top 20 plugins to protect your wordpress blog from hacker attacks

at first there are some main rules you should know

a- any plugin that depend on your ip number make sure that you have a static ip or you will be in troubles at 1st ip change 

b-any plugin that deals with SSl you should make sure that your host server support SSl 1st or it will not work

c-Don`t worry if you faced any trouble with any plugin & failed to remove it from your control panel , all what to do is to rename it or remove it from plugins folder inside wp-content folder & everything will be fine

scanners

1- wp security scan: it scans thw weak points in your blog

2- antivirus : a smart and effective solution to protect your blog against exploits and spam injections it checks your themes for any suspicious codes like viruses, worms and malware

3- tac : doing same job as antivirus
 

admin pages protection

4- wp-admin protection : The WP-Backend is secured by an IP Blocker. You can add as many IPs as you want, each one of them is allowed to log in. The rest have no access to the WP-Backend.

5- Semisecure Login : increases the security of the login process using client-side MD5 encryption on the password when a user logs in. JavaScript is required to enable encryption. It is most useful for situations where SSL is not available, but the administrator wishes to have some additional security measures in place without sacrificing convenience 

6- chap login: encryption process is done by the Chap protocol; this is particularly useful when you can't use ssl or other kinds of secure protocols 

7- user locker : you can choose maximum number of invalid login attempts. When someone exceeds this number, his/her account becomes locked, and can be unlocked only by requesting new password (using Lost Password option) or asking Admin for help & u can also ban certain users

8- wordpress login lockdown : doing same job records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options pane

9- safer cookies : If someone was to steal the cookie they would be able to use it to get full access to your blog without having to know your password. This plugin prevents that from happening

10- stealth login : Instead of advertising your login url on your homepage, you can create a url of your choice that can be easier to remember than wp-login.php, for example you could set your login url to http://www.myblog.com/login for an easy way to login to your website
 

SSL protection

11- secure admin : Forces SSL on all pages where passwords can be entered.

Works with both Private and Shared SSL.

12- force SSL : another plugin to force SSL

firewalls

13- ask apache : most famous wordpress firewall & admin pages protection

14- wordpress firewall : This WordPress plugin investigates web requests with simple WordPress-specific heuristics to identify and stop most obvious attacks

15- inspector : This plugin monitors each request to your wordpress blog and based on conditions you can define in the options pane it interrupts the attacker's action and logs it. 
file monitors

16- tripwire : This plugin acts as a tripwire, flagging all files that have been changed in the last 1 to 99 days


17- file monitor : doing same job as tripe wire

antispam protection 

18- akismet : is present by default in wordpress plugins page it just need to be activated via api

18- bad behavior : blocking link spam and the robots which deliver it Bad Behavior analyzes the delivery method as well as the software the spammer is using

19- invisible defender : do a smart idea to protect from spam it adds two extra text fields to form (one empty and one with predefined value), and check theirs values after form is submitted. 1st field (empty one) will be filled by generic spambots, and 2nd one will not be filled by spambots targeting WP only. With these two simple checks probably all spambots can be easily detected

20- nospamnx : doing same job as invisible defender