Not everyone on the Internet is nice. It’s a fact of modern life on the Internet: there are people who spend their time trying to break into, or hack, other people’s websites. Some do it just for the thrill, others to cause chaos, and some are simply after sensitive information like credit card numbers, social security numbers, and other personal information.

As your blog gets more and more popular you will find many cheaters trying to hack your site, spam your comment section or in the worst case one day morning you may find a “Hacked” message instead of your blog. If you run your blog on the WordPress platform you are fortunate enough to avoid most of those vulnerabilities to a certain extend with a simple installation of some plugins. The 10 plugins given below will create a safe wall for your blog from hackers and spammers.

1. Akismet

Akismet is the mother of all plugins and that no WordPress blog is complete without a fully activated version of Akismet. The plugin has been packaged in every WordPress software release since version 2.0. Akismet is the answer to comment and trackback spam. It has been developed by the actual team behind WordPress. Akismet checks your comments against the Akismet web service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen.

You will need an API key to use it. Keys are free for personal blogs, with paid subscriptions available for businesses and commercial sites. Akismet catches spam and throws it into a queue, holding the spam for 15 days and then deleting it from your database. It’s probably worth your while to check the Akismet Spam page once a week to make sure that the plugin hasn’t captured any legitimate comments or trackbacks.


reCAPTCHA is an anti-spam used by internet giants like Facebook, twitter, stumble upon etc. reCAPTCHA adds CAPTCHA anti-spam methods to WordPress on the comment form, registration form, or both. In order to post comments, users will have to type in the two phrases shown on the image. This prevents spam from automated bots.

Apart from blocking spams reCAPTCHA performs one more genius task; they help to digitize old books. reCAPTCHA uses two phrases for spam blocking. While the world is in the process of digitizing books, sometime certain words cannot be read. reCAPTCHA further distorts these words and create a CAPTCHA image. After a certain percentage of users solve the ‘unknown’ word the same way it is assumed that it is the correct spelling of the word. At this point, you’re probably thinking whether that means I can enter anything? How does that stop spammers? The answer is simple – there are two words, one of which the CAPTCHA knows. The second, it doesn’t and you’re helping digitize it.

3. Semisecure Login Reimagined

This plugin uses public and secret-key encryption to encrypt passwords when logging in. The security of the login process will be increased by the use of a combination of public and secret-key encryption to encrypt the password on the client-side when a user logs in. The server side then decrypts the encrypted password with the private key.

It is most useful for situations where SSL is not available, but the administrator wishes to have some additional security measures in place without sacrificing convenience. JavaScript is required to enable encryption. This plugin also requires PHP to be compiled with openssl support, which is a pretty standard option for most hosts.

4. Limit Login Attempts

This plugin will limit the number of login attempts possible both through the normal login as well as using auth cookies. By default WordPress allows unlimited number of login attempts using the login page or by sending special cookies. This allows passwords to be brute-force cracked with relative ease.

Limit Login Attempts blocks an internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.

5. Secure WordPress

The secure WordPress plugin will help secure WordPress installation by removing miscellaneous items after the installation process which may aid hackers. It will remove error information from the login-page and also remove or change the WP-version data but leave it unchanged in the admin area. It is suggested to remove any unwanted information to the non-admin for security reasons so it will remove update information about plugins, themes and core update information.

Secure WordPress will add a blank index.html to the plug-in directory such that if anyone is trying to view the contents of the directory they will be viewing a blank page instead of the contents. The plugin will hide your current WordPress version in backend dashboard for non admins. It also blocks bad queries.

6. AskApache Password Protect

This plugin adds multiple layers of security for your blog. This plugin is designed to stop automated and unskilled attackers attempts to exploit vulnerabilities on your blog resulting in a hacked website.

The power of this plugin is that it creates a virtual wall around your blog allowing it to stop attacks before they even reach your blog to deliver a malicious payload. In addition this plugin also has the capability to block spam with a resounding slap, saving CPU, Memory, and Database resources.

This plugin requires the worlds #1 web server, Apache, and web host support for .htaccess files.

7. Invisible Defender

This plugin protects registration, login and comment forms from spambots by adding two extra fields hidden by CSS. This approach gave me 100% anti-spam protection on one of my sites.

The idea behind this plugin is simple: SPAMBOTs either fill every form field they find (generic spambots) or fill WordPress-specific fields only (spambots which will recognize WP or are targeting WP only). Therefore it is sufficient to add two extra text fields to form (one empty and one with predefined value), and check their value after form is submitted. 1st field (empty one) will be filled by generic spambots, and 2nd one will not be filled by spambots targeting WP only. With these two simple checks probably all spambots can be easily detected, so WP can return error “403 Forbidden” for them.

These two extra fields are hidden with CSS rule, so they will not be visible to most users. Only users with text-based browsers (and very old ones which not support CSS) will see them, but don’t be afraid – plugin has a special message for them.

8. WP DBManager

This plugin allows you to optimize database, repair database, backup database, restore database, delete backup database, drop/empty tables and run selected queries. WP DBManager Supports automatic scheduling of backing up and optimizing of database.

9. Automatic WordPress Backup

You can prevent loss of data using a automated backup of your blog database. You create a free account on (wpb), connect your blog with the wbp via a key.
Your data will be backed up every few hours in a sql-export format, compatible with phpMyAdmin or any other software that lets you run sql queries on MySQL servers.

If needed, data privacy is assured by two 32-character “passwords” using AES as the algorithm (you can google the term AES and find out why it’s secure). These passwords are kept in your blog and are not sent to the site. That means we won’t back them up for you and we don’t have access to your data.

You can download your backups at any time. The site will hold the last 5 MB of archived backups (equivalent of about 30-60 MB worth of unarchived exports). When a new backup is created the oldest one is erased when you go over the account storage limit. You can also login and “lock” a backup – that ensures it will never be deleted.

10. WP Security Scan

This plugin scans your WordPress installation for security vulnerabilities and suggests corrective actions.

  • passwords
  • file permissions
  • version hiding
  • WordPress admin protection/security
  • removes WP Generator META tag from core code
  • These are the 10 useful plugins to avoid hacking or data loss of your WordPress blog. Do you use any other plugins? What are your experiences? Please share your comments.