UPDATE: May 2, 2018
I don't normally update and re-launch my posts, but in the case of the 27 Best WordPress Security Plugins, I realized it's worth doing.
This is one of my most popular posts, which tells me people can not read enough about security – and for good reason. Keeping your site secure is second only to posting great content.
Not only is this page's layout better optimized, the content is completely updated. A few have increased installations and a couple have lower rankings.
Four of the 27 have been removed or flagged in the WordPress repository for various reasons.
Enjoy the new list!
-Mari
When it comes to protecting your site from evil doers, start by installing some powerful WordPress security plugins.
Security plugins will act as your site's bouncer, fighting off brute force and spam attacks as well as being your inside agent, working to gather intelligence on who's targeting your site.
This comprehensive list includes plugins to fight hackers, kill spam, protect logins, as well as saving backups. All of these plugins are highly rated and regularly updated, and best of all, they're free.
Some, though, offer premium versions to give you yet more protection for your site.
Check out our Updated list of 27 Best WordPress Security Plugins!
Hacker Protection
Wordfence Security
Secure your website with the most comprehensive WordPress security plugin. Firewall, malware scan, blocking, live traffic, login security & more.
By Wordfence
Five Stars of 3,263 reviews
1+ Million Active Installs
BulletProof Security
Secure WordPress Website Security Protection: Firewall Security, Login Security, Database Security & Backup...
4.5 rating based on 298 ratings
100,000+ Active Installs
Anti-Malware Security and Brute-Force Firewall
This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
By Eli Scheetz
5.0 rating based on 510 ratings
200,000+ Active Installs
iThemes Security (formerly Better WP Security)
Take the guesswork out of WordPress security. iThemes Security offers 30+ ways to lock down WordPress in an easy-to-use WordPress security plugin.
By iThemes
4.5 rating based on 3,841 ratings
900,000+ Active Installs
Sucuri Security - Auditing, Malware Scanner and Security Hardening
The Sucuri WordPress Security plugin is a toolset for security integrity monitoring, malware detection, audit logging and security hardening.
By Sucuri, Inc
4.5 rating based on 297 ratings
400,000+ Active Installs
All In One WP Security & Firewall
A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
By Tips and Tricks HQ, Peter, Ruhul, Ivy
5.0 rating based on 767 ratings
600,000+ Active Installs
Shield WordPress Security
The Most Comprehensive and Highest-Rated Security System for WordPress (formerly the WordPress Simple Firewall).
By iControlWP
5.0 rating based on 761 ratings
80,000+ Active Installs
WebDefender (formerly CWIS Antivirus)
Provides antivirus scanner, malware removal, two-layer firewall, adware, spyware and SPAM Links Detection, updater, brute force bot attack prevention, anti-spam protection, vulnerabilities detection, blacklist monitoring, and IP Lockouts.
4.5 rating based on 12 ratings
Last Updated: 8 mins ago
2,000+ Active Installations
Akismet
Akismet checks your comments against the Akismet Web service to see if they look like spam or not.
By Automattic
5.0 rating based on 884 ratings
1+ Million Active Installs
Antispam Bee
Easy and extremely productive spam-fighting plugin with many sophisticated solutions. Includes protection against trackback spam…
5.0 rating based on 139 ratings
300,000+ Active Installations
Spam Protection by CleanTalk
Spam protection, anti-spam, all-in-one, premium plug-in. No comments spam & users spam, no contact form & WooCommerce spam. Forget spam.
By СleanTalk
5.0 rating based on 1,993 ratings
70,000+ Active Installs
Anti-Spam
No spam in comments. No captcha.
By webvitaly
5.0 rating based on 142 ratings
200,000+ Active Installs
Login Protection
MiniOrange 2 Factor Authentication
This plugin provides various two-factor authentication methods as an additional layer of security for wordpress login. We Support Phone Call, SMS, Email Verification, QR Code, Push, Soft Token, Google Authenticator, Authy, Security Questions(KBA), Woocommerce front-end login, Shortcodes for custom login pages.
By miniOrange
4.5 rating based on 87 ratings
Active installs: 6,000+
Loginizer
Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.
By Raj Kothari
5.0 rating based on 130 ratings
400,000+ Active Installs
Limit Login Attempts Reloaded
Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers. GDPR compliant.
By wpchefgadget
5.0 rating based on 24 ratings
80,000+ Active Installations
Read More: Use Mantras as Passwords for Web Nirvana
Backups and Restoration
UpdraftPlus WordPress Backup Plugin
Backup and restoration made easy. Complete backups; manual or scheduled (backup to S3, Dropbox, Google Drive, Rackspace, FTP, SFTP, email + others).
By UpdraftPlus.Com, DavidAnderson
5.0 rating based on 2,803 ratings
1+ Million Active Installs
WP Database Backup
Create & Restore Database Backup easily on single click. Manual or automated backups (backup to Dropbox,Google drive,Amazon s3,FTP,Email).
4.5 rating based on 51 ratings
60,000+ Active Installs
BackWPup
Schedule complete automatic backups of your WordPress installation. Decide which content will be stored (Dropbox, S3…).
By Inpsyde GmbH
4.5 rating based on 726 ratings
600,000+ Active Installs
Backup Guard
Backup Guard is the best backup choice for WordPress. Backup, restore, clone, duplicate or migrate your website with few clicks.
By BackupGuard
4.5 rating based on 360 ratings
80,000+ Active Installs
WPBackItUp
Backup, restore, clone, duplicate or migrate your site effortlessly with WPBackItUp.
By WPBackItUp
4.5 rating based on 216 ratings
20,000+ Active Installs
blogVault Real-time Backup
Backup by blogVault is the most reliable way to perform WordPress backup for your site. It is the easiest way to backup, restore or migrate your sites
4.0 rating based on 71 ratings
20,000+ Active Installs
​ Duplicator – WordPress Migration Plugin
WordPress migration and backups are much easier with Duplicator! Clone, backup, move and transfer an entire site from one location to another.
By Snap Creek
5.0 rating based on 1,682 ratings
1+ Million Active Installations
All-in-One WP Migration
Move, transfer, copy, migrate, and backup a site with 1-click. Quick, easy, and reliable.
By ServMask
5.0 rating based on 4,300 ratings
1+ Million Active Installations
Obfuscate Email
Obfuscate email addresses to deter email harvesting spammers, while retaining the appearance and functionality of hyperlinks.
By Scott Reilly
3.5 rating based on 10 ratings
10,000+ Active Installs
Email Address Encoder
A lightweight plugin to protect email addresses from email-harvesting robots by encoding them into decimal and hexadecimal entities.
By Till KrĂĽss
4.5 rating based on 97 ratings
100,000+ Active Installs
Really Simple SSL
No setup required! You only need an SSL certificate, and this plugin will do the rest.
5.0 rating based on 363 ratings
900,000+ Active Installs
SSL Insecure Content Fixer
Clean up WordPress website HTTPS insecure content
By WebAware
5.0 rating based on 161 ratings
100,000+ Active Installs
Stay secure!
If you know of any WordPress security plugins that deserve to be on this list, please leave the information in comments below.
I’m always on the lookout for a better plugin!
Â
Subscribe to Blogsite Studio and get my new ebook!
Secure Your WordPress Website: How to Protect Yourself from Hackers, Spammers, Scrappers, and Imbeciles
A field guide to stopping evildoers from breaking into your website, stealing data, and injecting malware.
Plus, what to do after a hack!
Instead of most popular that list should contain most effective. https://webanti.com/ as antivirus 🙂
Looks interesting, Webanti. Is this a new plugin?
Thanks for mentioning.
Helpful list of WordPress security plugins. Thanks for sharing.
Currently i am using the User Activity Log Pro plugin for login purpose security of my website.
Thanks for mentioning it, Danial. Looks interesting!
Great article, Mari! I recommend a lot of these plugins to WordPress users as well. Another thing to consider is the security of your site’s server. Especially if you’re managing your own cloud server with DigitalOcean or Rackspace, you could use a service like HeatShield (https://heatshield.io) to manage your server’s firewall and block ssh brute force attempts.
Thanks for that Ben. I should do a post on those services alone.
Hey !
Great post ! We would be very grateful if you would try and then express your opinion about our plug-in. it’s not as popular yet, but we are receiving good reviews from our users. Our product offers an all around website protection and security modules as well as several interesting additions such as an automatic version updater
It’s the WordPress “WebDefender” : https://wordpress.org/plugins/cwis-antivirus-malware-detected/
Many Thanks,
Alan
Hi Alan!
Are you psychic? Over the weekend, I remembered having installed WebDefender in one of my sites recently, particularly to block IP addresses, and how much I’ve come to like it. I also like the Security Tweaks suggestions. I don’t know how I missed this! Will add to this update momentarily.
Thanks!
Mari
Great article.
I have seen people who install a security plugin once their website has been compromised. Don’t wait for something to happen, rather be proactive.
Nice list Mary. Updraft plus is my personal favourite. Keep it up !!
Thanks guys!
Yes, we can’t stress enough how important security plugins are – before a hack!
Stay secure!