This article looks at the BEST Security Plugins for WordPress including: Sucuri / Anti-Malware Security / iThemes Security.
We will look at the features each Security plugin offers, how this integrates with your website design and the price of the plugin. You can learn more about the Security plugins by clicking on the names above the images.
When it comes to WordPress security, Sucuri is a leader in the industry. In fact, it is one of the best WordPress security plugins you can get. They have a free, basis Sucuri security plugin that can assist you in fortifying your WordPress security, and it will check your website for all those common threats.
The real value of Sucuri is in its paid plans. These come with the best firewall protection for WordPress. This will assist you in not only blocking brute force but also those malicious attacks that try to access your WordPress.
These firewalls filter out the bad traffic before it even has a chance to reach your server, and they also serve static content from CDN servers of their own. In addition to the security that is offered by DNS level firewalls with CDN you also get fantastic performance boosts and your website is sped up too.
If your website is affected by malware, they offer to sort it at no extra cost. In fact, they will even offer this service for a website that is already affected.
Detection – You can scan and detect malware on all files and databases on your server and it can detect indicators of compromise, find backdoors, phishing pages, DDos scripts, spam and changes to your SSL certificate.
Protection – The paid-for plans protect WordPress websites from malware and hacking, provide DDoS attack mitigation, Zero-day exploit prevention and brute force attack protection. They offer an advanced service, which is ideal for high traffic websites that need the most reliable security features to prevent downtime and protect your website data.
Repair – Fixing malware issues requires a paid version but they do offer advice within their documentation on how to remove or fix some of these issues.
Firewall – Sucuri’s Website Firewall is an add-on for the plugin that offers many advanced features including DDoS protection, bot blocking, signature detection, support for load balancing and support via a ticketing system. This is aimed at websites requiring high-end WordPress security with quick response times, but this may be overkill for an average blogger or small business website owner.
Price – There are four main versions with different price points offered from the free plug-in which offers mostly scanning and monitoring of your website, to the paid versions starting from $199.99 per year which includes the nearly the same options as the higher-end versions, but a slower rate of scanning and response time.
For most websites, the basic package offers all you need but for businesses that rely heavily on their website being clean and working, the business or custom versions prices from $499.99 per year would be better suited to your needs.
This is yet another very useful anti-malware and security plugin for WordPress. The plugin comes with definitions that are actively maintained and which assist it in finding the most common threats.
The malware scanner in this plugin easily allows you to can both files and folder on your WordPress site looking for malicious code, malware, backdoors, and any other known malicious attacks.
You will need to create a free account on the plugin website in order to have access to the latest definitions and premiums features of this plugin. In addition, it will also contact developers’ websites looking for updated definitions.
During the time that the plugin is taking to run through tests it may throw up a significant number of false positives – it is a lot of work to match each of these to the source file.
Anti-Malware Security and Brute-Force Firewall features:
Detection – Complete scan of your website is available with the free version and the latest definitions to identify new threats can be downloaded through the plugin. I found this plugin can identify issues that other leading security plugins haven’t, and it has proven to be very competent at detecting threats and issues, and I believe it is the best free security plugin available for WordPress
Protection – Patches are available to prevent known vulnerabilities with plug-ins and access to the site, and brute force protection is available if you have an Apache server. They also offer advice for protecting your website within the FAQs, and a support forum is available.
Repair – Once a scan has completed, potentially infected files are displayed with the option to delete or you can make changes to the files. As some files have partially been affected, these files should manually be fixed.
Firewall – The plugin has a firewall to block known vulnerabilities in some plugins, but the premium version blocks brute force and DDoS attacks. The documentation doesn’t go into depth about what the firewall can do unlike Sucuri, so for businesses that rely heavily on their websites, another plugin may be more suitable.
Price – Free! This plugin open source and the only one on the list that removes malware once you have registered to download the definitions. You are requested to make a donation to enable automatic definition updates and use the core file definitions but the free version offers a lot of functionality.
The team who developed the very popular BackupBuddy plugin have brought you the rather nifty iThemes security WordPress security plugin. Similar to all their other products, iThemes gives you a user interface that is nice and clean and offers a range of alternatives.
It includes checks for file integrity, limited login attempts, security hardening, strong enforcement for passwords, brute force protection and 404 detections to mention just a few.
There is no website firewall with iThemes security, nor does it have a malware scanner of its own. In fact, it uses the malware scanner from Sucuri Sitecheck.
iThemes Security features:
Detection – Scanning for malware is included with the free version with the pro version offering scheduled scans and email notifications. A dashboard provides a visual overview of attempts to access your website and potential issues and gives a security score for your website with suggestions on how to improve it.
Protection – iThemes has many options in the free version to harden your WordPress website. The interface is simple to use, and it gives a short explanation for each hardening option. You can restrict IP access to WordPress blocking addresses and allowing access only to specified IP addresses.
Repair – For pro subscribers, a team of experts are available to help by submitting a support ticket. The plugin focuses heavily on protection rather than repair, but for large websites that require SLA’s for security issues, Sucuri may be a better option but at a higher price.
Firewall – A firewall is not included with the free or paid version of the software, but it will work with Sucuri’s Web Firewall which is a paid add-on costing from $9.99 a month.
Price – The free version offers the scanning and monitoring of your website and has some easy-to-use tools for hardening your WordPress installation, but an already infected website will require a paid version which starts on $80 per year for one installation. For developers, there is a version that offers unlimited sites, and this is priced at $199 per year.