WordPress is a powerful personal publishing platform, and it comes with a great set of features designed to make your experience as a publisher on the Internet as easy, pleasant and appealing as possible. It has grown to be the largest self-hosted blogging tool in the world, used on millions of sites and seen by tens of millions of people every day.

Hacker attacks across the web are getting more sophisticated even with the increased sophistication of anti-virus protection, firewalls, and application-based updates, hackers who want to stay in business have needed to get more creative. Security in WordPress is taken very seriously, There are a bundle of plugins for the security purpose. In this article i have compiled a list of 14 WordPress Plugins which will take complete care of your site security.


Akismet checks your comments against the Akismet web service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen.


  • A comment status history, so you can easily see which comments were caught or cleared by Akismet, and which were spammed or unspammed by a moderator
  • Links are highlighted in the comment body, to reveal hidden or misleading links
  • If your web host is unable to reach Akismet’s servers, the plugin will automatically retry when your connection is back up
  • Moderators can see the number of approved comments for each user
  • Spam and Unspam reports now include more information, to help improve accuracy

2.Antispam Bee:

Protects your blog from spam by replacing the comment field. It’s easy to use and extremely effective.

  • Allow comments only in certain language
  • Consider comments which are already marked as spam
  • Dashboard History Stats
  • Block comments and pings from specific countries
  • Optional strict check for incomming comments
  • Email notifications about new spam comments
  • Trackback and pingback check
  • Spam counter on dashboard
  • Spam may be marked or deleted immediately
  • Automatically cleanup the spam folder
  • Saves no data in the database


AntiVirus for WordPress is a smart and effective solution to protect your blog against exploits and spam injections. Malware protection for your blog.

  • WordPress 3.x ready: Design as well as technical
  • Detect the WordPress permalink back door
  • Quick & Dirty: activate, check, done!
  • Manual testing with immediate result of the infected files
  • Daily automatic check with email notification
  • Clean up after uninstall the plugin


BackUpWordPress will back up your entire site including your database and all your files once every day. It has several advanced options for power users.

  • Super simple to use, no setup required.
  • Uses zip and mysqldump for faster back ups if they are available.
  • Works in low memory, “shared host” environments.
  • Option to have each backup file emailed to you.
  • Control advanced options by defining any of the optional Constants.
  • Exclude files and folders from your back ups.

5.BulletProof Security:

The Bullet Proof Security WordPress Security plugin is designed to be a fast, simple and one click security plugin to add .htaccess website security protection for your WordPress website. Activate .htaccess website security and .htaccess website under maintenance modes from within your WordPress Dashboard – no FTP required. The Bullet Proof Security WordPress plugin is a one click security solution that creates, copies, renames, moves or writes to the provided Bullet Proof Security .htaccess master files. Bullet Proof Security protects both your Root website folder and wp-admin folder with .htaccess website security protection, as well as providing additional website security protection.

6.Login LockDown:

Login Lock Down records the IP address and timestamps of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Administrators can release locked out IP ranges manually from the panel.

7.Page Security by Contexture:

Page Security by Contexture International (PSC) lets YOU decide which users can access which content. Add users to groups, set granular permissions for content, and finally take control of your website! Groups allow you to organize your users how YOU see fit, then use your groups to choose who can access posts, pages, custom content, or entire sections of your website.

8.Secure WordPress:

Secure WordPress beefs up the security of your WordPress installation by removing error information on login pages, adds index.html to plugin directories, hides the WordPress version and much more.


  • Removes error-information on login-page
  • Adds index.php plugin-directory (virtual)
  • Removes the wp-version, except in admin-area
  • Removes Really Simple Discovery
  • Removes Windows Live Writer
  • Removes core update information for non-admins
  • Removes plugin-update information for non-admins
  • Removes theme-update information for non-admins (only WP 2.8 and higher)
  • Removes version on URLs from scripts and stylesheets only on frontend
  • Blocks any bad queries that could be harmful to your WordPress website

9.Semisecure Login Reimagined:

Semisecure Login Reimagined increases the security of the login process by using a combination of public and secret-key encryption to encrypt the password on the client-side when a user logs in. JavaScript is required to enable encryption. It is most useful for situations where SSL is not available, but the administrator wishes to have some additional security measures in place without sacrificing convenience.

10.Ultimate Security Checker:

This plugin identifies security problems with your WordPress Installation. It scans your blog for hundreds of known threats, then gives you a security “grade” based on how well you have protected yourself. You can fix the problems yourself, or you can use our help to do it for you automatically. This plugin and service is designed to be used by anyone from a complete newbie to an advanced PHP engineer.

11.WordPress File Monitor Plus:

Monitors your WordPress installation for added/deleted/changed files. When a change is detected an email alert can be sent to a specified address.


  • Monitors file system for added/deleted/changed files
  • Sends email when a change is detected
  • Administration area alert to notify you of changes in case email is not received
  • Ability to monitor files for changes based on file hash, time stamp and/or file size
  • Site URL included in notification email in case plugin is in use on multiple sites
  • Ability to run the file checking via an external cron so not to slow down visits to your website and to give greater flexibility over scheduling
  • Ability to set file extension to be ignored or only scanned.

12.WP Security Scan:

WP Security Scan checks your WordPress website/blog for security vulnerabilities and suggests corrective actions.


  • Passwords
  • File permissions
  • Database security
  • Version hiding
  • WordPress admin protection/security
  • Removes WP Generator META tag from core code


WP-Protect is a plugin for WordPress websites that allows webmasters to protect their content from being stolen. More specifically, it allows webmasters to disable right clicking abilities for their website visitors, along with a few other things like image dragging and text selection. These features are accomplished by way of javascript coding, so this plugin may not work for some visitors who have disabled javascript in their browser.


reCAPTCHA is an anti-spam method originating from Carnegie Mellon University, then acquired by Google which uses CAPTCHAs in a genius way.