Essential WordPress Plugins Part 1: Security

As the popularity of the easy-to-use WordPress blogging software increases, developers and users continue to develop more creative ways to use it. Although WordPress comes as a basic content management system by default, users have developed an array of plugins that allow web developers vast amounts of control and options for their WordPress-based websites.

In part one of my Essential WordPress Plugins series, I will be taking a look at some of my favorite plugins that help secure your WordPress-based website.

Skeleton Key

Skeleton Key is a useful WordPress plugin that allows a WordPress administrator to log in to another user’s WordPress account using only the administrator’s password.  This plugin can be useful if troubleshooting the user’s account and will keep you from resetting their password.  Find out more about Skeleton Key here.


User Locker

A current security flaw in WordPress is that there is no limit to the number of failed login attempts.  This flaw can make your WordPress installation susceptible to brute force or dictionary password attacks.  User Locker is a WordPress plugin that will patch this security hole by allowing you to limit the number of unsuccessful login attempts.  If the number is reached, then the user’s account is locked, then it must be unlocked by an administrator or the password reset.  Read more about User Locker here.


Capability Manager

WordPress includes a few default user “roles” with preconfigured accessibility permissions such as Contributor, Author, and Editor.  As these default roles may not fit your needs, you can easily edit them or add more user roles with the Capability Manager plugin.  Capability Manager offers 50+ different capability settings to be included/excluded from different user roles.  Capability Manager also allows you to backup your roles.


WP-Security Scan

WP-Security Scan is a very power plugin for a self-hosted WordPress site that will detect security flaws and provide information for resolving them.  WP-Security Scan will check various settings of your WordPress installation and database and assist in resolving the problem.  WP-Security Scan will also check that you have the appropriate file permissions set on your web server.  Read more about WP-Security scan in our guide.


Audit Trail

Audit Trail is a WordPress plugin that allows you to track what happens with your blog, which can be especially useful (if not necessary) in a multi-user system.  Audit Trail is capable of tracking many of the common user actions in your blog and save them to a log file.  Examples of items tracked include user logins, file attachments, page visits, post & page management, comment management, and many other actions.  The user name, time, and IP address are also saved.


Bad Behavior

Blocking spam comments and robots is something that all WordPress users deal with constantly.  The Bad Behavior plugin for WordPress will help to reduce (and sometimes eliminate) spam and robot traffic to your site.  If a visitor is determined to be a bot, then a 404 error code is sent, blocking your site from being accessed.  Bad Behavior is also capable of logging up to 7 days of blocking activity.  Bad Behavior is a powerful PHP script that will integrate into any PHP site.



Akismet is probably the most well-known anti-spam plugin for WordPress.  Akismet is included with the WordPress installation but needs to be activated and configured with a API key.  Akismet is capable of reducing or even eliminating spam comments from your blog.  Another nice feature about Akismet is that it provides some graphs that really show how spam affects your blog.

Check back later as we continue our Essential WordPress Plugins series with some WordPress administration plugins.

What WordPress plugins do you use to keep WordPress secure?  Let us know by commenting below.



, ,



Leave a Reply