Plugins for WordPress

Block Default Login Attempts

The greatest hack focus on a WordPress site seems to be trying to log in with the default username "admin". This plugin detects all login attempts with that username and exits with a 403 Forbidden header. This should eventually discourage login bots from continuing to pound your site.

All attempts are logged inside the /wp-content/plugin-data folder, just in case you need the info. Logs are kept for up to 30 days.

A screenshot of a typical log entry:

Block Attempts Log

Block attempts counter:

Block Attempts Counter


  1. Create a unique administrator account, if necessary.
  2. Assign all admin posts to this alternate administrator account.
  3. Delete the default admin account.
  4. Alternatively, use a plugin or database access to change the default username.
  5. When there's no longer an "admin" user, just upload, install and activate.

Requirements: Wordpress 3.0 or higher.

Download this handy dandy (v1.3.0 5/17/2014): Block Default Login Attempts

Attachment Page Redirect X

In WordPress, attachments default to having their own pages. Sometimes, this is not desirable, as in search engine results. Use this small plugin to redirect your attachment pages to the post parent using a 301 redirect (post parents are also searched for by post name). If an attachment parent post cannot be found, it redirects to your blog home page with a 302 redirect.

Installation: A no-brainer.

Requirements: Wordpress 3.0 or higher.

Download this bad boy (v1.0.0 7/28/2013): Attachment Page Redirect X

Delete Custom Header

WordPress 3.0+ is great. It shows you your uploaded header images. It's too bad it doesn't let you delete them as well! The answer is here with a simple yet extremely useful little plugin called Delete Custom Header. Unlike WP's “Remove Header” button, this plugin completely removes the header image data from the database and the files from the server.

For themes with a header option, like Twenty Ten, Twenty Eleven, etc.

A screenshot from the admin Header page:

Delete Custom Header

Installation: A snap.

Requirements: Wordpress 3.0 or higher, JavaScript and jQuery (always available in the admin).

Download this little gem (v1.2.1 7/28/2013): Delete Custom Header