The huge popularity of WordPress has a serious side effect. Due to the sheer volume of sites using this platform, it has become the playground for hackers and attackers. Therefore security should be the primary concern for any website. There are tons of security plugins available in the WordPress repository. In this article, we will cover the top 3 most popular and powerful WordPress security plugins for protection of your website.
WordFence is by far the most popular WordPress security plugin with more than one million downloads.
- Features: Even the free version of Wordfence offers loads of features like login security, IP blocking, security scanning, and WordPress firewall and monitoring. The Premium features include real-time thread defense feed, country blocking, two-step authentication, scheduled scanning, advanced spam protection and so on.
- Price: The premium version of WordFence costs around $99 per year.
- User Friendliness: Wordfence comes in with mixed results in the friendliness department. Web security itself is a complex topic. Makers of WordFence have tried their best to make it as simple as possible. However, you may need some self-reading and research to get used to the plugin’s working mechanism.
- Downside: The biggest problem with WordFence is the overwhelming number of features, organized in a haphazard way that makes it easy for new comers to misconfigure something.
- What Others Think: Jon Muller of Ergonomic Trends, a big fan of Wordfence has this to say about the plugin:
“Wordfence is awesome, but it’s important to take the interactive tour once you’ve installed it to make sure you have a general idea of what each feature does. And always set the firewall to learning mode in the first few days so it doesn’t accidently block out access to legitimate users and even admins.”
For those of you that want real time updates of malware and protection, get the premium version of this plugin.
iTheme (formerly Better WP Security) is a popular plugin with fairly high user ratings. iTheme provides more than 30 ways to secure your WordPress site.
- Features: Even the free version of iTheme is packed with great security features like Brute force attack protection, bots, and malware detection. It also helps hide sensitive information from potential hackers using a series of permission rules. The pro features will take your security to next level with two-factor authentication, malware scan scheduling, online file comparison, wp-cli integration and more.
- Pricing: The minimum you should pay to get the plugin’s pro features is $80 per year.
- User-Friendly: Setting up and getting started with iTheme is quite easy. You can even use the plugin with the default settings. The security status of all the issue is shown with their priority. With few clicks and fixes, you can utilize all the features of the plugin without much hard work.
- Downside: iTheme has some features that may slow down the system performance like File Change Detection features. You can avoid ones that may slow down your site, or only run them during low traffic times. You have to be extra careful if you go beyond the basic settings because you may incorrectly configure the advanced features causing issues.
iTheme locks down users who cause too many 404 errors or too many failed login attempts for protection against hackers. Sometimes normal users and even admin can get locked out with normal browsing. The plugin may not be suitable for shared hosting since it can easily use up a lot of resources.
- What Others Think: Norro88 over at WordPress.org sums up his experience with iTheme:
“It has a lot of functionality, which makes the plugin a bit complex. However, together with a YouTube tutorial it was super easy to set up. And so much of the functionality is free.”
Sucuri offers complete website security via the cloud. Sucuri put their main focus on WordPress, however they offer their services for all web platforms like Drupal, Joomla, and Magento. Among their big name customers are GoDaddy.
- Features: The plugin is full of useful features like security activities auditing, malware scanning, file integrity monitoring, security hardening, security notifications and more. They also provide the post-hack security actions. The premium features include the Website firewall, SSL certificates, DDoS protection and many more.
- Price: Their basic premium service starts at $16.66/month which makes sucuri costlier than any other security plugin.
- User-Friendly: The plugin is easy to use. By default, the plugin is pre-configured with sensible options. All the settings are well structured and can be found in the same menu.
- Downside: The free version of Succuri is fairly limited. So the only downside is its high price for premium features. If you are looking for something that is free or has a one time fee than Succuri may not be fit for you.
- What Others Think: We asked the folks at Dynamic Drive, a fan of Succuri, what they like about Succuri:
“The best thing about Succuri is that does not slow down your site like most security plugins do. In addition, it makes your site even faster because it operates on top of a CDN. That’s a huge plus in our book.”
Website security is not something you should take lightly. Just imagine the damage to your reputation, business, and impact to your readers and customers in the event of a hacked website. If you have never used security plugin on your WordPress website before then it is high time to get a suitable security plugin.