There are many different security plugins available for WordPress. Below are the most recommended WordPress security plugins and a brief explanation of the plugin from the developers.
WordPress Core Security
4+ million active installations
Notes from the plugin developer: “Wordfence Security is a free enterprise class security plugin that includes a firewall, anti-virus scanning, malicious URL scanning and live traffic including crawlers. Wordfence is the only WordPress security plugin that can verify and repair your core, theme and plugin files, even if you don’t have backups. Wordfence is now Multi-Site compatible.”
Read our Wordfence installation guide.
1+ million active installations
Notes from the plugin developer: “WordPress itself is a very secure platform. However, it helps to add some extra security and firewall to your site by using a security plugin that enforces a lot of good security practices. The All In One WordPress Security plugin will take your website security to a whole new level. This plugin is designed and written by experts and is easy to use and understand. It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.”
1+ million active installations
Notes from the plugin developer: “The iThemes Security Pro plugin provides a real-time WordPress security dashboard that monitors security-related events on your site around the clock. The iThemes Security Dashboard is a dynamic dashboard with all your WordPress website’s security activity stats in one place, including brute force attacks, banned users, active lockouts, site scan results, and user security stats (Pro).”
5+ million active installations
Notes from the plugin developer: “[Jetpack] guards your site so you can run your site or business. Jetpack Security provides easy-to-use, comprehensive WordPress site security including auto real-time backups and easy restores, malware scans, and spam protection. Essential features like brute force protection and downtime / uptime monitoring are free.”
Read our Jetpack Security Features article.
800,000+ active installations
Notes from the plugin developer: The Sucuri WordPress plugin “will monitor file changes, provide audit trails, apply hardening features and detect various types of malware, SPAM, and other infections. [It] allows Sucuri Firewall clients to access the Firewall dashboard without logging into their Sucuri account. It takes the most common features, like clearing cache and daily monitoring and makes it available to you via your WordPress administration dashboard.”
Read our installation guide.
200,000+ active installations
Notes from the plugin developer: “Defends WordPress against hacker attacks, spam, trojans and malware. Mitigate brute force attacks by limiting the number of login attempts through the login form, XML-RPC / REST API requests or using auth cookies. Restricts access with the Black IP Access List and the White IP Access List. Tracks user and intruder activity with powerful email, mobile and desktop notifications. Stop spam: activates Cerber antispam engine and Google reCAPTCHA for protecting registration, contact and comments forms. Hardening WordPress with a set of security rules and comprehensive algorithms. Malware scanner, integrity checker, file monitor.”
90,000+ active installations
Notes from the plugin developer: “The WordPress backup plugin by BoldGrid is an automated backup solution that allows you to secure, restore or move your website with ease. [It can add] filters so that any plugin that has an update available will update. Before WordPress does any auto updates, […] a backup will occur before the auto update.”
Read our BoldGrid Backup guide.
Become a master of WordPress plugins! Protect, optimize, secure, and expand the functionality of your website easily with the help of WordPress plugins!