How to improve the security of your wordpress blog

1) WP Security Scan

This plugin will scan your wordpress installation for security vulnerabilities and give you hints for fixing them.

Features:

• passwords
• file permissions
• database security
• version hiding
• WordPress admin protection/security
• removes WP Generator META tag from core code

Download Here

2) Change all accounts that have known usernames (example: admin).

Even though this will not protect you if someone knows your password or gets into your wordpress blog through some other vulnirability, it will be one less piece of information a potential attacker can use to compromise your site.

3) Remove Wordpress Version

This plugin removes the wordpress version from everything, including the RSS feed.

If you have extensions installed that requires the wordpress version information, this might break them. So install with care.

Plugin available Here

4) adminSSL

Features:

• Forces SSL on all pages where passwords can be entered.
• Works with both Private and Shared SSL.
• Can be installed on WordPress MU to force SSL across all blogs (only works if you have a Private SSL certificate installed) from WPMU 1.3 upwards.
• Custom additional URLS (e.g. wp-admin/) can be secured through the config page.
• You can choose where you want the Admin SSL config page to appear

Download Here

5) askApache Password protect

This plugin allows you to set up Password Protection for your blog using HTTP Basic Authentication, or you can choose to use the more secure HTTP Digest Authentication. Choose a username and password to protect your entire /wp-admin/ folder and login page. Forbid common exploits and attack patterns with ModSecurity, ModRewrite, Mod_Alias and Apache’s Core Security features.

Download Here

6) Wordpress firewall

Features:

• Detect, intecept, and log suspicious-looking parameters — and prevent them compromising WordPress
• Also protect most WordPress plugins from the same attacks.
• Optionally configure as the first plugin to load for maximum security.
• Respond with an innocuous-looking 404, or a home page redirect.
• Optionally send an email to you with a useful dump of information upon blocking a potential attack.
• Turn on or off directory traversal attack detection.
• Turn on or off SQL injection attack detection.
• Turn on or off WordPress-specific SQL injection attack detection.
• Turn on or off blocking executable file uploads.
• Turn on or off remote arbitrary code injection detection.
• Add whitelisted IPs.
• Add additional whitelisted pages and/or fields within such pages to allow above to get through when desirable.

Download Here