I’ve had too many WordPress (WP) installations hacked into by !*$# robots. Just like learning the hard way that you have to back up your computer regularly when you don’t and you get to redo tons of work, the school of WP hard knocks has beat me down to the point where I require these security plugins on my WP installations.  And yes, they are in the order of absolutely completely mandatory, to really good to have installed:

1. Bei Fen – Good backup of your complete WordPress installation. You can choose only the files, or have it include your WordPress database. Plus, it makes unguessable archives of the whole thing and puts it into a folder on your server.  Get it? You just set up an FTP script to download your whole folder every so often and you’ve got a history of your site plus database. Totally mandatory since there is no 100% guarantee that the following plugins will save you from the most malicious attacks.
2. Update Notifier – I’m busy.  Are you busy? This plugin emails you when updates are available for your WordPress installation. To stay ahead of most of the automated attack robots all you have to do is keep you WP core and plugins up to date. But I’m busy, so this reminds me to take the 5 minutes to update everything.
3. Akismet – If you are experienced with WP you might wonder why I don’t have this listed as #1. It is because most of my sites don’t allow comments or open registration. forestsunlimited.net is an exception and for that site Akismet is a godsend. It is a great idea. You get an API, you log in to their server, and it keeps track of all the jerks hammering WP sites and then distributes the blacklist results. It is super easy to set up and everyone should have this installed.
4. WordPress Firewall 2 – A great plugin that blocks a whole bunch of malicious crap. Of course, sometimes it blocks you too, so remember to turn it off when you do anything heavy on the WP core. Changing files through Appearance > Editor is one place I usually remember how effective this plugin is… after a lot of choice words and many attempts to just update my stinking footer file!
5. Secure WordPress – It plugs some simple security leaks.  Nuff said.
6. Limit Login Attempts 1.5 – If someone is trying to get into your admin account by brute force, this plugin stops them dead.
7. Ultimate Security Check – This plugin scans your files and install configuration to give you a score on your site in terms of vulnerability. It is a good plugin for beginners or a a reminder of easily forgotten security leaks. Honestly, I usually install it, check its results, fix what I can, then uninstall it.

There are other, more time consuming ways to tighten up your WordPress site that I’ll post later. For now, feel free to comment if you have better security plugins.