What Is The Best Security Plugin For WordPress – 5 WordPress Security Plugins Compared
Articles Blog

What Is The Best Security Plugin For WordPress – 5 WordPress Security Plugins Compared

August 17, 2019


In this video and it take a
look at five different WordPress security plug-ins and wouldn’t talk about the pros
and cons of them and see which ones best for you hi my name is Adam from WPCrafter.com
or make WordPress videos for non-techies if you enjoy the content in this video consider
clicking on the unsubscribe button if you want video notifications click on the ballot
to the right and you too will let you know when I upload a new video were talking about
security this is a video series this video minute talk about the plug-ins and then in
the next two or three videos I will show you tutorials on some of these plug-ins so that
you know how to configure them properly this videos Morgan it help you decide which security
plug-in is for you and us were to just go through them now unfortunately with WordPress
there’s a lot of security plug-ins and you do need to use one so if you go to WordPress.org
and do a search just for the word is security. You get a variety of results now before I
start talking about these plug-ins let me know let let you know what is not secure about
WordPress that WordPress itself is a very secure whenever there is a vulnerability discovered
they patch it before anybody knows it is a pretty secure platform it’s typically not
that WordPress’s insecure it’s more there is an insecurity with a plug-in that you have
installed or a theme that you have installed and then there’s also that login form where
you would log in your WordPress website there’s also was called brute force attacks on that
so you basically need a plug and that’s can protect you from a lot of that now the best
security anyone can implement is having a good backup I do have a video on how to create
a backup doesn’t cost any money just take maybe five minutes of your time to set up
and automating have these off-site backups happen because the security plug-ins one thing
that they’re not going to protect you from is if your web host is attacked and there’s
a vulnerability in the server that your website is on a perfect example of this is a Bluehost
they have had numerous numerous problems of where where people would just the web WordPress
websites would be totally hacked into and it wasn’t because there was a vulnerability
with WordPress or a plug-in it wasn’t that it wasn’t secure it was at their servers were
insecure their servers were being hacked and they didn’t have a solution other than to
say give us 300 bucks and will clean it up before you soak the best security measure
you can take right now is to make sure that you have a good backup system in place and
you know how to actually restore those backups now with that said let’s take a look at some
of these security plug-ins so obviously the most popular and widely used one is going
to be right here in it’s called the word fence now I personally have used the word accept
personal use like all of these I personally use the word friends myself I know a lot of
people that use word friends and I come across a lot of people that use it in they don’t
second-guess it or consider any other security plug-in however I do want to let you know
yes the word fence is a really feature packed but at a cost in is not a money cost it’s
a performance cost on your website so word fence has performance issues and they’ve had
it had performance issues on every website I’ve ever installed it on and what I mean
by performance issues is your website loads slower than if you didn’t have a word fence
installed in fact if you want to read some, could very current comments on this output
a link down below to this a blog post on elegant themes of blog and elegant seams blogs they
just put information about products of this is about word fence but if you look here there’s
143 comments and that’s where I would encourage you to scroll down and read typically what
I tend to notice is people that pay attention to performance and actually know how to test
performance those are the ones that saying it’s a huge performance hit the people that
don’t know how to test their performance and that’s most people and that’s okay but it’s
those people are the ones addressing word fence is the greatest thing ever I put it
on every single website but they’re not testing the performance and there are some reviews
that I’ve read about performance going from a one second load time before word fence and
then you they install word fencing out seven or eight seconds of load time and the thing
is is it these security plug-ins they need to communicate back and forth with the work
the database on your that’s that has all your data in it for WordPress there’s this communication
are called database calls going back and forth and that is what is going to slow down your
website now my personal expenses word fences that is what happened and there is a default
feature that is on by default with word friends were it’s called life of you so most people
just install activate and then there off to the races but that live you will really slow
down your website and make the size of the database that WordPress is stored and it’s
going to make it grow very large because it’s logging in tracking everything in real time
it’s really getting of your performance and so I am going to do a tutorial in this video
series on word fence and how to set it up properly no word France also has a paid version
so there is a free version and a paid version the paid version if you’re buying it on a
site by site basis in your and have lots of sites it gets pretty expensive pretty quick
but what I do like about word fence is it’s a singular focus company in a singular focus
product what I mean by that is they do security that said they don’t do a million different
things they just do security so that is a huge plus and the second huge plus and this
is what I consider a must and that’s why some of these plug-ins I’m to talk about are there
instantly disqualified then the word fence does this and another one that I’m to talk
about does this where you’re kinda connected into this word fence and network and what
I mean by that is the number one attack that every single word press website is going to
get is just a simple brute force attack on your login form and what that means is some
automated software is going to try a bunch of usernames and a bunch of passwords and
just keep hammering at it until it figures it out now what this does is it makes a put
so much pressure on your web hosting account and that your sites can get slower slower
slower and you could even get your web hosting account suspended depending on how aggressive
it is doing this now with word fence you’re connected into their network and what that
means is if if this bot goes to one site that has word friends and tries to log in and it
has two or three depending on how it’s configured failures then there the IP address of that
bot goes into the word fence network and then your website is going to because it’s also
an outward pheasant defense network if that same body goes and tries to attack your website
they won’t even get to attempt to put in a username and password because it’s a band
globally on the network and that is I think the most important feature when evaluating
any of the security plug-ins is to have that feature word fence has it built into the free
version of word fence so because of that I do like the word fence for people that insist
on using it I’m going to have a tutorial on word fence I don’t have the cost of the paid
version off a hand but I think is like maybe 50 bucks or 80 bucks a year or something like
that for single site I put a link down to this article right here below but essentially
you just want to click here you want to scroll down and just read out through the, the comments
and you have people that are testing it for performance and they are letting you know
what is what the next one is this all-in-one WP security firewall and this is kind of a
tip when you’re evaluating any plug and that your and installing your website when you
scroll down and you see the description and you see a video that looks like it was from
the 1990s that’s an indication that maybe this isn’t the best plug-in for your website
and that is the immediate impression I get when I see this this is a super old version
of WordPress that they have in this video and this really this this plug-in I’m not
recommending it okay number one it doesn’t have that network were you can patch in and
benefit off of the information that other websites that have the same plug-in installed
on you’re not getting that and that is an immediate disqualifier and plus I like a company
that has a singular focus on security and that is not this this the developer right
here I wouldn’t even give this a second look but here let’s look at their website and that
could maybe further confirm why I don’t recommend this plug-in I just you know tips and tricks
and headquartered.com I’m just looking at that and like, this is this what I want to
trust with something important like security and the answer is no so anyways Alana looks
like it hasn’t even been updated in a year so this is definitely one that I wouldn’t
I wouldn’t take the time of even installing on your website next were to look at security
now security is a security company and they had that singular focus and they were actually
purchased recently were maybe six months ago by Go Daddy so there now go daddy and they
have a singular focus I’m kind of iffy on this that it’s a comes tied to an expensive
monthly service while its relative what expensive is and they also have some kind of different
protection plans and whatnot I’m not really a fan of the security plug-in personally I
think what they do good is if your site has been hacked and there is all kinds of things
screwed up you go to them you pay them the money and they’ll go there and though clean
it up I think the really good at that and they also have a firewall for WordPress and
the really good at that but I don’t think it’s the most feature-rich security plug-in
that’s out there and this one actually compared to the other ones has some more bad reviews
than some of the other ones however in this video series I am going to walk through security
specifically because of the reputation that they have is pretty good next working to move
onto and I’m just gonna let you know this is my favorite I’ve used all of these this
is my favorite this is what I use on every single website it used to be called better
WP security and then I themes purchase them now I will say I’m not really a fan of of
of all the stuff that that I themes makes and I don’t think there probably a fan of
everything they make two days there was just an article out where they had basically built
a WooCommerce competitor called exchange and they they they gave it off to a different
developer a different company because they just weren’t probably that passionate about
it and they decided to focus on only two of their products I theme security and backup
buddy I don’t like back a buddy but I really like I themes security this is a fantastic
plug and this is going to be what the next video in this video series is about my personal
experience with that I theme security is it doesn’t it has not slowed down my website
one bit it also has that network that you get the plug into you can benefit of one side
is being attacked it sucks and that information in it. Proactively secures your website and that
is all in the free version is also a paid version on the paid version adds a some bells
and whistles to be honest I don’t I do have the paid version but I don’t use really any
of the paid version features a but there really really cool stuff that this does so here some
of the pro features right here two factor authentication I find that the most inconvenient
thing possible I don’t like it personally the WordPress salts I have used that I’ll
have to explain that in the video malware scanning this is good but I’ve never had any
malware on any of my WordPress websites password expiration this is cool if you want to have
your users force them to have to change their password or update their password Google recapture
that works very well for me I’m actually using that feature to reduce the spam on my website
user login I don’t use that import export settings this is actually good when you set
up a new sites you can just import the settings and have it all configured I do like the dashboard
widgets and this right here is probably my favorite feature temporary privilege escalations
this essay you have a developer or maybe a theme developer you have some problems you
need to get them into their your website you can create an account with the for them and
give them access and make it an admin but you can have that admin rights expires you
don’t have to remember to log back in and change the password or log back in and lower
what they’re able to do you can do it with this temporary privilege escalation so in
then this is what I sought out the brute force attack protection network and this is where
if someone’s brute forcing another website with I theme security Juergen to benefit from
that because they won’t even be able to log into yours and there’s some really neat things
as well you can have your log inability not on at night so say you know you’re never in
a log in your website from 10 PM to 7 AM you can have it so no one can even log in between
those hours you can do some really neat stuff with this and this is the one that I like
here’s the website for the paid version right here now if you’re going to go with with the
paid versions of anything of any of these your best value is really going to be out
of the I themes one because if you go the word fence it’s cost per site annually and
with high theme security say you are making websites for customers right here they have
a lifetime options you just give him 300 bucks and a you can use it on unlimited sites and
you get lifetime updates which is really rare these days and you only get one year support
which is reasonable so if you want support after the one year I’m sure there’s some reasonably
priced fee I have never needed support and it works really well for me and that’s all
that that cost let’s take a look at this one right here is called a defender now defender
is from WPMU dev and that’s a website I know it’s kind of a tongue twister there and they
make this is like a hodgepodge of plug-ins that they make in and all kinds of different
things things that they make and what I found with their stuff is they they they look good
but none of them really work well because they don’t specialize in anything there that
will actually specialize in one thing that it’s called WordPress multisite and that’s
it their WordPress multi site I here’s their stuff is good but everything else it’s just
like a me too product while everyone else has a security product will we want one to
an everyone house has an opt in product so we want one to everyone else as a page builder
so we want went to I tend to stay away from trusting my website with those types of companies
that make those types of products and that is the BPM you Deb but essentially this is
a security plug-in that it’s a freemium they recently released it on the freemium model
they’ve had the paid version for a while and the thing I don’t like about it it’s a pretty
plug-in and I think where they excel is in supplant simplicity it’s a lot more simple
to install and configure but what I don’t like about it is you don’t get that network
feature that brute force networking feature with the free version you do get that the
paid version of this so this is a another plug in so out of these five plug-ins I meant
to do tutorial on the word fence on the do tutorial on I themes security my favorite
is I theme security am also going to do tutorial on security in these videos and I’ll be in
a playlist and I’ll release one a day over the next couple days tomorrow most likely
I will do the I themes security one so these are the various WordPress security plug-ins
that I am going to evaluate and recommend and I’ve used anima to make tutorials on but
I want to know what security plug-in you use and why and I also want you to say if you’ve
tested your speed with it on or off and that’s a big question people will say oh I love XYZ
but they’ve never tested the speed of their sites with it enabled and with the disabled
I think people would be shocked with a see if they have word fronts on their website
so anyways thanks for watching this video leave a comment down to below

Only registered users can comment.

  1. Thanks for this Adam. I tend to use these days wp engine or flywheel (signed up today) and other these companies use the premium firewall and malware scan and cleanup from sucuri. I have almost 20 sites on sucuri cloudproxi too, and I think it's excellent. But now it's better value to get this via wp engine or flywheel as part of bulk plans.

    I have a cloudways vs server for the smaller sites and clients that can't afford the premium hosting, and I've been trying to figure out the best plugin based security for these clients. I really don't like Wordfence too much, and agree it can be a performance problem, however I just could not see the wood from the trees for an alternative. I have been impressed with ithemes security too, and Cory Miller is a guy I really have tons of respect for.

    I also have a subscription to wpmu, but I'm barely using it on any new sites now. I may cancel that. I wasn't overly impressed with Defender. It felt too lacking in comparison.

    Great video Adam

  2. I use Jetpack, with Vaultpress and Akismet, They have been fantastic with their support, always get back to me when I have a problem and work with me to solve it

  3. Thanks for the video, @wpcrapter please I need your help, I followed your video on getting a Https from cloudflare after I got it done my site would sometimes go off, when trying to access it I get this red slash across a padlock that will come with message called 'insecure' please help solve this, I have simple SSL and easy SSL plugins installed

  4. was about to subscribe then I realized I am subscribed. great effort men. I was using wordfence and yes I realized it was loading slower but didn't connect the dots until now. I would definitely switch to ithemes thanks to you. I also love the fact that you can have a the premium for life. that is also great. thanks again.

  5. Hi Adam! Very good video again! But what about Secupress? For me it's a really good product too, by some of the guys behind WP Rocket! Should give it some try ;)! Thank you for the great job you're doing for the WordPress Community!

  6. Hi Adam, Great video as always. I use Wordfence and WP Rocket (As you recommended in your channel) . I get load times less then 1 sec with Wordfence. But I didn't check my load time without Wordfence. I will try it. Please make a video about Wordfence. I really want to see what you found about it
    I am also SEO guy and what really matters in load time is TTFB – Time To First Byte. TTFB is great with WP Rocket and Wordfence doesn't bother on this.

  7. Hi Adam. Thank you for the video's. I do not have a protection plug-in yet. I want to try some. Is it possible to deinstall such a plug-in without leaving annoying clutter in the WP database?

  8. Wonderful honest, experience based trustworthy information as usual. Thank you again for the effort that is evident in your 'reports.'

  9. I use WordFence and some non-overlapping features of Sucuri, like plugin and theme activity. What do you recommend for speed testing of sites?

  10. Adam,
    I have been following your channel for some time now and I like the way teach or review.
    Today you were talking about "All In One WP Security & Firewall "
    and It seems like you don't like this plugin that much.
    I would like to know why you don't like it.
    I am personally using the plugin and if its that bad I will be changing it.

  11. After trying a lot of these, i found that combining Wordfence (Firewall + Scan & Live traffic OFF) + iThemes Security works best for me with minimal perf cost and maximum security !

  12. Adam, another excellent video. I just realized I have both, Ithemes and Wordfence, which one would you recommend to keep I'm on inmotionhosting as you suggested. Do you also have anything on woo commerce and membership tied in? thanks a lot.

  13. I think you need to recheck 'All In One Security & Firewall'. It's frequently updated and it got tons of options. True, it does not have the centralized network (which is indeed very good to have), but the options are really good (saved me numerous times from hacks). Excellent video – and thanks Adam for your great work.

  14. I did use WordFence in the free version but now i only use iThemes Security. The main reason, for me to NOT use, WordFence is the 30 day delay policy in the "Real-Time Threat Defense Feed" for the free version. – From WordFence : "Premium members receive the real-time version of the Threat Defense Feed. Free users receive the community version, which is delayed by 30 days." – For me going basically unprotected for 30 is not acceptable.

  15. Another great video!!!
    I would like to know why you don't like ( Two-Factor Authentication ),
    I thought it was a good way to stop brute force attack?
    Thank you Adam…

  16. Thanks. Please when you refer people on Facebook group . Is it your group? And where the link in the description area.

  17. It's true that using Wordfence or any security plugin that makes database calls and or creates a firewall via your htaccess file will cause some performance issues but most have settings as you mentioned that enable you to minimize the performance issue.

    I like Wordfence and some of the others you mentioned and I also like some of the lessor known Security Plugins that are narrowly focused and do just one thing. I just created a video about BBQ that's an extremely easy to use security plugin.

    I look forward to your upcoming security plugins overview.

  18. You're the best. Truthful content always above affiliation……"not like WPBeginners"…they would sell me a rotary dial telephone if they made a commission. Thanks for all your honest hard work.

  19. Hi Adam, I am new to WordPress and security etc. I made few WordPress Websites for my Clients. One of them got Virus attack. The other got hacked and crashed. Now all of them ask me to provide a Security sysyem for them (Security guarenteed) against Virus/Malware/Hack etc. I need 1 time purchase (Lifetime fee) and provide this plug in for them. Which is best. I found one Superb one which costs 1 time fee ie. "BULLETPROOF SECURITY Pro – AIT Pro". Please check this out for me. Is it worth buying this? If so it would be great. Does ITunes Security guard against Virus/malware/Hack (Free version). I need to be Web-Master for all these people so i cant fail. Also they need regular back-up of site. Of course AUTO Feature reqd. Suggest me the best as well comments on BULLETPROOF SECURITY. Thanks !

  20. I love your thorough and honest approach. I Themes Security is my favorite, too. I thought I didn't need all this stuff until I lost 14 sites simultaneously. Now I know better and am still trying to recover from it.

  21. My favorite one is iThemes as well and I bought the pro version when they finally created the lifetime license… I sometimes use WordFence and I think I have both on a couple of site…
    What I'm a little surprised is that you don't talk about Bulletproof Security. I bought the pro version I think before iThemes acquired Better Security… I must say that I only have it installed on one site, though… It seems pretty strong, but I really feel that it's not user friendly: many manual settings (code we need to paste at specific places) and constant alerts that you need to remove or update log… BUT, it seems to be one of the strongest (maybe because there is so many manual settings 😉 )… So, not for newbies and user friendly, but strickly speaking about security itself, I'd like to know your opinion on it (if you know it)… If it's a lot better than the others, it might be worth it to spend more time configuring it… but if it's equivalent, I'll stick to iThemes everywhere…

  22. Very helpful video Adam. Im pretty concerned about security and this video helps me a lot. Do u recommend SiteLock or theres no necessity? Eagerly waiting for ur reply…Thanks again.

  23. Did you make any website using html and css. If you made please send me the link. I saw your comments today it quite impressive so ] want to watch ur videos and follow you i want to make a hotel website please help me and send me the link of best tutorial for hotel website using wordpress and send me link of html and css website also if ypu have any or ur friend

  24. Excellent video! You have a great voice and present very well!! You were right about the fence! I loaded my website and it took 8 seconds. I took it off and it took 4 seconds!! Thank you! iThemes it is!!! About to watch your video now!

  25. been using wordfence on all my sites, will try ithemes and see the difference, thanks for the time for doing this video

  26. at 12:50, I can see 211 – 1 star. you mentioned about these 1 star reviews for sucuri but did you forget about itheme sec ?

  27. I have an 800 number (actually 888) through Ring Central on my website. I am getting between 5 and 10 calls which sound like incoming from a fax. Ring Central said that I am receiving SIP attacks and provided a document with very technical procedures to take care of it, supposedly. My webmaster does have a backup system for the site. Is there a plugin that could take care of these annoying (and possibly risky) calls?

  28. I mostly use WordFence and speed tests I've done haven't shown any major issues with it slowing my or my client's websites down. I do also occasionally use All In One WP Security for one specific feature and in a very specific situation. It's their anti-brute force feature that allows me to manually change the login URL from the WordPress default. I use only that feature and only when I'm seeing a client's website that's getting a lot of brute force attempts.

    Even though WordFence does have it's own brute force protection, that still does mean the hacker can get a few attempts at guessing a login before they get shut down, and only for the IP address they were using, and a botnet can easily have many IPs and a hacker can also spoof the IP to fool the system, but they can't do anything about the changed login URL, so when a bot tries to brute force the site now, all they get is a 404 error. I've never bothered with any of the other features but IMO if you're having a problem with too many brute force attacks, it's well worth the install just for that one feature.

  29. Great Video, so I have word fence free.. and I have trouble with customers not able to log in. So much I had one cancel their membership and lots of failed log ins in the Dashboard. Seems counter productive sometimes.
    Does this ring any bells with you. Thanks

  30. Thank you for a great video!
    Question: I already have an SSL certificate. Can installing iThemes create incompatibility issues, since it automatically comes in with its SSL certificate?

  31. I left Blue Host for the abysmal outsourced support – thanks for giving me another reason why I made the right move.

  32. Hi Adam, thanks for the hard work. You're helping us so much. May you please make a tutorial on how to add full background ads on a WordPress site?

  33. I have iThemes but for the second time a bug with shortpixel plugin crashed my website. Can I also use Wordfence, just in case??

  34. While I open my website than it's redirect to unknown websites.. which plugin I should use for remove this virus? Please reply sir

  35. Hello – i've used a number of various security plugins to hide my login page – plugins that change the login url slug and some that add cookie based protection for login page – HOWEVER, i still get a few alerts that a login lockdown has occurred due to too many failed login attempts (wrong usernames). To me this would indicate that they have somehow found the CUSTOM URL and have now access to the login page – how is this possible ? and how to prevent this ?. How are they still finding my custom url page – can you suggest several options to look at that might be giving this info out ? and some different methods other than using a plugin to prevent the above. Many thanks….

  36. Hi Adam. My friend used a software called "webcopy" or something like that, and downloaded my entire website right in front of my eyes. Is there a way to prevent such thing? Is it time for a updated video on site security? Thanks.

  37. Yeah, wordpress is that bad that you need plugins for standard spamming or even more.. Thumbs down for wordpress. Imagine you create a self-hosted wordpress blog and after few days spammers are finding your blog and spamming for good, but how, why other platforms are not so bad? And then I found this video, ha ha ha, you need a plugins to enable security for your blog, it's not build in, pfff then I go with blogspot for sure.

  38. Good day, the iThemes Security (formerly Better WP Security) plugin says "Warning: This plugin has not been tested with your current version of WordPress." My current version of WordPress is ( version 5.2.1) The plugin description says "Requires WordPress Version: 4.7 or higher" My current version of WordPress is ( version 5.2.1) Can I go ahead and install it?

  39. I am a new developer. Wpcrafter make best tutorials from all other channels on youtube. I watch lots of videos of this channel and I will use ithemes security plugin.

Leave a Reply

Your email address will not be published. Required fields are marked *