WordPress Security Plugins

You can take care of the basics of WordPress security yourself, and it doesn’t take long. The next step is to find a good, reliable security plugin that takes care of the rest. There are plenty of security plugins available, some free and some premium, or paid-for. We’re trying to make your life simple, so we won’t go into all of them here. Instead, we’ll recommend one.

Get WordFence

WordFence is one of the most popular WordPress security plugins available. It comes in two flavours – a free version available from the WordPress plugin library, and a premium version which costs around $5 a month. We’ll only deal with the free version here, as it’s more than good enough for most sites.

The free version of WordFence can be downloaded from https://wordpress.org/plugins/wordfence/ and currently has in excess of one million active installs. That in itself is a huge recommendation.

Wordfence is powered by a constantly updated ‘Threat Defense Feed‘ and includes a Web Application Firewall to stop you from getting hacked. There is also a Live Traffic view which gives site owners real-time visibility into traffic and hacking attempts.

One of the things we like about WordFence is that it’s quite easy to use – if a security plugin is hard to set up, users inevitably won’t set it up properly. There’s no excuse with WordFence.

What does WordFence do?

WordFence incorporates a range of blocking features. There is real-time blocking of known attackers – meaning if WordFence detects and blocks a hacker on another site, your site is protected at the same time. You can also block specific IPs or IP blocks, if you feel the need. WordFence also monitors and protects against security threats like aggressive crawlers, scrapers or automated bots doing security scans on your site, looking for vulnerabilities.

WordPress Login Security

WordFence includes a Two-Factor Authentication option, also referred to as cellphone sign-in. This saves you using separate plugins for this function. You can set the plugin up to enforce strong passwords among users. Built-in login security will lock out brute force hackers and prevents WordPress revealing info that might compromise security.

Security Scanning

WordFence includes a scanning system that keeps your system safe, looking for things like HeartBleed vulnerability, checking WordPress core files, themes and plugins against official versions to check their integrity. WordFence scans files for signatures of over 44,000 known malware variants and many known backdoors that create security holes.

There’s more. WordFence incorporates monitoring features, offers multi-site security and offers users an advanced caching function. There is also a free learning centre, which new users will find immensely helpful, and help built into every options page, which makes it so easy to set up.


Although WordFence includes a firewall to protect your WordPress site from common security threats like fake Googlebots, malicious scans from hackers and botnets, quite a few people use both WordFence and NinjaFirewall together. NinjaFirewall is a dedicated firewall plugin, the best we’ve used, and is available free from the WordPress plugin library.

As a security plugin, we’d say WordFence is the best we’ve used. We tried the built-in Falcon caching option but found it caused too many problems, and we prefer WP-Rocket for caching.

WordPress Bugs

Recent Posts

  • Plugin Review - WP Rocket

WP Rocket Review

Review - WP Rocket cache plugin In case you didn't already know, WP Rocket is a WordPress caching plugin and, unlike most cache plugins, is only available in a 'premium' [...]

  • WordPress Security

WordPress Security – 2

WordPress Security Plugins You can take care of the basics of WordPress security yourself, and it doesn't take long. The next step is to find a good, reliable security plugin [...]

  • WordPress Security

WordPress Security – 1

WordPress Security Out of the box, WordPress is a relatively secure publishing platform, but a magnet for hackers. Unless you want to find your site overrun by hackers on a [...]