88 Responses

  1. Frank Jonker
    Frank Jonker April 17, 2012 at 19:27 | | Reply

    Great article, ,thanks for the info and shared.

  2. ChefGaby
    ChefGaby April 17, 2012 at 20:37 | | Reply

    Some links to the WordPress plugins section would be nice.
    I also don’t see the point in linking the images to the image itself.
    I searched for the plugins myself, but linking directly to the plugin would be helpful.

  3. Julio Potier (BoiteAWeb)
    Julio Potier (BoiteAWeb) April 18, 2012 at 09:54 | | Reply

    What about a login plugin protection like “BAW More Secure Login” (WordPress official repo) ?
    What so you think about this strong authentication free plugin ?
    See you !

  4. Davide De Maestri (@gleenk)
    Davide De Maestri (@gleenk) April 18, 2012 at 11:51 | | Reply

    Thanks for the list. Unfortunatly some of them are not very updated 🙁 but thanks anyway!

  5. maurizio
    maurizio April 18, 2012 at 14:15 | | Reply

    i would also add “Better WP Security” – http://goo.gl/4cCvx

  6. Jeff
    Jeff April 18, 2012 at 14:58 | | Reply

    OMG! I just activated and set up Bulletproof. Looks amazing! I am stoked. The real test will be watching what my monitoring service does when it scans my site tomorrow. 😉

  7. Piet
    Piet April 18, 2012 at 17:04 | | Reply

    Same as @ChefGaby for this article to be(come) informative it needs links to the plugins mentioned. I tried searching for the first (Blackhole) but couldn’t find anything, so I won’t even bother with the rest!

    1. Piet
      Piet April 18, 2012 at 17:12 | | Reply

      Arghhh & Oops
      Had this window already open since this am and only now had the time to read it and of course I did not refresh the page.
      Seeing the links now, cheers!

  8. Diana Maria
    Diana Maria April 20, 2012 at 09:24 | | Reply

    Preventing the WordPress blog from unsavory characters is not a problem now. These WordPress security plugins help in minimizing attacks from hackers. These snippets of information helped me with respect to the security and so I thought of sharing them with you all.

  9. Gareth
    Gareth April 28, 2012 at 10:41 | | Reply


    I wonder if you can offer some advice on this. I have a blog that for the last 8 weeks has been receiving unwanted subscriptions. The trouble is I don’t know how they are coming through.

    I use feedburner for both my RSS and email sign up. I have removed the contact us form and replaced with email address written out (the @ replaced with at).

    I have updated all of the relevant plugins and version of WP but I am still getting fake signups that go into the membership section as a subscriber (which isn’t where the email subscriptions are recorded).

    I am not a dev person so am struggling. Any thoughts people?

  10. Rawaf
    Rawaf June 20, 2012 at 10:40 | | Reply

    Perfect Article, thank you for the list, I used some them as like WP Security Scan, WP-DBManager, WordPress File Monitor Plus and AskApache Password Protect
    they are good for me
    best regards

  11. 4decor
    4decor July 12, 2012 at 00:16 | | Reply

    Thank you! i’ve been hacked some weeks ago but still lookin’ for any good protection from malware.

  12. Julio Potier (BoiteAWeb)
    Julio Potier (BoiteAWeb) July 12, 2012 at 01:12 | | Reply

    By the way, WordPress Firewall 2 contains 2 huge security issues (XSRF and XSS), so, it will be deactivated soon.
    Keep in touch, i’ll do a “3” 😉

  13. Dyzk
    Dyzk July 22, 2012 at 09:26 | | Reply

    Thank you. Very useful plugin for wordpress security.

  14. Deano
    Deano October 6, 2012 at 02:58 | | Reply

    I like to know if these plugin conflict eachother.
    Or which plugins work together… Anyone?

  15. Daniel Convissor
    Daniel Convissor October 18, 2012 at 14:28 | | Reply

    Take a look at the (relatively new) “Login Security Solution” plugin, http://wordpress.org/extend/plugins/login-security-solution/. The attack monitoring examines user names, passwords and IP addresses. It accommodates IPv6. The password strength requirements provide full support for UTF-8 passwords, even those using alphabets with only one case. Plus it has a full set of unit tests.

  16. Naoufel
    Naoufel January 8, 2013 at 17:06 | | Reply

    thx 😉 good job

  17. Prabhanjam India IT Solutions
    Prabhanjam India IT Solutions January 30, 2013 at 10:12 | | Reply

    Thank u for your list. It’s good..

  18. Fabio Negalanco
    Fabio Negalanco February 20, 2013 at 04:56 | | Reply
  19. Minimalist Design Websites
    Minimalist Design Websites March 16, 2013 at 16:36 | | Reply

    Great list of plugins exactly what i needed as i have created a new wordpress site. i would have been Great if you could advice the pros and cons some plugins. But anyway it is still good source.

  20. 01darkan01
    01darkan01 March 18, 2013 at 14:44 | | Reply

    hi all i’ve code a new antivirus perl based.
    1) found and remove malicious file and if you want make a backup.
    2) found exploitables file and suggest update
    video demonstration

    if someone is interesting to test please contact me
    last few testing and program will be public

  21. GazD
    GazD April 18, 2013 at 12:34 | | Reply

    Hi Jean, nice blog. Thank you. I am currently working through the maze of WP security options trying to work out what to do and use etc. This certainly helps. Bulletproof security was recommended as well as WP Defender. I assume that either will do?

  22. Mahesh
    Mahesh April 18, 2013 at 16:54 | | Reply

    In one of the websites I manage I see lot of attempts to login to the website automatically. Those are from a particular countries and I can also trace out individual IPs from which I was attacked. I banned few countries and few countries from visiting my website. However I don’t think it’s a good method. I see lots of security plugins mentioned in this article. Is there any particular plugin that could be useful in dealing with my situation?

    Thank you

  23. bloggy9
    bloggy9 April 29, 2013 at 05:23 | | Reply

    thanks for the info. Greatly appreciated.

  24. newblogger
    newblogger May 2, 2013 at 02:53 | | Reply

    Has anyone used “Anti Malware”

  25. newblogger
    newblogger May 2, 2013 at 03:04 | | Reply

    http://wordpress.org/extend/plugins/gotmls/ This is the link. It may be called GOTMLS. I really am new.

  26. Robert Black
    Robert Black May 28, 2013 at 13:46 | | Reply

    That’s a great list. As well as BPS I also use Better WP Security and Secure WordPress. Of course one of the most important things is if you have a user name of “admin” change it NOW!

  27. eMail Tips Daily website
    eMail Tips Daily website June 6, 2013 at 22:21 | | Reply

    I came here from another post on the blog: http://www.wpmayor.com/plugin-reviews/best-plugins-to-hide-wordpress at Jean’s recommendation.

    Excellent tool-set collection, Jean!
    And among them there is one I haven’t heard of yet (the AskApache one…) – this is so cool, I have new toys to play with, tonight…

    Thanks again, Jean!

  28. saanvi
    saanvi June 7, 2013 at 09:09 | | Reply

    Great thanks for this wonderful post about WordPress Security Plugins but I install some Plugins in my WordPress blog & due to lot of Plugins my website wasn’t running. It was showing me Server error. so I don’t use very many plugins.

  29. Ayesha Wahidi
    Ayesha Wahidi June 11, 2013 at 18:08 | | Reply

    thank you so much. I was facing security problems with my blog

  30. Eddie Olivas
    Eddie Olivas July 1, 2013 at 08:04 | | Reply

    Thanks for the info! I’ve been having a lot of trouble with “WordPress HTTPS” with one of my client’s sites it was making it way slow. I’m hoping “Better WordPress Security” will be better. I’ll give it a try now thanks again 🙂

  31. 01darkan01
    01darkan01 July 9, 2013 at 02:22 | | Reply

    finally i’ve release a new free GPL antivirus customize for wordpress
    to download http://wordpress-antivirus.blogfree.net
    for info or other contact me


  32. Maria S. Walker
    Maria S. Walker August 26, 2013 at 13:27 | | Reply

    With the number of threats online, having a security help for our blog is very essential Good thing you posted this very informative article. Now, we are aware of how to secure our blog’s essential data. Thanks a lot for this post and please continue posting more informative articles.

  33. sampath kumar
    sampath kumar September 13, 2013 at 20:32 | | Reply

    Hello Jean,If you were to recommend me the best free security plugin for my blog http://zackable.com what would it be?

  34. Suraj
    Suraj September 19, 2013 at 17:45 | | Reply

    I prefer “Security Ninja”.It’s one of the most secure wordpress plug-in I have used till now.

  35. brian lacouvee
    brian lacouvee April 18, 2014 at 10:43 | | Reply

    Came across your article looking for an alternative to Best WP Security (iThemes Security). Do you have an update to your opinion now that all this mess has happened to them. I am still using their version 3.6.6. I am concerned they have removed some important features in order to offer them with the pro version. I may be completely wrong, but with what has transpired I have to wonder? Do you have a good WP Security plugin alternative to replace iThemes Security at this time?

  36. rayan
    rayan August 5, 2014 at 23:22 | | Reply

    Brian Lacouvee I advise you the plugin WP Security All In One one of Almighty which ravage right now, it’s simple easy to use rich food security, even copying text is protected.

  37. Ulrich Eckardt - Coach
    Ulrich Eckardt - Coach August 31, 2014 at 15:58 | | Reply

    Thanks a lot for these article to make WP safe!

  38. giannisrizos
    giannisrizos November 27, 2014 at 20:19 | | Reply

    what about pruteprotect is antivirus or not??

  39. giannisrizos
    giannisrizos November 27, 2014 at 20:24 | | Reply

    what about pruteprotect is antivirus or not??
    i need anivirus pluggin and firewall please i had just prute protect thank you!!

    1. Chris
      Chris December 1, 2014 at 03:15 | | Reply

      Assuming you mean Bruteprotect, it seems to be only protecting against brute force attacks.

      From what Jean wrote above, Best WP Security includes that function and more… I know this site (http://cheapest-tickets.com) deals with discount concert tickets and has that plugin in place to defend its business. Pretty smart!

  40. supsystic
    supsystic January 15, 2015 at 10:29 | | Reply

    Hi there!
    I find good security plugin and recomend it for you. You can find it from this sites:

  41. gromudarajako
    gromudarajako February 23, 2015 at 11:56 | | Reply

    Looks promising, i like this ”hide wordpress” thing. For me most important is to change login url, bruteforce, and hide wp.

  42. asssssssdasdasd
    asssssssdasdasd May 18, 2015 at 00:07 | | Reply

    where is wordfence?

    1. Mark Zahra
      Mark Zahra June 5, 2015 at 11:46 | | Reply

      Hi, the post has now been updated again, and it now includes Wordfence also 🙂

  43. vijaygopal
    vijaygopal May 20, 2015 at 05:33 | | Reply

    hi jean. can you tell me absolute tool for my site http://www.techdroop.com. Please suggest me the right one !!

  44. Matthew
    Matthew June 5, 2015 at 22:34 | | Reply

    In installed the following tool and i scanned my WordPress sites for vulnerabilities https://www.rosehosting.com/blog/install-wpscan-on-an-ubuntu-14-04-vps/

  45. Whiteboard Creations
    Whiteboard Creations June 12, 2015 at 15:55 | | Reply

    Jean, we’re avid users of WordFence Free Version, but am going to be investing in the paid version for 1 of our company sites, while the other company site will have BulletProof from AITpro so we can see the difference in the level and depth these 2 big plugins go to protect the WP site.

    Thanks for the write up on more plugins I never heard of. Do any seem clunky to you or do you prefer one over another?

    What security measures do you take and use on this website/blog?

    – Patrick

  46. vizcano
    vizcano June 13, 2015 at 23:03 | | Reply

    Some of them seem to do the same thing… so if i had to choose. One of each kind of protection… which ones would you recommend?… (They need to be easy to set up… i am a wp rookie)
    I have askimet and stop spammers in my wp site.


    1. jenniferwebdeveloper51
      jenniferwebdeveloper51 August 4, 2015 at 06:09 | | Reply

      Hi vizcano,

      Wordfence and All in One WP security Plugins are best but I recommend you to use Wordfence Plugin. You can see the feature comparison chart of WordPress security plugins http://blog.templatetoaster.com/best-5-wordpress-security-plugins/ and see how Wordfence is the best.

  47. Purushottam Kadam
    Purushottam Kadam July 23, 2015 at 23:35 | | Reply

    Excellent post i found here which i am looking for best security plugin
    I have now using Woodfence security plugin for my blog it’s Damm Good and better

  48. Rahul
    Rahul August 6, 2015 at 07:30 | | Reply

    Hi Jean,

    You have missed a great free security plugin called Simple Security Firewall. It is an all in one plugin with any premium feature restriction.

  49. Erik Emanuelli
    Erik Emanuelli August 31, 2015 at 12:22 | | Reply

    Great information, Jean!

    From the ones you mentioned, “Wordfence Security” plugin, I found it a free and great solution to secure blogs and make them faster.
    Tested and happy with it!

    Thanks for the share.

  50. lupomare
    lupomare September 30, 2015 at 06:42 | | Reply

    Very Good Article

  51. Davis Brown
    Davis Brown October 11, 2015 at 22:32 | | Reply

    Great Such a nice collection of security plugins.really nice keep it up with good sharing.To know more 50+ best wordpress Plugins, go to google & search for “blog.templatetoaster” there you will be finding some best wordpress plugins.

  52. JM Créa
    JM Créa November 26, 2015 at 04:25 | | Reply


    a new plugin for scan upload folder an detect a suspicious files : https://wordpress.org/plugins/scan-upload-par-jm-crea/

  53. Surendra Soni
    Surendra Soni December 3, 2015 at 05:39 | | Reply

    Nice article friend,

    I these plugin which plugin help me to clock bots to register in my buddypress site. also allow facebook registration.

    Please advise.

  54. Bhajan
    Bhajan December 15, 2015 at 00:34 | | Reply

    great one and awesome plugins thanks for sharing 🙂

  55. Hugh (@fencepress)
    Hugh (@fencepress) December 16, 2015 at 10:22 | | Reply

    Hi, I just released a new plugin+app that lets you close your login page (and add other forms of security) using your smartphone. Plans start at 1$ per year – see https://fencepress.com

  56. sanjay
    sanjay January 5, 2016 at 03:22 | | Reply

    hey Jean,

    one should use all plugins for security or some of them.
    Which will be good for all your protection need.

  57. Paul Goodchild
    Paul Goodchild January 28, 2016 at 04:45 | | Reply

    Hey Jean!

    Would really love for you to include our WP Simple Firewall plugin in the round-up. We have stacks of awesome features.

    Happy to answer any questions if you need about it!

  58. Emma Watson
    Emma Watson February 22, 2016 at 02:13 | | Reply

    What about permissions to the user database?, I always put all privilegies but I think all is not ok, can you share about this?.

  59. Bilqees Kenchi
    Bilqees Kenchi March 24, 2016 at 04:58 | | Reply

    Hello, friend my question is that, please tell how to secure wordpress blog /site from hackers? Is this responsibility of hosting providers or my-self. Kindly tell some plugins for wordpress.

    1. Mark Zahra
      Mark Zahra March 28, 2016 at 06:26 | | Reply

      Hi Bilqees, you can use any of the plugins mentioned above to improve your site’s security.

  60. Brenda Smith
    Brenda Smith April 7, 2016 at 09:04 | | Reply

    There is no doubt that These are the must have WordPress plugins for every blogger.

    Currently I am using few of them like Yoast SEO, Jetpack, W3 Total Cache, Redirection, Wp Smush.it.

    For WordPress security, I am using ” iThemes security ” also known as ” Better WP Security “.

    Thanks for sharing this list with us.

  61. Bob
    Bob April 21, 2016 at 01:08 | | Reply

    Also Duo Security for 2FA signing in. I use an iPhone 3GS with IOS6.1 from 2009; uses push notifications or a six digit number. Using it for LastPass, WP.com, Amazon and there is even a WP plugin. Google Authenticator requires IOS8 as a min. Duo Security is free.


  62. Bob
    Bob April 21, 2016 at 02:20 | | Reply

    Thanks for the article; I have tried all of these plugins, but recently I switched to WP Simple Firewall or what is now called Shield. I have gone from six security plugins to one. Simple and lightweight, I have found that my site has sped up by a factor of three(I also deleted Jetpack). A neat bag of tricks that hides your login screen, shuts down the Dashboard with a code; includes Sucuri and Brute Force Protection. Shield is free, however I went with the paid version that includes IcontrolWP @$15.00USD per month. You get Google Analytics and WorpDrive backup @20GB and five sites to manage. IcontrolWP gives you the security of daily backups and peace of mind. The help section is second to none, and questions are quickly responded to. IcontrolWP has a 30 day free trial.


  63. Nicepedia
    Nicepedia April 21, 2016 at 11:45 | | Reply

    Great article.
    I have seen people who install a security plugin once their website has been compromised. Don’t wait for something to happen, rather be proactive.

  64. Santanu
    Santanu April 24, 2016 at 05:41 | | Reply

    Great collection. Security is one of the big concern in recent times and one should use any of these plugins to keep the website safe from attacks.

  65. romaincaisse
    romaincaisse May 3, 2016 at 06:36 | | Reply

    This was a refreshing post that highlighted some areas I had not thought about.

  66. Jonathan
    Jonathan July 29, 2016 at 04:59 | | Reply

    Personally I would use the IgniteVision solution for a security plugin. It’s called IVGuard and it does lots of things that the other plugins don’t. You can find it here: https://wordpress.org/plugins/ivguard/

    If you need some more info about the plugin visit their website: https://ivguard.net

    You will thank me later 🙂

  67. Lucy Barret
    Lucy Barret August 17, 2016 at 06:12 | | Reply

    Thanks for sharing this. All the plugins that you listed here are very good. But my favorite is Sucuri Security.

  68. John Darrel
    John Darrel August 20, 2016 at 23:24 | | Reply


    We released a new security plugin “Hide My WordPress” that will hide and customize all the paths from your WordPress website. We optimized it for speed, multisite and different type of servers.

    Check it out: http://wpplugins.tips/hide_my_wordpress

    Hide My WordPress works with all the security plugins you’ve listed above.

    Thank you for making WordPress a safer place.

  69. samdani
    samdani October 4, 2016 at 01:37 | | Reply

    This is the best list about WordPress security plugin. We have to make sure WordPress security system and WP Security Audit Log would be best one. Thanks a lot for your great contribution.

  70. sbsea
    sbsea October 6, 2016 at 20:57 | | Reply

    You should try LCS Security – works really well. My site was under a barrage of failed login attempts and some adware content got injected somehow. This plugin looks like a newcomer, but it really got rid of most hacking attempts and content injection within just a few days after installation.

  71. Albert
    Albert October 10, 2016 at 23:15 | | Reply

    Thanks for the useful list of security pllugins. Useful blog…

  72. Corey
    Corey October 15, 2016 at 02:54 | | Reply

    I was really surprised by new plugin S.A.F. https://wordpress.org/plugins/security-antivirus-firewall/

    It’s looks like jet pack actually. Plugin have build-in security modules like antivirus, brute force protector, firewall, 404 page attacks detector and some additional tools like google captcha, wordpress updates checker, easy password checker. For now using this plugin for 2 blogs and it’s really have huge potential. Really big surprise that almost all features are free. There’s no monthly fees stuff, like most other developers do.

Leave a Reply

Please enter an e-mail address