If you have a blog or website, one of your top concerns should be security. In the past many sites, even some of the top ones, have been hacked and it’s something you should take measures to prevent. After all, if some gains access to your site, they can not only damage your site but even your brand or reputation. Here is a list of some tools and plugins that can help you secure your WordPress Blog.
Login LockDown records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Administrators can release locked out IP ranges manually from the panel.
AskApache Password Protect
AskApache Password Protect adds some serious password protection to your WordPress Blog’s admin directory. Imagine a HUGE brick wall protecting your frail .php scripts from the endless attacks of automated web robots and password-guessing exploit-serving virii.
WordPress Scanner will look at your blog and give you useful information about your themes, your WP install and any security type issues that you should address on your blog.
Admin-SSL secures wp-admin/wp-login using an available Private SSL certificate. Encrypts cookie contents. Translates http to https (public pages remain http) Simply upload and activate.