There are many different security plugins available for WordPress. Below are the most recommended WordPress security plugins and a brief explanation of the plugin from the developers.
WordPress Core Security
Wordfence Security – Firewall & Malware Scan
By: Wordfence
4+ million active installations
Notes from the plugin developer: “Wordfence Security is a free enterprise class security plugin that includes a firewall, anti-virus scanning, malicious URL scanning and live traffic including crawlers. Wordfence is the only WordPress security plugin that can verify and repair your core, theme and plugin files, even if you don’t have backups. Wordfence is now Multi-Site compatible.”
Read our Wordfence installation guide.
All In One WP Security & Firewall
By: Tips and Tricks HQ, Peter Petreski, Ruhul, Ivy
1+ million active installations
Notes from the plugin developer: “WordPress itself is a very secure platform. However, it helps to add some extra security and firewall to your site by using a security plugin that enforces a lot of good security practices. The All In One WordPress Security plugin will take your website security to a whole new level. This plugin is designed and written by experts and is easy to use and understand. It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.”
iThemes Security
By: iThemes
1+ million active installations
Notes from the plugin developer: “The iThemes Security Pro plugin provides a real-time WordPress security dashboard that monitors security-related events on your site around the clock. The iThemes Security Dashboard is a dynamic dashboard with all your WordPress website’s security activity stats in one place, including brute force attacks, banned users, active lockouts, site scan results, and user security stats (Pro).”
Jetpack
By: Jetpack
5+ million active installations
Notes from the plugin developer: “[Jetpack] guards your site so you can run your site or business. Jetpack Security provides easy-to-use, comprehensive WordPress site security including auto real-time backups and easy restores, malware scans, and spam protection. Essential features like brute force protection and downtime / uptime monitoring are free.”
Read our Jetpack Security Features article.
Sucuri Security
By: Sucuri
800,000+ active installations
Notes from the plugin developer: The Sucuri WordPress plugin “will monitor file changes, provide audit trails, apply hardening features and detect various types of malware, SPAM, and other infections. [It] allows Sucuri Firewall clients to access the Firewall dashboard without logging into their Sucuri account. It takes the most common features, like clearing cache and daily monitoring and makes it available to you via your WordPress administration dashboard.”
Read our installation guide.
Cerber Security, Antispam & Malware Scan
By: Gregory
200,000+ active installations
Notes from the plugin developer: “Defends WordPress against hacker attacks, spam, trojans and malware. Mitigate brute force attacks by limiting the number of login attempts through the login form, XML-RPC / REST API requests or using auth cookies. Restricts access with the Black IP Access List and the White IP Access List. Tracks user and intruder activity with powerful email, mobile and desktop notifications. Stop spam: activates Cerber antispam engine and Google reCAPTCHA for protecting registration, contact and comments forms. Hardening WordPress with a set of security rules and comprehensive algorithms. Malware scanner, integrity checker, file monitor.”
BoldGrid Backup
By: BoldGrid.com
90,000+ active installations
Notes from the plugin developer: “The WordPress backup plugin by BoldGrid is an automated backup solution that allows you to secure, restore or move your website with ease. [It can add] filters so that any plugin that has an update available will update. Before WordPress does any auto updates, […] a backup will occur before the auto update.”
Read our BoldGrid Backup guide.
Become a master of WordPress plugins! Protect, optimize, secure, and expand the functionality of your website easily with the help of WordPress plugins!
Get started with the most secure WordPress hosting. Look no further than InMotion Hosting’s Managed WordPress Hosting solutions!
Free SSLs Malware & Hack Protection DDoS Protection
Thanks for sharing informative content…
Happy to help!
What plugin is best for stopping spam coming from our contact us form on our website? Thank you.
Contact Form 7 has built-in security features and works well with Akismet and Google ReCAPTCHA.
Do you recommend the in the order in which you listed them? — i.e. WordFence is no. 1 on your list? Are there any that you think are simpler for “regular people” to manage, but still give good protection. I know that for some of these plugins, there are some dangerous settings! Thanks.
Hello Susan,
They are not listed in order of preference, but WordFence was one of the better ones. As for which one is easier to use, that is entirely up to the individual so feel free to see which one you are more comfortable with.
Kindest Regards,
Scott M
Do you need to install more than one? I was thinking of installing the All In One WP with the Wordfence security plugins. Bad Idea?
It is typically a good idea to only install one of these as multiple installations of different security plugins can cause unexpected results.
Hi,
Is there any chance that you could please include the All In One WP Security & Firewall plugin on your “recommended-security-plugins” page?
https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
As this is indeed a great plugin to use, I have added it to our list.