There are some WP security plugins you can use to improve your page’s security.
I would say there are 3 absolutely “must have” plugins:
If you want / must to stick only to free versions then use all 3 of them and set them according to my texts.
Other plugins which can help you if you do not want to use any of general security plugins mentioned above:
- BBQ – block bad queries
- Login LockDown – limit login attempts from given IP range (Settings/ Login LockDown)
- Login Security Solution – (Settings/ Login Security Solution)
- Disable XML-RPC Pingback – only install and activate
- Disable XML-RPC – only install and activate
- Anti-Malware and Brute-Force Security by ELI
And other very helpful plugins in special situations:
- Change db prefix – if you need to change table prefix after install – because leaving prefix “wp_” is bad idea.
- iThemes Security (formerly Better WP Security) – to scan themes for hard-coded links or back doors