I am seeking expert opinion on the best WP security plugin

I am seeking expert opinion on the best WP security plugin around. I saw that WPMUDEV has recommended iThemes Security via blog articles but a lot of folks tend to recommend Wordfence.
Which is the more complete security plugin and likely to cause fewer conflicts/lesser issues?
Do these plugins take care of all the hardening suggestion listed on the WP codex?

  • Tyler Postle
    • CGO

    Hey Shireen,

    I have heard a lot of good things Wordfence. Since starting as staff here I have seen some plugin conflicts caused by iThemes. There is a good chance Wordfence also conflicts with plugins; however, I just haven't seen it as much here.

    So, all the good feedback + not seeing as many issues/conflicts makes me lean towards Wordfence. Not to mention it also makes your site faster - most security plugins seem to do the opposite.

    Make sure you have rock solid passwords too! Extremely important.

    Both plugins should be able to take care of the majority of that list.

    Hope this helps!

    Let us know if you have any further questions here :slight_smile:


  • aristath
    • Recruit

    Hello again @Shireen,

    I just wanted to post my personal opinion on this...
    I've been working with WordPress for about a decade and have used most available setups both for security and for caching.
    About 75% of the issues and site malfunctions we see in these forums are caused by mi-configured security and caching plugins.
    The slightest mistake in these plugins can literally ruin and annihilate a site.
    My advise is this:

    1. DO NOT use W3TC or WP Super Cache on your site.

    2. If you want a caching plugin, go for something simple like this one: https://wordpress.org/plugins/quick-cache/

    3. Instead of installing a caching plugin to make your site go faster, you might want to re-consider your hosting environment. If you're on a cheap shared host, you might want to move your site to a cheap VPS. I have found DigitalOcean to be extremely fast, reliable and at the same time cheap! You can get a 512MB VPS on them for $5/month... that's even cheaper than a lot of shared hosts! The easiest way to setup a VPS for WordPress using nginx, memcached and all the other goodies that a professional setup requires you can use this simple script: https://github.com/rtCamp/easyengine It's ridiculously easy to setup and it's as good as a server can get! :slight_smile: If you do end up using this setup, then you can install W3TC from there and it will automatically be configured for you.

    4. DO NOT install ANY security plugins. Instead try a combination of these:
    * The Limit Login Attempts plugin - Don't be discouraged by the fact that it hasn't been updated in more than 2 years... it works flawlessly. This will protect your site from Brute Force attacks.
    * Use CloudFlare. This will protect you from DDOS attacks and also prevent a large number of other attacks and spammers
    * Use Akismet

    I hope that helps... and I really hope you seriously take the above under consideration before installing any caching and/or security plugins.

    Take care,

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.