With security being such a hot topic at the moment, I thought I would take you through the top security plugins for WordPress. Regular backups and running WordPress updates should be your first line of defense. A security plugin should be your next priority for the security of your WordPress website.
Please bare in mind that once again this will be my opinion. A lot of developers have their own favorites, but these are the ones that I rate.
All in One WP Security & Firewall (my favorite)
This is my current favorite plugin, mainly for its ease of install and the dashboard that tells you how secure you are making your site. It is a popular plugin with 500,000+ installs and 4.8 out of 5 in it’s reviews.
This is one that was first recommended to me by a few other developers and it won me over largely because of its design and interface.
Main Features
- An easy single-click setup
- Firewall
- Block Brute Force Attacks
- Security scanner
- Comment spam scanner
- A record of the number of login attempts
- File monitoring and quarantining of uploaded files
- Email alerts for a variety of user actions
- Alerts when suspected malicious activity affects your site
Wordfence (the market leader)
Untill recently this was go to plugin for security. It is a solid contender just misses out on ease of use for me. That said it is probably the most popular of all the plugins on the market. With 24,294,209 downloads and a rating of 4.9 ot of 55, WordFence you can’t argue with its market share.
Available as both a free and premium version . They also have a very good email mailing list that keeps you up to date on all the latest WordPress related security news.
Main features:
- Web Application Firewall
- Block Brute Force Attacks
- Advanced Manual Blocking
- Malware Scanner
- View Blocked Intrusion Attempts
- View Logins and Logouts
- View Human Visitors
IThemes Security (a solid contender)
Another plugin I have used in the past. I am a big fan of their backup plugin Backup Buddy. This is a fairly easy to install plugin with a lot of features. Again a popular choice in the WordPress community with 800,000+ active installs and 4.7 out of 5 in it’s reviews. Claims to have more than 30 ways to protect your website.
I particularly like their malware scanning feature run by Sucuri SiteCheck. Again available as both a free and premium offering.
Main Features
- Two-factor authentication
- Brute force protection
- Monitoring core files for any changes
- Ticketed support (for pro users)
- Logging user actions
- Locking out users for multiple incorrect credential attempts
- Forcing the use of secure passwords for specific user roles and file permissions
Sucuri Security (up and coming)
Have 300,000+ active installs and rate 4.5 out of 5 in their reviews. It is not one I have used yes but the company themselves also create virus protection software so they certainly have experience in the industry.
- malware scanning
- security activity auditing
- blacklist monitoring
- effective security hardening
- file integrity monitoring,
- and a website firewall.
In Conclusion
In all honesty any of they plugins will help secure your website and I won’t have a WordPress install now without one of them However, before install be aware of the following issues.
Security plugins can break features of other plugins
Before installing these plugins, please be aware that as well as helping secure your site, they can also interfere with other plugins. Activate features one at a time and walk your way through slowly to be sure that you have not stopped a important feature of your website working.
Can cause problems during upgrades
Be particularly aware that security plugins can cause you problems when trying to upgrade WordPress or plugins. I tend to turn security plugins off, do my upgrades and then turn them back on.
