35+ top WordPress Security plugins 2016

35+ top WordPress Security plugins 2016

1 352

You have invested a fair amount of money in building and designing your wordpress blog. Now, it is the time to look at the security aspects of your blog, keeping it safe from hackers. So, I have listed35+ top wordpress security plugins to help you in securing your wordpress blog.

I feel the list is almost complete as I have tried to cover every aspect of security in this list. Go ahead and secure your blog using this list of wordpress security plugins.

35 WordPress security plugins:

Check out these free wordpress security plugins to secure your blog from hackers. The list contains plugins for access control, limit logins, spam protection, content theft protection, backup tools, password encryption, email protection, firewall, antivirus and much more.


Akismet checks your comments against the Akismet web service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen.

Antispam bee:

Protects your blog from spam bots and such spam content by replacing your comment field. Much helpful to fight against spam.

WP DB manager:

WP DBManager is one of the best plugins for database. Though it is mainly used to backup and restore database, it can also help us in optimizing database performance.


If you are having a custom backup and don’t know how to use it to restore your blog, Xcloner is the tool for you. Xcloner can work as native plugin for WordPress and also Jhoomla. It is used for backup and restore purpose. It is particularly useful for using custom backups during restoration of any blog. A must have plugin.


Simple automated backups of your WordPress powered website. BackUpWordPress will back up your entire site including your database and all your files. BackUpWordPress will back up your entire site including your database and all your files once every day.

WP DB Backup:

WP-DB-Backup allows you easily to back up your core WordPress database tables. You may also backup other tables in the same database.

Stealth login:

WordPress has default login url. This makes it somewhat easy for hacker. So, we can use Stealth login plugin to change our login url to something skeptic. So, even if the hacker knows our password, he will find it difficult to enter our admin panel as he don’t know our login url. This surely helps us in safeguarding our blogs from hackers.

User locker:

It is used to lock a user after the specified number of login attempts. Very useful to protect your blog from bruteforce attacks.

Limit login attempts:

Limit the number of login attempts possible both through normal login as well as using auth cookies.

Login lockdown:

This is a must-have wordpress security plugin. Generally, blogs are attacked with Bruteforce to crack admin passwords. Login lockdown is the perfect solution to such bruteforce attacks. Using Login lockdown, the blog admin can restrict login attempts and on failure, the user is locked out of login page. All parameters can be set by the blog admin.

Wp security scan:

Another must-have wordpress security plugin. This plugin scans your wordpress installation and alerts you about any security measure you need to take. Also, WP security scan helps you in setting file permissions in an optimum way.


WP Malwatch keeps scanning your wordpress installation for any malware and report it to you, if found. It is designed to alert you of any hacker activity in your WordPress.

WordPress file monitor:

This is a must-have wordpress security plugin. It notifies you via email about any sort of changes that may occur in your wordpress installation. This is surely helpful in determining hacker activity.

Exploit scanner:

It seaches in your WordPress database for any sort of infection which may indicate that your blog is accessed by any hacker. It includes all files, comments and database in its scan to detect any sort of suspicion.

Theme Authenticity Checker aka TAC:

This is another must-have wordpress security plugin. It checks your wordpress theme for any sort of infection or malware which can prove dangerous for your blog.

Askapache password protect:

One of the best wordpress security plugins which helps in adding password to your wordpress blog. It not only secures wp-admin directory, but also protects plugins, wp-content and other directories.

Secure wordpress:

It performs all the necessary security settings which are needed for any wordpress blog. It has really removed any sort of manual work from wordpress security. Secure WordPress beefs up the security of your WordPress installation by removing error information on login pages, adds index.html to plugin directories, hides the WordPress version and much more.

Chap Secure login:

Whenever you try to login into your website, you can use this plugin to trasmit your password encrypted. The encryption process is done by the Chap protocol; this is particularly useful when you can’t use ssl or other kinds of secure protocols.

Semisecure login reimagined:

Semisecure Login Reimagined increases the security of the login process by using a combination of public and secret-key encryption to encrypt the password on the client-side when a user logs in. JavaScript is required to enable encryption.

Admin SSL:

Secures any WordPress URL using Private or Shared SSL. Once the plugin is activated go to the Admin SSL config page to enable SSL and read the install.

Login encrypt:

Login Encrypt is a security plugin. It uses a complex combination of DES and RSA. This combination is used to encrypt your password protecting you from hackers.


AntiVirus for WordPress is a smart and effective solution to protect your blog against exploits and spam injections.

Ultimate security check:

One of the rare security plugins which are updated regularly. It is a wordpress security plugin which scans your wordpress installation and assigns security grade based on passed tests.

Replace WP version:

While attacking any wordpress installation, knowing wordpress installation is very handy. So, you will find many webmasters advising on web to hide your wordpress version. Replace WP version does this job for you. No need for any sort of coding.

HTTP Authentication:

The HTTP Authentication plugin allows you to use existing means of authenticating people to WordPress. This includes Apache’s basic HTTP authentication module and many others.

WP members:

wp-Member is an advanced WordPress membership plugin that adds many membership features including registration customization, total content protection for posts, pages and categories, content teasers, automated membership management, automated payment processing and many more.

User role editor:

User Role Editor WordPress plugin makes the role capabilities changing easy. You can change any standard WordPress user role (except administrator) with a few clicks. Just turn on check boxes of capabilities you wish to add to the selected role and click “Update” button to save your changes.

GD Press tools:

GD Press Tools is a collection of various administration, seo, maintenance, backup and security related tools. This tools can be integrated into the various WordPress admin panels, can perform maintenance operations, change some aspects of WordPress, see detailed server settings and information.

WordPress firewall:

This WordPress plugin investigates web requests with simple WordPress-specific heuristics to identify and stop most obvious attacks. It intelligently whitelists and blacklists pathological-looking phrases based on which field they appear within in a page request.

Content security policy:

It helps in preventing injection attacks to your wordpress installation. The admin has to specify which sites they trust for serving Javascript and based on this selection, further attacks are prohibited.

Fast Secure contact form:

This a must have plugin as it lets your visitors contact you via contact form. It efficiently filter spam bots and allows only genuine readers.

Anonymous wordpress plugin Updates:

Anonymizes the plugin update checking system which is a new feature in WordPress 2.3. The plugin prevents WordPress from transmitting a list of active plugins, the blog url and WordPress version.

WP copy protect:

It uses all possible precautions to protect your blog posts from being copied. An efficient tool to fight against copycats.

Blog protector:

Similar to Wp copy protect and helps in preventing any sort of content theft on your blog.

WP Email Guard:

This wordpress security plugin prevents your email address from being crawled by spam bots. If you have included your email address on any page of your blog, this plugin will convert this email into javascript which can be read only by humans, keeping spammers away.

36. HTTP authentication:
The HTTP Authentication plugin allows you to use existing means of authenticating people to WordPress. This includes Apache’s basic HTTP authentication module and many others.

End Notes:
Since plugins can increase your page load time, make sure you use optimum number of plugins.

So friends, this was all about wordpress security plugins. I am sure that you will find this list of 35+ wordpress security plugins useful. You might have noticed that I have titled this post as “35+” and not just “35″. I have listed 36 wordpress security plugins and expect more from your side.

Do you know any other useful wordpress security plugin not listed here??? Please share it with us in comments.


Leave a Reply