WP Security Scan checks your WordPress website/blog for security vulnerabilities and suggests corrective actions such as:
For more information on the WP Security Scan and other WordPress security news, visit the WebsiteDefender Blog and join our Facebook page. Post any questions or feedback on the WP Security Scan plugin forum.
Block Bad Queries (BBQ) is a simple script that protects your website against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(, base64_, and excessively long request-strings. This is a simple yet solid solution that works great for sites where .htaccess is not available. The BBQ script is available as a plugin for WordPress or standalone script for any PHP-powered website.
Adds CAPTCHA anti-spam methods to WordPress forms for comments, registration, lost password, login, or all. In order to post comments or register, users will have to type in the code shown on the image. This prevents spam from automated bots. Adds security. Works great with Akismet. Also is fully WP, WPMU, and BuddyPress compatible.
Simple, lightweight yet effective spam comment blocker for Wordpress.
Useful? Bitcoin tipjar: 139kf2V286Wfsstyn7p52XBik14vBEUAKn (QR Code here)
This plugin is now also translated in: Italian. Translation help is welcome.
Even if you are careful and set your blogging nickname differently from your login id, if you are using permalinks it only takes a few seconds to discover your real user name. This plugin stops user enumeration dead (like in use by WPSCAN), and additionally it will log an event in your system log so you can use (optionally) fail2ban to block the probing IP.
NinjaFirewall (WP edition) is a true Web Application Firewall. Although it can be installed and configured just like a plugin, it is a stand-alone firewall that sits in front of WordPress.
It will hook, scan, sanitise or reject any HTTP / HTTPS request sent to a PHP script before it reaches WordPress or any of its plugins. All scripts located inside the blog installation directories and sub-directories will be protected, including those that aren't part of the WordPress package. Even encoded PHP scripts, hackers shell scripts and backdoors will be filtered by NinjaFirewall.
HttpOnlyflag on all cookies
By processing incoming HTTP requests before your blog and any of its plugins, NinjaFirewall is the only plugin for WordPress able to protect it against very large brute-force attacks, including distributed attacks coming from several thousands of different IPs.
See our benchmark and stress-test:
The protection applies to the
wp-login.php script and can also include the
xmlrpc.php one; the incident can be written to the server
NinjaFirewall can alert you by email on specific events triggered within your blog. Some of those alerts are enabled by default and it is highly recommended to keep them enabled. It is not unusual for a hacker, after breaking into your WordPress admin console, to install or just to upload a backdoored plugin or theme in order to take full control of your website.
NinjaFirewall is very fast, optimised, compact, and requires very low system resource. Don't believe us? See for yourself: download and install GoDaddy's P3 Plugin Performance Profiler and compare NinjaFirewall performances with other security plugins.
NinjaFirewall looks and feels like a built-in WordPress feature. It does not contain intrusive banners, warnings or flashy colors. It uses the WordPress simple and clean interface and is also smartphone-friendly.
Each NinjaFirewall menu page has a contextual help screen with useful information about how to use and configure it. If you need help, click on the Help menu tab located in the upper right corner of each page in your admin panel.
NinTechNet strictly follows the WordPress Plugin Developer guidelines: our software, NinjaFirewall (WP edition), is 100% free, 100% open source and 100% fully functional, no "trialware", no "obfuscated code", no "crippleware", no "phoning home". It does not require a registration process or an activation key to be installed or used. Because we do not collect any user data, we do not even know that you are using (and hopefully enjoying!) our product.
Check out our new supercharged edition: NinjaFirewall WP+
Add your own virtual Blackhole trap for bad bots. The Blackhole plugin includes a hidden link to your pages. You then add a line to your robots.txt file that forbids bots from following the hidden link. Bots that ignore or disobey your robots rules will crawl the link and fall into the honeypot trap. Once trapped, bad bots are denied further access to your WordPress-powered website.
I call it the "one-strike" rule: bots have one chance to obey your site's robots.txt rule. Failure to comply results in immediate banishment. The best part is that the Blackhole only affects bad bots: human users never see the hidden link, and good bots obey the robots rules in the first place. Win-win! :)
Using a caching plugin? Check out the Installation notes for important info.
Not using WordPress? Check out the standalone PHP version of Blackhole!
Pro version coming soon!
By default, this plugin does NOT block any of the major search engines:
These search engines (and all of their myriad variations) are whitelisted. They always are allowed full access to your site, even if they disobey your robots.txt rules. This list can be customized in the plugin settings.
Header Image Courtesy NASA/JPL-Caltech.
Paste this into your WordPress site: What's this?