There are hundreds of WordPress security plugins to choose from, with some trying to do one thing only and others trying to do it all. Given the fact that security plugins will often make fundamental changes to folder locations, database prefixes, user ID's and enumeration, obfuscate file locations and restrict login access, it's always prudent to make a backup and look at plugins which are:
Some plugins focus on firewall, malware, file integrity, scanning, monitoring or locking down access. Some do all those things. However, none offer the full range of features (cumulative) found in the top 6 best WordPress security plugins. Choose any one of them, make a backup, then follow the install instructions.
Advice on choosing a security plugin - try the free version before buying a paid version!
Authentication / Login
Backups - Automatic
Hacking Attempts (Few Examples Below)
Malware (Internal and Cloud Scanning)
Monitoring & Logging (Internal and Cloud)
Notifications & Integrations
Obfuscation (Security Through Obscurity)
Providing a well-rounded feature set and highly reviewed support, All In One WP Security & Firewall has nearly 1 million active installations (wordpress.org stats) with a 5-star rating. It's currently translated into more than a dozen different languages as well.
Features can be applied based on user preferences as "basic", "intermediate" and "advanced" using a straightforward user interface that utilizes charts to display security scoring across various categories.
Providing a solid free version is worth mentioning, though the Pro version is an incredible value with a one-time payment of $69.95 that includes unlimited sites, unlimited support and 3)too many features to list individually here.
Noteworthy Pro version features include automatic restoration of files that have been altered by someone else, quarantining of altered files, database intrusion detection, database change monitoring, plugin firewalling, WordPress uploads folder protection, full system monitoring/logging/notifications, 16 Pro utilities to aid administration plus file and folder locking.
When it comes to features x number of sites divided by lifetime cost of ownership, BulletProof Security represents an outstanding value for money and should be one plugin considered by anyone looking for a multi-pronged security solution
Having over 1 million active installations according to wordpress.org is no small achievement. With 4.5 stars and translations available in 16+ languages, iThemes Security has a satisfied global audience. It's also been around for some time - long enough to develop 30 different ways to help secure your WordPress site.
The free version of iThemes Security is no slouch and includes file integrity checking, obfuscation of key WP information, brute force protection, logging, notifications and more.
Upgrading to the Pro version costs anywhere from $80 for 1 year, 1 site up to and including unlimited sites for $199 for 1 year. You'll get two factor authentication, scheduled malware scanning, core file comparison, WP-CLI integration, password expiry, private ticketed support and several other handy features.
While the features aren't as impressive as some others on this list, it is nonetheless a stable, well supported security plugin that's worthy of consideration.
30,000+ active installs. 4.0 stars. Malcare Security has been around a couple of years and is rapidly gaining a foothold in the market thanks to a respectable set of free features and a rich set of specialist features (it doesn't try to do everything) in the Premium version.
Premium costs anywhere from $99/year for 1 site to $599/year for 20 sites.
Designed with agencies and resellers in mind, Malcare Security includes user management, team management, client management, scheduled reports, white labeling and centralized management of multiple sites for ease of administration.
Sucuri Scanner hasn't quite reached 1 million active installations but is doing well globally with 9 translations and 4.5 stars on wordpress.org.
Billed as a tool for auditing, malware scanning and security hardening, Sucuri Scanner offer a wide range of features in the free version and even more in the Premium, which costs from $199/year to $499/year.
Not a cheap option in comparison to the rest of the field, but is a solid contender.
3+ million active installs, 5 star reviewed, robust, stable and a top contender in both free and paid categories. WordFence has been around for a long time, for good reason - it works, well.
Billed as a firewall and security scanner, WordFence doesn't do everything, but what it does do, it does do well.
The Premium version costs between $99/site and $74.25/site.
With free security plugins, you'll often get directed to a forum where you can post a question and hope for help. Paid versions often include email and live chat support. Telephone support is incredibly rare for plugins, security and otherwise.
Many cloud-based malware 8)scanners are limited to testing what they see presented to a simulated web browser, so they wouldn't be able to detect at the same level as a scan running on the server where the WordPress site is hosted.
Some cloud-based Web Application Firewalls (WAF) 9)can be bypassed unless restrictive techniques are employed to limit access.
There is no hard and fast rule as to which features come with the free version of plugins and which features will require premium upgrades. Suffice it to say that the security plugins listed are very powerful, even in their free versions, but you should check on premium upgrades to see what else can be had and at what price.
Detection is one thing, but removal or file restoration is quite another. Many free plugins will check for malware and alert you if there's a problem, but it's mostly paid versions that offer the quick and easy removal feature.
Not all security plugins can be installed together, simultaneously, mostly because the scans and checks they do can be seen as attacks by other plugins. For example, WordFence will likely detect Sucuri Scanner as an invalid crawler and will stop Sucuri from performing basic functions, unless the Sucuri IP address is whitelisted within WordFence.
Be sure to check the installation requirements before making a decision and trying to install a security plugin or plugins.
Always make a backup of your entire site and database before installing a security plugin that might make massive changes to your file paths, database or other critical parts of the website / hosting account.
Try the free version before splashing out cash on a paid version. See if you like the look and feel, features, notifications and ease of management. It pays to spend a little time testing and evaluating. After all, there are reasons why there are multiple competing plugins in the market that are all high quality and popular. It's because each one fits a slightly different user preference. Try out one. try out several (not all at once) and decide for yourself which one is preferred.
There's no absolute top choice among this field. You'd do well to install any of them as compared to doing nothing!
If you have the time and inclination, you could install other plugins that each perform one or two of the features that these behemoths have in their repertoire. Slice and dice the features that you want, or think you need, and create your own solution.
These mega-security plugins for WordPress are built to give users the convenience of having a laundry list of security features all in one place. It's less work than installing, updating and testing a dozen other smaller plugins (making sure they all work well together).
The list of plugins here has been narrowed from hundreds based on features, support, regular updates, reviews and prior experience in hands-on testing.
Notes: We're not getting paid to endorse any of these plugins. There are no referral compensation or affiliate fees in case you click a link and buy a premium version of one. We're sharing this information to help you make a good decision about securing your site.
KnownHost customers can open a support ticket and ask for advice or a hand in case anything goes wrong along the way (but please make a backup before installing any of these). You can also check out the forums where other site owners, web visitors and KnownHost staff are known to frequent - feel free to ask questions and share insights - it's a very helpful community here!
If you're wanting to get a great plugin without spending a penny, then look no further than:
For maximum features at a minimum cost per site, per year, then check out: