There is a huge amount of information available on the internet for helping to secure your WordPress blogs, including using plugins that have been shared by helpful people. What is required is for you to be vigilant, read up current WordPress security issues, and keep your blog updated to the latest WordPress version.
Limit Login Attempts Plugin:
Wordpress currently allows anybody to attempt trying to login multiple number of times, and this can be seen as a problem in terms of security. Major ecommerce, banking and other such sites have restrictions that accounts get locked if people try to use a wrong combination of account ID and password, and this is very useful since it prevents people from trying to do a brute force attack. However, with WordPress not having such a restriction, it becomes difficult to prevent this type of attack if somebody is trying to attack you. However, there is a Plugin that allows you to restrict the number of login attempts. This is the “Limit Login Attempts” plugin available at this location (link).
Features
– Limit the number of retry attempts when logging in (for each IP). Fully customizable
– (WordPress 2.7+) Limit the number of attempts to log in using auth cookies in same way
– Informs user about remaining retries or lockout time on login page
– Optional logging, optional email notification
– Handles server behind reverse proxy
Semisecure Login Reimagined Plugin:
This plugin needs JavaScript to work, and if JavaScript is enabled, it will encrypt the password from the client end before it is sent to the server, and is then decrypted at the server end. If no JavaScript, then the password is sent in clear text. Available on this site (link)
Is this really secure?
Short answer: No, but it’s better than nothing.
Without SSL, you’re going to be susceptible to replay attacks/session hijacking no matter what. What this means is that if someone is able to guess or learn the session ID of a logged-in user (which would be trivial to do in an unprotected wireless network), then essentially they could do anything to your WordPress site by masquerading as that user. The point of this is to prevent your password from being transmitted in the “clear.” If someone is in a position where they can learn your session ID, under normal circumstances, they’d also be able to learn your password. The proper use of this plugin removes that possibility.