Better WP Security – Plugin

Note: Install this plugin and go the "Better WP Security" tab to get an overview of all the security issue within your blog.

Better WP Security takes the best WordPress security features and techniques and combines them in a single plugin thereby ensuring that as many security holes as possible are patched without having to worry about conflicting features or the possibility of missing anything on your site.
 

Current features

  • Remove the meta "Generator" tag
  • Removes login error messages
  • Change the URLs for backend functions including login, admin, and more
  • Limit admin access to specified IP or range of IP addresses
  • Ban troublesome bots and other hosts
  • Completely turn off the ability to login for a given time period (away mode)
  • Prevent brute force attacks by banning hosts and users with too many invalid login attempts
  • Display a random version number to non administrative users anywhere version is used (often attached to plugin resources such as scripts and style sheets)
  • Remove theme, plugin, and core update notifications from users who do not have permission to update them (useful on multisite installations)
  • Remove Windows Live Write header information
  • Remove RSD header information
  • Strengthen .htaccess settings
  • Enforce strong passwords for all accounts of a configurable minimum role
  • Detect attempts to attack your site
  • Rename "admin" account
  • Security checker
  • Change the WordPress database table prefix
  • Force SSL for admin pages (on supporting servers)
  • Change wp-content path
  • Turn off file editing from within WordPress admin area
  • Works on multi-site (network) and single site installations

 


Installation

  • Backup your WordPress database, config file, and .htaccess
  • Upload the zip file to the /wp-content/plugins/ directory
  • Unzip
  • Activate the plugin through the 'Plugins' menu in WordPress
  • Visit the Better security menu for checklist and options

NOTE: It is quite possible (maybe even probable) that something will break due to the complexity of the changes made by this plugin. SO. REMEMBER TO ALWAYS BACKUP BEFORE MAKING ANY CHANGES.

I've enabled the Enforce SSL option causes issues on your site edit the wp-config.php file and remove the following lines:

  • define('FORCE_SSL_LOGIN', true);;
  • define('FORCE_SSL_ADMIN', true);;