Almost 9,000 plug-ins are available for WordPress but the question is which ones are the best ones to use. Everyone has their own list of what to use and how to use them. Instead of activating too many plug-ins that have the same features or same purpose, and even some issues because of the conflicts between them, you should consider using only these top plug-ins that help you to do the job better. Below is a list of plug-ins that I have found to be the most useful for your WordPress website’s security purposes:
* Askimet: Add no more other plugin for spam protection. The spam filter of this service is really efficient.
* AskApache Password Protect: Set password for your admin dashboard, also with any files folder in your web host without messing with your database. This plugin is specifically designed and regularly updated specifically to stop automated and unskilled attackers attempts to exploit vulnerabilities on your blog resulting in a hacked site.
* Admin Log: Keep in track on all foot prints of users logged in to the blog admin area. Information displayed includes: admin page accessed, user, and time of access. However, this should be filtered better because it’s keeping some access pages that are unnecessary at all.
* Secure WordPress: Secure WordPress installation by removing miscellaneous items after the installation process which may aid hackers: Remove Error information on login page; adds index.html to plug-in directory; removes the wp-version, except in admin area.
* WP-Ban: Ban users by IP, IP Range, host name, user agent and referer url from visiting your WordPress’s blog. You can also exclude certain IPs from being banned.
* User Locker – Login LockDown: – Limit Login Attempts Combine these set of 3 and you’ll have the best security for you WP Log ins.
* WP Security Scan: Nice plug-in helps you to scan your WordPress installation for security vulnerabilities and suggests corrective actions: passwords, file permissions, database security, version hiding, WordPress admin protection/security…* Admin SSLThis plug-in forces SSL on all pages where passwords can be entered so that all information transmitted are encrypted. However, you have to own a SSL certificate before you can do it.
* Stealth Login: Stealth Login confuses your login page by allowing you to define a custom login page rather than the default wp-login.php. In the event that your password is leaked, the hacker will also have a hard time finding the correct login URL. A good use of this is to prevent any malicious bots from accessing your wp-login.php file and attempting to break in.
* WordPress Database Backup: This creates backups of your core WordPress tables as well as other tables of your choice in the same database.
* WP-DB Manager :In WP-DB Manager you can find all the needed features in this all in one plug-in for database management, this is not only perfect for doing automated backups, it can also do things like database optimization and the admin pages for it allow you to do the occasional query from within WordPress.
* TAC (Theme Authenticity Checker): TAC helps you to scan your themes for any unwanted or potentially dangerous code. This is a helpful plug-in for you to check any theme you download somewhere to make sure the theme is safe for using.
* WP Sentry: This is a simple plug-in just for privacy reason. WP Sentry restricts access to the post for specific users, groups…and a little more granular access controls.Below are the added plug-ins for Social Media purposes:
* AddToAny Share/Bookmark/Email Button: Help readers share, bookmark, and email your posts and pages using any service
* Advertising Manager: Control and arrange your Advertising and Referral blocks on your WordPress blog
* All in One SEO Pack: Optimizes your WordPress blog for Search Engines
* Apture: Makes it easy to add contextual images, videos, reference guides, links, maps, music, news, documents and books to your blog to create a connected media experience that keeps readers engaged on your site
* Contact Form 7: A simple and flexible contact form.
* DandyID Services: Retrieves your DandyID online identities and displays them as clickable links in your sidebar
* Disqus Comment System: Replaces your WordPress comment system with your comments hosted and powered by Disqus
* FeedBurner FeedSmith: Detects all ways to access your original WP feeds and redirects them to your FeedBurner feed so you can track every possible subscriber
* Google XML Sitemaps: This plugin will generate a special XML sitemap which will help search engines like Google, Yahoo, Bing and Ask.com to better index your blog
* Multi Column Category List: Displays a customizable list of categories in multiple columns.
* TweetMeme Retweet Button: Lets visitors retweet your blog posts
* Twitter for WordPress: Displays your public Twitter messages
* Ultimate Google Analytics: Enable Google Analytics on your blog. Have options to also track external links, mail-to links and links to downloads on your own site.
* WordPress.com Stats: Tracks views, post/page views, referrers, and clicks.
* WP-Cumulus: Displays a flash based tag cloud.
* WP-PageNavi: Adds a more advanced paging navigation to your WP blog
* WP-Stats-Dashboard: Displays the WordPress.com stats graph, your traffic and social metrics monitoring on your dashboard
* Yet Another Related Posts Plugin: Returns a list of related entries based on a unique algorithm for display on your blog and RSS feeds. A templating feature allows customization of the display.