You’ll find many posts over wordpress security plug-ins. But I had excluded all plug-ins which do less work that you can do by changing some settings. Like creating .htaccess file etc.
I also not mentioned plug-ins related to SSL. SSL certificates let you connect to your server with encrypted channel which is very secure. You need to buy SSL certificate. You can use shared or private certificates. But in both cases you need to payment. Since most of the bloggers doesn’t go for buying SSL certificates. So I avoided them.
Moreover, I don’t consider a plug-in for database operation or backup procedure in security category. So all those plug-ins I’ll discuss in other article later.
You can achieve full security by using very less number of plug-ins. Some of them are;
Akismet - It helps you to protect from SPAM. In simple words you can say. If someone comments on a post just for advertisement or uses offensive word then Akismet can stop them.
Block Bad Queries (BBQ) - I hope all of you are aware with SQL injection. SQL injections are nothing but some complex SQL queries written with the aim of breaking your site security. And to get internal information of your site database as much as possible. This plug-in can control SQL injection & base64 attacks till some extension.
Login LockDown - Login LockDown controls number of unsuccessful login attempts. So you ever be safe from brute force & dictionary attack.
WordPress File Monitor - As its name suggest, it monitors all files on your server. This plug-in tells you about what files are changed on your server. So that you can identify whether the mentioned files are changed by you or by some script.