WordPress Security

There are numerous plugin options available, the majority of them are trash. Save time, select one from our curated list.

By β™Ÿ Vondelphia.com β€” Updated Sep 2, 2021

Recently, I completed a comprehensive test of several plugins to identify the best security and malware protection plugin. It is unnecessary to pay for quality security, and even if you opt to pay, it should not include unnecessary features and substandard performance and detection. I was particularly impressed by SecuPress, as they presented an option to “auto fix” the issue for a certain amount or provide a manual approach with detailed instructions, which was pretty impressive!

The Most Important Things:

  • Take automated weekly / monthly backups to easily rollback and security attack
  • Change folder and file permissions to 644 to prevent .htaccess and .php malware
  • Lock down your login page, disable common usernames (like admin), protect system folders and change your table_prefix
  • Block external, and also whitelist connections using wp-config.php to stop or prevent communication
// define('WP_HTTP_BLOCK_EXTERNAL', true);
// define('WP_ACCESSIBLE_HOSTS', '*.wordpress.org, *.github.com');
  • Many plugins offer limited functionality because they want you to pay $$$ each and every month or year and typically prevent access to the most valuable features (ie. Malware Cleanup, Firewalla Control, Scheduled Actions, etc.)
  • Disable disable admin panel Theme Editor + Plugin Editor using wp-config.php tweak
  • Delete themes, plugins and files your WordPress installation does not need it.

The majority of plugins that I evaluated were unsuccessful because they either necessitated a monthly or yearly subscription or were excessively large, such as Wordfence, which is 14MB in size. If you wish to trust my assessment, you will have to take my word for it, but I conducted a thorough examination of all the plugins, and some of the things I observed were quite remarkable. Some plugins are created to direct you towards a payment page, while others rely on appealing branding despite lacking essential features.

Favorite Plugins Tested (no money required):

  1. BBQ
  2. Tied = SecuPress & All In One WP Security
  3. WP Cerber Security
  4. Tied = Shield Security & Wordfence
  5. BulletProof Security
  6. Titan Anti-spam & Security
  7. Security Ninja
  8. Defender
  9. iThemes

* strikethrough = too many “premium paid” features
* plugin is junk if it’s not on the list


  • Giant list of wp-config.php tweaks
  • I really enjoyed using Snitch to monitor outgoing connections but it generates ALOT of connection log entries… the insight it provided was amazing though because before now, I never knew just how many API calls plugins make… it’s insane and must be controlled (that’s why I recommend defining WP_HTTP_BLOCK_EXTERNAL).
  • The number of logs / notifications that individuals advertise is absurd, as they may include monitoring alerts for insignificant matters.

Interesting Plugins (not necessarily good)

  • All In One WP Security
  • BBQ
  • BulletProof Security
  • SiteGround Security
  • iThemes Security
  • NinjaScanner
  • SecuPress Free β€” WordPress Security
  • Security Ninja
  • Shield Security
  • Titan Anti-spam & Security
  • Wordfence Security
  • WP Cerber Security, Anti-spam & Malware Scan

Was this helpful?

Yes! πŸŽ‰ No! πŸ˜‘

Not quite what you're looking for? Get Help

Leave a Comment

Item added to cart.
0 items - $0