The 27 Best WordPress Security Plugins to Prevent Hacking in 2018
UPDATE: May 2, 2018
I don't normally update and re-launch my posts, but in the case of the 27 Best WordPress Security Plugins, I realized it's worth doing.
This is one of my most popular posts, which tells me people can not read enough about security – and for good reason. Keeping your site secure is second only to posting great content.
Not only is this page's layout better optimized, the content is completely updated. A few have increased installations and a couple have lower rankings.
Four of the 27 have been removed or flagged in the WordPress repository for various reasons.
Enjoy the new list!
When it comes to protecting your site from evil doers, start by installing some powerful WordPress security plugins.
Security plugins will act as your site's bouncer, fighting off brute force and spam attacks as well as being your inside agent, working to gather intelligence on who's targeting your site.
This comprehensive list includes plugins to fight hackers, kill spam, protect logins, as well as saving backups. All of these plugins are highly rated and regularly updated, and best of all, they're free.
Some, though, offer premium versions to give you yet more protection for your site.
Check out our Updated list of 27 Best WordPress Security Plugins!
Secure your website with the most comprehensive WordPress security plugin. Firewall, malware scan, blocking, live traffic, login security & more.
Five Stars of 3,263 reviews
1+ Million Active Installs
Take the guesswork out of WordPress security. iThemes Security offers 30+ ways to lock down WordPress in an easy-to-use WordPress security plugin.
4.5 rating based on 3,841 ratings
900,000+ Active Installs
The Sucuri WordPress Security plugin is a toolset for security integrity monitoring, malware detection, audit logging and security hardening.
By Sucuri, Inc
4.5 rating based on 297 ratings
400,000+ Active Installs
The Most Comprehensive and Highest-Rated Security System for WordPress (formerly the WordPress Simple Firewall).
5.0 rating based on 761 ratings
80,000+ Active Installs
Provides antivirus scanner, malware removal, two-layer firewall, adware, spyware and SPAM Links Detection, updater, brute force bot attack prevention, anti-spam protection, vulnerabilities detection, blacklist monitoring, and IP Lockouts.
4.5 rating based on 12 ratings
Last Updated: 8 mins ago
2,000+ Active Installations
Spam protection, anti-spam, all-in-one, premium plug-in. No comments spam & users spam, no contact form & WooCommerce spam. Forget spam.
5.0 rating based on 1,993 ratings
70,000+ Active Installs
This plugin provides various two-factor authentication methods as an additional layer of security for wordpress login. We Support Phone Call, SMS, Email Verification, QR Code, Push, Soft Token, Google Authenticator, Authy, Security Questions(KBA), Woocommerce front-end login, Shortcodes for custom login pages.
4.5 rating based on 87 ratings
Active installs: 6,000+
Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers. GDPR compliant.
5.0 rating based on 24 ratings
80,000+ Active Installations
Backups and Restoration
If you know of any WordPress security plugins that deserve to be on this list, please leave the information in comments below.
I’m always on the lookout for a better plugin!
Subscribe to Blogsite Studio and get my new ebook!
Secure Your WordPress Website: How to Protect Yourself from Hackers, Spammers, Scrappers, and Imbeciles
A field guide to stopping evildoers from breaking into your website, stealing data, and injecting malware.
Plus, what to do after a hack!