3 Top Security Plugins for WordPress 2018

These days, websites can literally be just as valuable as property and real estate. So, keeping yours safe is vital.

The Internet now plays an integral role in modern society, and we are becoming increasingly reliant on online services and processes as a result.

Think about it. We use the Internet for our banking, we shop online, we run our businesses online, and some of us earn our own wages exclusively online in the process.

If you read this article, you probably have a WordPress website for your business. But websites aren’t simple to manage. You have to take care of design, content, optimization for search engines and you need to protect it from spammers and hackers.

WordPress Marketshare

As you probably know, WordPress is the world’s most popular CMS for managing website content and, because of that, it is in the attention of hackers.

According to a recent study of Wordfence team Hackers attack WordPress sites both big and small, with over 90,978 attacks happening per minute.” – Wordfence


According to a recent report by wpscan.org, of the 3,972 known WordPress security vulnerabilities:

  • 52% are from WordPress plugins
  • 37% are from core WordPress
  • 11% are from WordPress themes” – ithemes.com

There are over 55,000 plugins in the official directory. So which ones are good ones? Which themes are good ones? How to choose correctly and not harm your website?
The opinion is that an open source script is vulnerable to all sorts of attacks.

This is partially true, but even in this situation, you shouldn’t blame WordPress. Why?

  • Because it’s usually your fault that your site got hacked.
  • There are some responsibilities that you have to take care of as a website owner.
  • So the key question is always, what are you doing to save your site from being hacked?


Top Security Plugins For WordPress

WordPress is the most popular web host currently in operation, no doubt; it is a great deal safer and more secure than most. However, there are things we can do to improve it and make it safer.

Cybercriminals are becoming more advanced, so staying two steps ahead of them is vital. Security plugins, either free or paid, can work wonders if you choose the correct one. Therefore, for the remainder of 2018, here’s a look at three of the best security plugins for WordPress.

This article is more going to help you decide which security plugin is for you. If you go to wordpress.org and do a search just for the word security you are going to get a variety of results.


iThemes Security - Free or $80/year

wordpress security

We’ve put iThemes security first on our list.

When you browse online and look for popular and effective security plugins for WordPress, what do you find? Nine times out of ten, iThemes will be one of the first plugins that you encounter, and rightfully so.

IThemes is a free security plugin that provides users with over 30 unique ways of protecting their websites and increasing their online security.

The plugin is extremely simple to install; it solves a number of common security vulnerabilities, it protects against attacks, it offers helpful security tips and advice, and much more besides.

Best of all, it is so simple to use, as there is a basic checklist located on the dashboard.

It has some features and settings that are most commonly needed for nearly all WordPress websites including banning users, database backups, local brute force protection, network brute force protection, strong passwords, and WordPress tweaks.

One of the important features is network brute force protection. If other sites that running iThemes detect a hacker that’s enforce their site they detect the IP address so that hacker or hackers are identified and iThemes will automatically notify you; hackers will be added to your blacklist so they can attack your website.

The free version does a lot so you probably don’t even need the pro.



Hide My WP Ghost - Free or $29.99


Hide My Wp - Best WordPress SEO plugin

The next one on the list is “Hide My WP Ghost”, proving to be one of the most effective security WP plugins currently on the market.

The most amazing feature of Hide My WP Ghost? It almost acts like a cloaking shield, as it hides the fact that your site/blog is being hosted on WordPress.

This then confuses potential hackers, or bots attempting to identify the CMS. By hiding and altering the WordPress paths, your site will be protected from a number of things, including requests to PHP files, Brute-Force Attacks, Cross Site Scripting (XSS), Throttling of Access Attempts to Entry Points and SQL-Injection.

Your WordPress admin and login is accessible by anyone who knows your site is made with WordPress. You simply put wp-login.php after the URL of your website and you get the login page. This is bad because one of the primary ways of people hacking your website actually gets usernames and passwords and if they can get the login page they are going to have a chance to get into your website.

If they don’t know where you’re login page is there is no chance for them to actually try and guess your username and password.

Hide My WP hides your login link and also renames the themes and plugins that the website is using. It is a complete security solution in one plugin with all the protection a general WordPress site needs.

The plugin removes all traces of WordPress from your website’s source code and also blocks access to the old path so that the hackers can’t identify the WordPress CMS anymore.



All in one Wp Security and Firewall - Free


All in one Wp Security and Firewall is an easy to use plugin.

It will give you a whole bunch of options.  It has a couple cool features: show you how strong your site is, it suggests how strong should be, how long it would take to crack your password, some firewall and scanning settings.

In the dashboard, you will find a security strength meter gauge. The purpose of this gauge is to keep you informed of how secure your site is based on how many of the security features you have activated.

The security and firewall features are categorized as basic, intermediate or advanced with the intent of making easier to use.

Basic features will generally have minimal to no impact on your site’s existing functionality.
The features which are labeled as intermediate or advanced may have some impact on functionality depending on your site setup and the plugins you are currently using.

In your dashboard, you will find the most important features which you should apply to achieve a minimally acceptable level of security.

Some of the features available:

  • user account security
  • use a login security
  • your WordPress database security
  • your file system security particularly
  • file and directory permissions
  • blacklist functionality
  • an assortment of firewall
  • protection mechanisms
  • easy backup and restore functionality (manual and scheduled backup)
  • monitor failed login attempts and general account activity
  • you can find more details about a suspicious IP address or domain name, comment spam
  • you can be informed about those IP addresses that producing the most comment spam on your site; you can easily block them with a single click

WordPress security is something which evolves and changes over time. New threats protection techniques are discovered every year.

John Darrel

I am a WordPress Developer and I love creating plugins and themes for WordPress. It is a great CMS for any kind of business but we need to keep it a safe place.

I have over 10 years experience in building plugins and themes for WordPress and other platforms.

Contact me if you have plugins that you want me to check before you insert them in your website. I will be happy to check them for security and speed.

Related Post

52 thoughts on “3 Top Security Plugins for WordPress 2018

  1. Michael Amaral says:

    Hi Jhon,
    You have listed Great security plugins. it really helpful. I want to suggest User Blocker plugin. It helps to block an unnecessary user.
    I have tried it and i hope it helps you too.

  2. Alan Wiat says:

    Hey !

    Great post ! We would be very grateful if you would try and then express your opinion about our plug-in. it’s not as popular yet, but we are receiving good reviews from our users. Our product offers an all around website protection and security modules as well as several interesting additions such as an automatic version updater

    It’s the WordPress “WebDefender” : https://wordpress.org/plugins/cwis-antivirus-malware-detected/

    Many Thanks,

  3. DD George says:

    Hi John,
    This is amazing! This is the first time to hear about WP Antivirus Site Protection as well. I think iThemes Security is an awesome plugin to add in any site. Correct me if I’m wrong, but I think all these plugins can work together without a problem? This way, your site is really secured.

  4. willaplayfair says:

    What’s Taking place i am new to this, I stumbled
    upon this I’ve found It positively helpful and it has helped
    me out loads. I hope to contribute & aid other
    users like its helped me. Good job.

  5. samcrittenden says:

    Wonderful web site. A lot of useful information here.
    I’m sending it to some buddies ans additionally sharing
    in delicious. And naturally, thanks on your sweat!

  6. morgana says:

    Hi! I’ve installed WordFence plugin BUT my website get continuously hacked… like 10 times in a couple of months! I will def try one of the plugins that you mentioned here

    • John Darrel says:

      I know it’s costly to lose your data or even a day to put the website back online.
      This is why we tried to bring you the most efficient security plugins.


    • John Darrel says:

      Wordfence is a good security plugin but probably you have some vulnerable plugins installed. You need to check that out too.

  7. syedtutul says:

    This is the first time you hear about WP antivirus site security. I think iThemes Security is a great plugin for adding a site. Fix me if I’m wrong, but I think all these plugins can work together without a problem? In this way, your site is really safe.

Leave a Reply

Your email address will not be published. Required fields are marked *