7 Top Wordpress Security Plugins

Wordpress is one of the best CMS (content management system) that provides effective platform for blogging, millions of bloggers are using wordpress for their blogs because wordpress is open source and provides a lot of different features that makes blogging fun and informative.The best feature that wordpress has is a plugins, you can find different plugins for different purposes like there are some plugins for advertisement, some for comment, guest blogging plug-ins and more. 
  

Security of any website and blog is the main concern and you are running a wordpress blog than you must use some wordpress plugins to make your wordpress blog bullet proof, there are various tips for securing a wordpress blog are available but in this article I will discuss some plug ins that makes a wordpress blog secure.

WP Security Scan

The best tool to measure the security of a wordpress blog.WP security scan, scan the entire blog to find the vulnerabilities like database security, passwords and admin security. It will give suggestion against a vulnerability. It will hide the version of a blog so that you can secure your blog from the available exploits.

Semisecure Login Reimagined

It offers encryption technique that increase the security of the log in process by using RSA cryptography. It uses public and private key to encrypt password that cannot easily be decrypt. If SSL is not available than admin must use Semisecure plug in to remain secure from sniffing.

Admin SSL

Secure socket layer (SSL) give an extra level of protection from the attack like sniffing on the network, introduction to SSL has a great effort for the readers. Admin SSL works on both private and shared SSL connection, in on any page if password is needed than this plug in encrypt the password into hashes so it is best practice to secure admin area.

IP Ban

If you feel that some intruder continuously trying to access the admin area of your blog than some action is needed, it is recommended to use IP Ban plug in to ban this intruder. Returns 'Page Not Found' 404 error message for IP's visiting your blog specified in the IP Ban option on the Discussion Options page.

AskApache Password Protect

This plug in adds some multilayer of security, This plugin doesn't control WordPress or mess with your database, instead it utilizes fast, tried-and-true built-in Security features to add multiple layers of security to your blog. The plug in is just a firewall and behind this firewall your blog still secure from hackers.

AntiVirus for Wordpress

Antivirus plug in for wordpress gives some advance features to protect your blog from exploits and spam injection, have you ever think about code injection hacking technique or cross site scripting technique? Than use this plug in to clean your blog from viruses and miscellaneous codes.

WP Email Guard

Wordpress email guard is the best plug in which protects your email addresses from spammer and intruders. Information gathering is the first step of any hacking attack so your email address would be a first piece of cake that the intruder going to eat. It converts every email written within your post body into a JavaScript code, so the emails is readable and can be clicked by humans only.

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Other Readings

• Security Alert: WpPhpMyAdmin WordPress plugin Can Expose your Site to Hacker (shoutmeloud.com)
• Stop WordPress Spam Registration with Sabre WordPress Plugin (shoutmeloud.com)
• Installing A Custom Header On Your WordPress Blog (wassupblog.com)

Read more

by Malik korrich ~ lundi 8 août 2011 0 commentaires

WordPress Security Scanner- WPscan

WordPress is among the best blogging platform, it is a open source and currently a lot of bloggers using it for their blogs. WordPress has a amazing features and has changed the way of blogging, just like other platform security is the main concern for wordpress. There are different tips for WordPress security are available on the Internet, let suppose you are implemented relevant tips to secure your blog but you must use some automatic tools to perform the security of your blog. 

There are different tools available to perform a quick penetration testing on web applications, beside these tools there is a new development to check the security of wordpress.


There are different holes has been found on wordpress plug in and on the installation bugs, WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses within WordPress installations. Its intended use it to be for security professionals or WordPress administrators to asses the security posture of their WordPress installations.

Key Features

• Password cracking
• Enumeration (version, plug in, username)
• Vulnerability enumeration  

Download

Wpscan Tutorial

Wpscan has been written on ruby so you can use it on cross operating system like Linux, Windows and others, however it has been written and tested on backtrack 5 GNOME. You have to install some dependencies on the terminal type

sudo apt-get install libcurl4-gnutls-dev
sudo gem install –user-install typhoeus
sudo gem install –user-install xml-simple  

The usage is very simple

ruby wpscan.rb –url www.example.com
ruby wpscan.rb –url www.example.com –wordlist darkc0de.lst –threads 50

Video Tutorial of Wpscan

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Read more

by Malik korrich ~ vendredi 22 juillet 2011 0 commentaires