It’s no secret to my friends that I am a WordPress fanatic. Having been on the original B2 dev team back in the day, I love seeing how far it’s gone. But with growth comes attention and sometimes that means negative attention à la scams, spammers, etc. WordPress has certainly seen its fair share of attacks. Fortunately, there are some great security plugins available to protect your blog and prevent attacks. Here are my faves:

1. WordPress Exploit Scanner:This plugin searches the files and database of your website for signs of suspicious activity. It will not stop someone hacking into your site, but it may help you find any uploaded or compromised files left by the hacker.
2. WP Security Scan: I love this plugin. It does exactly what it promises, and has protected my blog many times. Scans include passwords, file permissions, database security, version hiding, WordPress admin protection/security and removing the WP Generator META tag from core code—a simple method for protecting your blog from attacks that target specific versions of WordPress.
3. Secure WordPress: This fine German plugin has a few unique tricks I haven’t seen on the other plugins, including removing the error-information on the login-page, adding an index.php to the plugin-directory and removing core update information for non-admins.
4. Secure Invites for Wordpress MU: I haven’t personally tried this plugin, but it gets great reviews, so here is the plugin page description: “This plugin stops access to your signup page, except where the visitor has been invited and clicked the link in their invitation email. Your users invite people, and you can see who has sent the most invitations, and how many resulting signups have occurred.”
5. Fast and Secure Contact Form: With a 5-star rating (and no rating under 5), this is arguably the most popular and secure contact form available. I used to use Contact7, but was furious with how much spam gets through it. So many features that I recommend you read the plugin homepage to take it all in.
6. WP-DB-Backup: WordPress database backup creates backups of your core WordPress tables as well as other tables of your choice in the same database. Backups are something I suggest you all do on a weekly basis, daily if you blog for a living. Plugins like this allow you to schedule the backups automatically and not have to remember to do it. It’s all about the automation.
7. root Cookie: By default the wordpress cookie exactly matches the URL of your installation, this plugin removes any subfolders from the cookie so that your whole domain has access to it. This useful plugin also allows your authentication to work across subdomains!
8. WP-Secure Remove Wordpress Version: While plugins like Security Scan and Secure WordPress do this, if you aren’t up to installing big guns like them, at the very least add this plugin. It’s a one-trick pony, but a very good trick. It removes the version number from the WordPress meta tag; something spammers target all the time.
9. Akismet: Despite being a default plugin, I am amazed at how many people will not take the 30 seconds to sign up for an Akismet key. Do it now. It is the most effective spam plugin ever developed. Bar none.

Which plugins do you use for security?