In an earlier post, I had explained the steps I took to clean up my hacked WordPress blog and get it back online in the shortest possible time. To successfully ward off a hacking attack on your WordPress site, you need to take a few more precautions.

For non-programmers like me, that means relying on a few select WordPress plugins which enhance the security. Here I will list a few of the plugins which aid in securing your WordPress blog from outside attackers.

WordPress Plugins For Security

1. Antivirus for WordPress – This is a smart, effectively solution to protect your blog against exploits and spam injections. You can set it to do regular scans of all the critical files comprising your WordPress blog, and if it finds a security hole it will let you know via email. Other options include conducting a manual scan of the theme templates and a permanent backdoor check. This plugin is the work of Sergej Müller.
2. Login LockDown – This WordPress plugin records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. The author of this plugin is Michael VanDeMar. You may check out some of his other tools at his website.
3. WP-DB-Backup – Taking regular backup of your WordPress database is a must. For if your website gets hacked, you can rely on the backup to replace the lost data. This WordPress plugin allows you to schedule a backup of your WordPress core tables and you can ask it to email it to your email address. The backup can be scheduled on an hourly,daily, weekly and monthly basis. You can even take a manual backup of your WordPress blog at any given time. This plugin is the work of Filosofo.
4. Bad Behavior – Bad Behavior is a PHP-based solution for blocking link spam and the robots which deliver it. Bad Behavior complements other link spam solutions by acting as a gatekeeper, preventing spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place. This keeps your site’s load down, makes your site logs cleaner, and can help prevent denial of service conditions caused by spammers. ( Home Page )
5. WordPress Exploit Scanner – Scans your WordPress site for possible exploits. This plugin could be a great help if you are comfortable editing code. It scans all the WordPress files and gives hints about any back doors that may exist in the code.

A very nice website which I came across that explains various WordPress hardening techniques is  Wpsecure.net. It has a good collection of knowledge base on WordPress security.