3 Top Security Plugins for WordPress 2018

These days, websites can literally be just as valuable as property and real estate. So, keeping yours safe is vital.

The Internet now plays an integral role in modern society, and we are becoming increasingly reliant on online services and processes as a result.

Think about it. We use the Internet for our banking, we shop online, we run our businesses online, and some of us earn our own wages exclusively online in the process.

If you read this article, you probably have a WordPress website for your business. But websites aren’t simple to manage. You have to take care of design, content, optimization for search engines and you need to protect it from spammers and hackers.

WordPress Marketshare

As you probably know, WordPress is the world’s most popular CMS for managing website content and, because of that, it is in the attention of hackers.

According to a recent study of Wordfence team Hackers attack WordPress sites both big and small, with over 90,978 attacks happening per minute.” – Wordfence


According to a recent report by wpscan.org, of the 3,972 known WordPress security vulnerabilities:

  • 52% are from WordPress plugins
  • 37% are from core WordPress
  • 11% are from WordPress themes” – ithemes.com

There are over 55,000 plugins in the official directory. So which ones are good ones? Which themes are good ones? How to choose correctly and not harm your website?
The opinion is that an open source script is vulnerable to all sorts of attacks.

This is partially true, but even in this situation, you shouldn’t blame WordPress. Why?

  • Because it’s usually your fault that your site got hacked.
  • There are some responsibilities that you have to take care of as a website owner.
  • So the key question is always, what are you doing to save your site from being hacked?


Top Security Plugins For WordPress

WordPress is the most popular web host currently in operation, no doubt; it is a great deal safer and more secure than most. However, there are things we can do to improve it and make it safer.

Cybercriminals are becoming more advanced, so staying two steps ahead of them is vital. Security plugins, either free or paid, can work wonders if you choose the correct one. Therefore, for the remainder of 2018, here’s a look at three of the best security plugins for WordPress.

This article is more going to help you decide which security plugin is for you. If you go to wordpress.org and do a search just for the word security you are going to get a variety of results.


iThemes Security - Free or $80/year

wordpress security

We’ve put iThemes security first on our list.

When you browse online and look for popular and effective security plugins for WordPress, what do you find? Nine times out of ten, iThemes will be one of the first plugins that you encounter, and rightfully so.

IThemes is a free security plugin that provides users with over 30 unique ways of protecting their websites and increasing their online security.

The plugin is extremely simple to install; it solves a number of common security vulnerabilities, it protects against attacks, it offers helpful security tips and advice, and much more besides.

Best of all, it is so simple to use, as there is a basic checklist located on the dashboard.

It has some features and settings that are most commonly needed for nearly all WordPress websites including banning users, database backups, local brute force protection, network brute force protection, strong passwords, and WordPress tweaks.

One of the important features is network brute force protection. If other sites that running iThemes detect a hacker that’s enforce their site they detect the IP address so that hacker or hackers are identified and iThemes will automatically notify you; hackers will be added to your blacklist so they can attack your website.

The free version does a lot so you probably don’t even need the pro.



Hide My WP Ghost - Free or $29.99


Hide My Wp - Best WordPress SEO plugin

The next one on the list is “Hide My WP Ghost”, proving to be one of the most effective security WP plugins currently on the market.

The most amazing feature of Hide My WP Ghost? It almost acts like a cloaking shield, as it hides the fact that your site/blog is being hosted on WordPress.

This then confuses potential hackers, or bots attempting to identify the CMS. By hiding and altering the WordPress paths, your site will be protected from a number of things, including requests to PHP files, Brute-Force Attacks, Cross Site Scripting (XSS), Throttling of Access Attempts to Entry Points and SQL-Injection.

Your WordPress admin and login is accessible by anyone who knows your site is made with WordPress. You simply put wp-login.php after the URL of your website and you get the login page. This is bad because one of the primary ways of people hacking your website actually gets usernames and passwords and if they can get the login page they are going to have a chance to get into your website.

If they don’t know where you’re login page is there is no chance for them to actually try and guess your username and password.

Hide My WP hides your login link and also renames the themes and plugins that the website is using. It is a complete security solution in one plugin with all the protection a general WordPress site needs.

The plugin removes all traces of WordPress from your website’s source code and also blocks access to the old path so that the hackers can’t identify the WordPress CMS anymore.



All in one Wp Security and Firewall - Free


All in one Wp Security and Firewall is an easy to use plugin.

It will give you a whole bunch of options.  It has a couple cool features: show you how strong your site is, it suggests how strong should be, how long it would take to crack your password, some firewall and scanning settings.

In the dashboard, you will find a security strength meter gauge. The purpose of this gauge is to keep you informed of how secure your site is based on how many of the security features you have activated.

The security and firewall features are categorized as basic, intermediate or advanced with the intent of making easier to use.

Basic features will generally have minimal to no impact on your site’s existing functionality.
The features which are labeled as intermediate or advanced may have some impact on functionality depending on your site setup and the plugins you are currently using.

In your dashboard, you will find the most important features which you should apply to achieve a minimally acceptable level of security.

Some of the features available:

  • user account security
  • use a login security
  • your WordPress database security
  • your file system security particularly
  • file and directory permissions
  • blacklist functionality
  • an assortment of firewall
  • protection mechanisms
  • easy backup and restore functionality (manual and scheduled backup)
  • monitor failed login attempts and general account activity
  • you can find more details about a suspicious IP address or domain name, comment spam
  • you can be informed about those IP addresses that producing the most comment spam on your site; you can easily block them with a single click

WordPress security is something which evolves and changes over time. New threats protection techniques are discovered every year.

John Darrel

I am a WordPress Developer and I love creating plugins and themes for WordPress. It is a great CMS for any kind of business but we need to keep it a safe place.

I have over 10 years experience in building plugins and themes for WordPress and other platforms.

Contact me if you have plugins that you want me to check before you insert them in your website. I will be happy to check them for security and speed.

Related Post

52 thoughts on “3 Top Security Plugins for WordPress 2018

  1. Ramesh says:

    Thank you for this John and it’s great to hear advice from a WP developer and expert. I would like to ask three things if that’s ok….
    1. I heard WordFence is the best BUT it slows down your website quite significantly. True?
    2. Would you say always buy the premium option if available and ditch the free? The thing about WordFence is it you have to buy a licence for each website whereas IThemes gives you multilicenses for not much extra a cost.
    3. How come you haven’t mentioned All In One WP Security & Firewall ? I hear it’s the best TOTALLY FREE plug in. But is it as good as paid versions of iThemes and WordFence?
    Thanks for your help

    • John Darrel says:

      Thank you Ramesh for the comment.
      1. Some functions from Wordfence are going to slow the functionality of your website, yes. This doesn’t mean that it’s a bad plugin but a slow loading website may affect the Google rankings which is a big problem.
      2. You need to check the support service, many people don’t pay attention about the support quality especially when we’re talking about a security Saas.
      3. We haven’t mention it because we haven’t tried it. We can try the free version and see how good it is.

      Best, John

  2. BuildupYouth says:

    Hey !John
    Very good list of plugins you have mentioned and really thanks for this.
    Upon reading your reviews, we installed All In One WP Security & Firewall for our blog and it’s working like a charm!
    Never slows down our site and from backup to blocking, this plugin is a power pack for your website security.
    Thanks for your article and recommendation of WP Security plugin.
    Keep It Up!

Leave a Reply

Your email address will not be published. Required fields are marked *