WordPress.org

Authors: AskApache, cduke250

This plugin doesn't control WordPress or mess with your database, instead it utilizes fast, tried-and-true built-in Security features to add multiple layers of security to your blog. This plugin is specifically designed and regularly updated specifically to stop automated and unskilled attackers attempts to exploit vulnerabilities on your blog resulting in a hacked site.

You can set up Password Protection for your blog using HTTP Basic Authentication, or you can choose to use the more secure HTTP Digest Authentication.

The power of this plugin is that it creates a virtual wall around your blog allowing it to stop attacks before they even reach your blog to deliver a malicious payload. In addition this plugin also has the capability to block spam with a resounding slap, saving CPU, Memory, and Database resources. Choose a username and password to protect your entire /wp-admin/ folder and login page. Forbid common exploits and attack patterns with ModSecurity, ModRewrite, Mod_Alias and Apache's tried-and-true Core Security features. This plugin requires the worlds #1 web server, Apache, and web host support for .htaccess files.

Has a user-contributed attack signature system modeled after the Snort Intrusion Detection and Prevention system, Nessus Vulnerability Scanner, and the Web Application Firewall ModSecurity.

1. http://www.modsecurity.org/
2. http://snort.org/
3. http://www.nessus.org/nessus/
4. http://httpd.apache.org/