keep your database clean by removing post revisions and spams in a blaze. It also allows you to rename your admin name and run optimize command on your WordPress core tables.
This plugin allows you to easily and automatically backup important parts of your WordPress install to Amazon S3. Amazon S3 is an extremely cheap service that is easy to set up. For pennies a month, you can make sure that your important files will be kept safe. Important caveat: this plugin currently has to be run on a linux server.
Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Administrators can release locked out IP ranges manually from the panel.
Detect, intercept, and log suspicious-looking parameters — and prevent them compromising WordPress. Also protect most WordPress plugins from the same attacks. Optionally configure as the first plugin to load for maximum security. Respond with an innocuous-looking 404, or a home page redirect. Optionally send an email to you with a useful dump of information upon blocking a potential attack. Turn on or off directory traversal attack detection. Turn on or off SQL injection attack detection. Turn on or off WordPress-specific SQL injection attack detection. Turn on or off blocking executable file uploads. Turn on or off remote arbitrary code injection detection. Add whitelisted IPs. Add additional whitelisted pages and/or fields within such pages to allow above to get through when desirable.
Other Recommended WordPress Plugins
Important Note: Plugins can be security risks. Depending on how complicated they are (and how well they have been coded), they can also slow website load times and cause a host of issues with your website/blog. It is, therefore, important only to use plugins that you need and that you know are safe, secure, and competently coded. Before installing plugins, check to see if they are current (do they work with current versions of WordPress?), how often have they been updated, how many people are using them, and what their overall rating is, including how many people have rated them. It’s also important to keep in mind that the more plugins you add, the more time is required of you to keep them updated and functioning properly.
This plugin will perform a number of checks on your WordPress install to detect common configuration errors and known issues. For now it just checks the PHP and MySQL versions of your server are not too low to meet the requirements that we have announced for WordPress 3.2 Once it has checked the versions it will feed back the results under the header of the Plugins page. In future this plugin will also provide a whole suite of checks for other things which may be affecting your install.
Automattic Kismet (Akismet for short) is a collaborative effort to make comment and trackback spam a non-issue and restore innocence to blogging, so you never have to worry about spam again.
This plugin will monitor your blog looking for broken links and let you know if any are found.