Charles Arthur looks at a few recommended plugins for WordPress blogs:
First, there’s been another upgrade to WordPress (it’s now at 2.8.5). The WordPress blog describes it as a “hardening release”.
Much more important, in my view, is the release of the WordPress Exploit Scanner plugin. Plugins are little extensions to WordPress; and Exploit Scanner is probably the next one you should install. (The first you should install, in my opinion, is Dr Dave’s Spam Karma 2 – which weeds out spam comments more effectively than anything I’ve ever seen, and is specific to your blog.)
The Exploit Scanner does a number of things: it compares your files against an MD5 hash of the WordPress files for whatever version of installation you’re running; it finds examples of suspicious code in your files – three principal ones being the use of “invisible” text through CSS; the use of iframes to embed code from other sites; and base 64 encoding, which can be used to obfuscate entire programs. It will also look through your posts and users to see if there’s anything suspicious or spammy about them.