WordPress Security Plugins : Few factors to consider when browsing WordPress security plugins. Is it updated, reputation and premium or free?
When reviewing WordPress security plugins pages, check the “Last updated” and “Tested up to” lines.
How many active installations does the plugin have? What do the reviews say? How many topics in the forums are resolved or at least answered?
If a WordPress security plugin has both a free and premium version, this should mean the developer is being compensated well enough to maintain both versions for a long time.
Best WordPress Security Plugins
In general, you shouldn’t use more than one WordPress security plugins. However, as mentioned with scanners and backup managers, it can be beneficial to use multiple plugins that enhance security but in unrelated ways.
Cerber Security — Formerly known as WP Cerber, the free version covers hardening features covered above and more. That includes antispam, reCAPTCHA, scans, and much more. You get expected features in the paid version.
Wordfence — This plugin covers the same features as Cerber Security but with a more user-friendly interface. You get expected features and real-time updates to blacklist and firewall settings in the paid version.
VaultPress — This plugin is a paid security and backup plugin popular for ease of use. The menus and screens are simple to navigate for non-technical users. However, this is not a great choice for multisite (MU) for two reasons. First, each site requires a separate license purchase. Second, the plugin only backs up common files when it is dealing with a network with multiple sites.
Jetpack — Not only does Jetpack integrate with VaultPress, but it’s also a great option for many different functions. Jetpack can help you create and design your site, optimize it for mobile customers, and keep it secure. On the security end, Jetpack is great for stopping brute force attacks and will also inform you of website downtime which you can then monitor to see if it is because of server issues or an actual hack.
Sucuri Security — One of the features that make this such a great choice is that it allows you to continuously (and remotely) scan for malware issues on your website. Unlike many plugins, it also provides you with actions that you can take if a hacker manages to get through.
BBQ Firewall — Formerly known as “Block Bad Queries,” it simply blocks malicious requests such as URLs including SQL injections and executables (.exe). It works well with other security suites but may be unnecessary depending on your primary security plugin.
HTTP Headers — As mentioned before, this plugin helps you create and manage HTTP headers to improve security, privacy, and performance without needing to edit the .htaccess file. Like BBQ Firewall, it works seamlessly with other security plugins. To negate the purpose of this plugin, you’d need to modify your .htaccess file manually.
Our personal recommendation
Install Cerber Security or Wordfence
Install Total Upkeep or another backup plugin
Schedule cPanel backups and/or snapshots depending on your server environment
Install the HTTP Headers plugin and configure all the security HTTP headers
Ensure you’re using the latest PHP version and prepare for PHP 8