WProtect - Total security plugin for Wordpress
Active Protections Automatically send live notification regarding your website's attacks & vulnerabilities to your desktop & mobile PHP Configuration Hardening Stop brute-force login attempts Local file inclusion (LFI) Remote file inclusion (RFI) Directory traversal SQL injection (SQLi) HTML, Javascript and CSS filtering (XSS) Ban IP address (IPv6 support) Actively scans POST, GET, COOKIE variables. Detect if there is a user account which has the default "admin" username and easily change the username to a value of your choice. Prevent a Directory Listing Defending yourself from search engines hacking database(dork) Hide wp-admin directory (for untrusted users) Hide wp-login.php (for untrusted users) Hide wordpress version Disable File Editing Prevent PHP execution in "wp-content/uploads" directory