3 Password Plugins You Need to Stay Safe
Limit Login Attempts
Limit the number of login attempts possible both through normal login as well as using auth cookies.
By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.
Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.
ThreeWP Activity Monitor
Displays a multitude of user actions to keep the site administrator informed that all is well and that the blog or network is not being abused. Displays:
- Logins (successful and failed)
- Retrieved and reset passwords
- Posts/pages created, updated, trashed, untrashed and deleted
- Comments approved, trashed, spammed, unspammed, trashed, untrashed and deleted
- Changed passwords
- Changed user info
- User registrations
- User deletions
- Custom activities from other plugins
Better WP Security
Better WP Security takes the best WordPress security features and techniques and combines them in a single plugin thereby ensuring that as many security holes as possible are patched without having to worry about conflicting features or the possibility of missing anything on your site.
With one-click activation for most features as well as advanced features for experienced users Better WP Security can help protect any site.
As most WordPress attacks are a result of plugin vulnerabilities, weak passwords, and obsolete software. Better WP Security will hide the places those vulnerabilities live keeping an attacker from learning too much about your site and keeping them away from sensitive areas like login, admin, etc.
- Remove the meta “Generator” tag
- Change the urls for WordPress dashboard including login, admin, and more
- Completely turn off the ability to login for a given time period (away mode)
- Remove theme, plugin, and core update notifications from users who do not have permission to update them
- Remove Windows Live Write header information
- Remove RSD header information
- Rename “admin” account
- Change the ID on the user with ID 1
- Change the WordPress database table prefix
- Change wp-content path
- Removes login error messages
- Display a random version number to non administrative users anywhere version is used
Just hiding parts of your site is helpful but won’t stop everything. After we hide sensitive areas of the sites we’ll protect it by blocking users that shouldn’t be there and increasing the security of passwords and other vital information.
Should all the protection fail Better WP Security will still monitor your site and report attempts to scan it (automatically blocking suspicious users) as well as any changes to the filesystem that might indicate a compromise.
- Detect bots and other attempts to search for vulnerabilities
- Monitor filesystem for unauthorized changes
Finally, should the worst happen Better WP Security will make regular backups of your WordPress database (should you choose to do so) allowing you to get back online quickly in the event someone should compromise your site.
- Create and email database backups on a customizable schedule
- Make it easier for users to log into a site by giving them login and admin URLs that make more sense to someone not accustomed to WordPress
- Detect hidden 404 errors on your site that can affect your SEO such as bad links, missing images, etc.
All In One WP Security & Firewall
It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.
Clef replaces insecure username/password authentication with strongly encrypted, multi-factor authentication using your smartphone. Simply click the “Log in with your phone” button, scan the Clef Wave with your Clef app, and you are instantly and securely logged in to all of your Clef-enabled websites.
Clef provides the best single sign-on solution for WordPress. Once you sign in to one WordPress site using Clef, you can sign into all of your Clef-enabled sites with a single click. And once you sign out of the app on your phone, you are automatically signed out of all your WordPress sites. Say goodbye to passwords and hello to admistrative bliss–try Clef today!
1Password – Mac
LastPass – Win