I was browsing through the long list of WordPress plugins, looking for some good ones our site should have and I found 3 really cool ones that make your WordPress admin panel super secure.

First plugin you should install on your WordPress installation is Limit Login Attempts. This plugin tracks the number of times a user gets his username and password combination incorrect, and after a defined amount of attempts, it will lock, log, and email the WordPress administrator about it. This means brute-force attacks will be more difficult (still possible but not likely). Administrators can change some of the settings involving lockouts and resets.

Second plugin I recommend is Semisecure Login Re-Imagined. This plugin encrypts your login details when you submit the form (client side using javascript) and sends it to the server where it is decrypted. This also means bots will have a harder time brute-forcing your login because those bots cannot use javascript. This plugin offers 512 bit, 1024 bit, 2048 bit, and 3072 bit RSA encryption. This method is not quite all the way secure, but its better than the original plaintext method.

Last plugin I thought was pretty unique. The plugin is called PhoneFactor. When you have typed in your username and password and clicked “Login”, the plugin calls the phone number associated with the user account. From there, it asks you to press the # key to complete your login. The login page does not move on to your dashboard until you take action. I found out all you have to do is flip open your phone and press the key and hang up and it logs you in. So this means even if someone does get your username and password, they must also have your phone to confirm the login.

- Travis Cunningham

Related Posts:

• January 23, 2009 -- Twitter Adopts OAuth! Releases Private Beta… (0)
• January 23, 2009 -- B.I.S.S. Blocklist Manager: IP Blocklists the easy way (0)
• January 22, 2009 -- FreeMyFeed: View Auth-enabled Feeds with Anything! (1)
• January 17, 2009 -- Introducing Wordpress TV (1)