The Best Security Plugins for WordPress
Nothing replaces experts protecting your website, but security plugins are a tool to work with. We’ve used most of the popular ones for WordPress and have our favorites.
Cost: $80/year 1 website
iThemes Security has a full set of features that are straight forward to use. Cloud based network monitoring is available to potentially block attacks know from to be coming from IP addresses with a history of bad behavior. The security features did not get in the way of any plugins or themes we were using. Features like 2-factor authentication are a big plus.
Malware detection uses a simple Sucuri Site Check. There is the ability to detect any file changes, but the changes are not prioritized. We liked Sucuri’s ability to check WordPress core files against a release. It looks like only database backups are offered as part of the plugin. Full backups will require a different solution.
Cost: $199/year 1 website
Sucuri is one of the more popular solutions to secure your WordPress website. It offers full proxy protection similar to CloudFlare. We loved the ability to check for WordPress core file changes, the flexibility of alerts, and functions to lock down the installation (hardening).
At almost $200, the plugin is an expensive option for unattended security. We have found the security proxy does cause performance issues in some instances (if enabled).
Cost: $99/year 1 website
WordFence offers a solution similar to Sucuri. They attach your website to a cloud processing service to determine issues with incoming traffic or existing files. Like iThemes Security, WordFence also offers a 2-factor authentication tool.
There is a free version of the plugin with limited functionality. Without the paid service, there is limited protection for your website. WordFence also seems to offer less features – like local hardening – than other solutions.
Cost: $70 unlimited websites
Bulletproof Security offers a localized tool. If you don’t want to connect to a cloud analysis service, this solution will work. There is extensive features in the Pro version with the ability to satisfy most security guidelines.
The setup and configuration was daunting. We found that some features prevented the ability for our plugins to function. Testing and monitoring is required. Without a cloud based solution, you cannot take advantage of blocking IP addresses known to be causing issues on other websites.
All in One Security and Firewall
The dashboard with a security score is helpful. The login lockdown feature is one of the best local solutions we’ve found, preventing brute force attacks. The plugin also covers most well-known WordPress security risks and provides a function to solve them.
The local firewall was limited compared to the other plugins. Similar to Bulletproof Security, there is not a cloud based monitoring service available.