insanesecurity » WordPress http://insanesecurity.info/blog security through a distorted eye Thu, 25 Feb 2010 22:31:12 +0000 en hourly 1 http://wordpress.org/?v=3.0 WordPress security plugins http://insanesecurity.info/blog/wordpress-security-plugins http://insanesecurity.info/blog/wordpress-security-plugins#comments Thu, 09 Jul 2009 13:29:00 +0000 dblackshell http://insanesecurity.info/blog/?p=197 As any other IT security enthusiast I have limited trust towards the platforms I use, the current case being WordPress. The intention was there (to write my own blogging platform) but quickly gave up to it, mostly due to lack of time…

I had a to make a compromise; use the platform but try to secure it as well… But instead of applying security from outside the platform, this time I was going to write WordPress plugins to do the job… five/ten minutes into coding stuff, I was like:

Wait! What the fuck am I doing? WordPress has got a huge number of extensions, for sure it’s got security oriented ones as well.

And I was right… after browsing a couple of minutes through them (I didn’t say there where many) I’ve came up with the following list of security extensions which I liked: Login LockDown, Paranoid911, Restrict Login By IP, Times to Come security plugin and WP Security Scan.


Login LockDown

Login LockDown records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.

Paranoid911

Paranoid911 checks your wordpress installation for changes and sends you an email when changes occur.

Restrict Login by IP

This plugin lets you specify IP addresses or hosts that users are allowed to login from. You can either use full IPs (e.g. “12.34.56.7″) or partial IPs (e.g. “12.34″), which lets you specify a range of addresses. More advanced configuration is also possible – you can specify allowed subnet(s) via network/netmask and use IPv6 addresses, too.

WP Security Scan

Scans your WordPress installation for security vulnerabilities and suggests corrective actions.

Two features I’ve liked and found useful at this plugin, namely the security and scanner ones…

TimesToCome Security Plugin

I’ve kept this one for last, because I consider it a priceless addition to the plugin box.

This is part 2 of a 3 part security suite for WordPress. This part blocks cross-site script attempts, ip numbers of ill behaved people and bots and bans bad user agents. Since trouble is always changing this plugin allows you to adjust who you want to block. I’ve started you out with every bad bot I caught on my site this past month. You can remove bots, add bots and add and remove ips and requests.

]]> http://insanesecurity.info/blog/wordpress-security-plugins/feed 2