This article looks at the BEST WordPress Security Plugins for including: Sucuri / Anti-Malware Security / iThemes Security.
We will look at the features each WordPress security plugin offers, how this integrates with your WordPress site and the price of the plugin. You can learn more about the WordPress security plugins by clicking on the links above the images.
- Detection – You can scan and detect malware on all files and databases on your server and it can detect indicators of brute force attacks, find backdoors, phishing pages, DDos scripts, spam and changes to your SSL certificate.
- Protection – The paid-for plans to protect WordPress websites from malware and hacking, provide DDoS attack mitigation, Zero-day exploit prevention and protection against brute force attacks. They offer an advanced service, which is ideal for high traffic websites that need the most reliable security features to prevent downtime and protect your website data.
- Repair – Fixing malware issues requires a paid version but they do offer advice within their documentation on how to remove or fix some of these issues.
- Firewall – Sucuri’s Website Firewall is an add-on for the plugin that offers many advanced features including DDoS protection, bot blocking, signature detection, support for load balancing and support via a ticketing system. This is aimed at websites requiring high-end WordPress security with quick response times, but this may be overkill for an average blogger or small business website owner.
- Price – There are four main versions with different price points offered from the free plugin which offers mostly scanning and monitoring of your website, to the paid versions starting from $199.99 per year which includes the nearly the same options as the higher-end versions, but a slower rate of scanning and response time.
For most websites, the basic package offers all you need but for businesses that rely heavily on their website being clean and working, the business or custom versions prices from $499.99 per year would be better suited to your needs.
This is yet another very useful anti-malware and security plugin for WordPress. The plugin comes with definitions that are actively maintained and which assist it in finding the most common threats.
The malware scanner in this plugin easily allows you to can both files and folder on your WordPress site looking for malicious code, malware, backdoors, and any other known malicious attacks.
You will need to create a free account on the plugin website in order to have access to the latest definitions and premiums features of this plugin. In addition, it will also contact developers’ websites looking for updated definitions.
During the time that the plugin is taking to run through tests it may throw up a significant number of false positives – it is a lot of work to match each of these to the source file.
Anti-Malware Security and Brute-Force Firewall Security Features:
- Detection – Complete scan of your website is available with the free version and the latest definitions to identify new threats can be downloaded through the plugin. I found this plugin can identify issues that other leading security plugins haven’t, and it has proven to be very competent at detecting threats and issues, and I believe it is the best free security plugin available for WordPress
- Protection – Patches are available to prevent known vulnerabilities with plug-ins and access to the site, and brute force protection is available if you have an Apache server. They also offer advice for protecting your website within the FAQs, and a support forum is available.
- Repair – Once a scan has completed, potentially infected files are displayed with the option to delete or you can make changes to the files. As some files have partially been affected, these files should manually be fixed.
- Firewall – The plugin has a firewall to block known vulnerabilities in some plugins, but the premium version blocks brute force attacks and DDoS attacks. The documentation doesn’t go into depth about what the firewall can do unlike Sucuri, so for businesses that rely heavily on their websites, another plugin may be more suitable.
- Price – Free! This plugin open source and the only one on the list that removes malware once you have registered to download the definitions. You are requested to make a donation to enable automatic definition updates and use the core file definitions but the free security plugin offers a lot of functionality.
The team who developed the very popular BackupBuddy plugin have brought you the rather nifty iThemes security WordPress security plugin. Similar to all their other products, iThemes gives you a user interface that is nice and clean and offers a range of alternatives.
It includes checks for file integrity, limited login attempts, security hardening, strong enforcement for passwords, brute force protection and 404 detections to mention just a few.
There is no website firewall with iThemes security, nor does it have a malware scanner of its own. In fact, it uses the malware scanner from Sucuri Sitecheck.
iThemes Security Features:
Detection – Scanning for malware is included with the free version with the pro version offering scheduled scans and email notifications. A dashboard provides a visual overview of attempts to access your website and potential issues and gives a security score for your website with suggestions on how to improve it.
Protection – iThemes has many options in the free version to harden your WordPress website against brute force attacks. The interface is simple to use, and it gives a short explanation for each hardening option. You can restrict IP access to WordPress blocking addresses and allowing access only to specified IP addresses.
Repair – For pro subscribers, a team of experts are available to help by submitting a support ticket. The plugin focuses heavily on protection rather than repair, but for large websites that require SLA’s for security issues, Sucuri may be a better option but at a higher price.
Firewall – A firewall is not included with the free version or paid version of the software, but it will work with Sucuri’s Web Firewall which is a paid add-on costing from $9.99 a month.
Price – The free version offers the scanning and monitoring of your website and has some easy-to-use tools for hardening your WordPress installation, but an already infected website will require a paid version which starts on $80 per year for one installation. For developers, there is a version that offers unlimited sites, and this is priced at $199 per year.
Overall Sucuri is the best WordPress security plugin but at a price that will be prohibitive for a smaller WordPress website owner. The free version of Anti-Malware Security and Brute-Force Firewall WordPress plugin is the best option for most small sites with iThemes offering features in between the two for a small fee.