The 27 Best WordPress Security Plugins to Prevent Hacking in 2018

UPDATE: May 2, 2018

I don't normally update and re-launch my posts, but in the case of the 27 Best WordPress Security Plugins, I realized it's worth doing. 

This is one of my most popular posts, which tells me people can not read enough about security – and for good reason. Keeping your site secure is second only to posting great content.

Not only is this page's layout better optimized, the content is completely updated. A few have increased installations and a couple have lower rankings.

Four of the 27 have been removed or flagged in the WordPress repository for various reasons. 

Enjoy the new list!

When it comes to protecting your site from evil doers, start by installing some powerful WordPress security plugins.

Security plugins will act as your site's bouncer, fighting off brute force and spam attacks as well as being your inside agent, working to gather intelligence on who's targeting your site.

This comprehensive list includes plugins to fight hackers, kill spam, protect logins, as well as saving backups. All of these plugins are highly rated and regularly updated, and best of all, they're free.

Some, though, offer premium versions to give you yet more protection for your site.

Check out our Updated list of 27 Best WordPress Security Plugins!

Hacker Protection


Wordfence Security

Secure your website with the most comprehensive WordPress security plugin. Firewall, malware scan, blocking, live traffic, login security & more.

By Wordfence

Five Stars of 3,263 reviews
1+ Million Active Installs

BulletProof Security

Secure WordPress Website Security Protection: Firewall Security, Login Security, Database Security & Backup...

By AITpro | Edward Alexander

4.5 rating based on 298 ratings
100,000+ Active Installs


Anti-Malware Security and Brute-Force Firewall

This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.

By Eli Scheetz

5.0 rating based on 510 ratings
200,000+ Active Installs

I themes 400x400

iThemes Security (formerly Better WP Security)

Take the guesswork out of WordPress security. iThemes Security offers 30+ ways to lock down WordPress in an easy-to-use WordPress security plugin.

By iThemes

4.5 rating based on 3,841 ratings
900,000+ Active Installs


Sucuri Security - Auditing, Malware Scanner and Security Hardening

The Sucuri WordPress Security plugin is a toolset for security integrity monitoring, malware detection, audit logging and security hardening.

By Sucuri, Inc

4.5 rating based on 297 ratings
400,000+ Active Installs


All In One WP Security & Firewall

A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.

By Tips and Tricks HQ, Peter, Ruhul, Ivy

5.0 rating based on 767 ratings

600,000+ Active Installs


Shield WordPress Security

The Most Comprehensive and Highest-Rated Security System for WordPress (formerly the WordPress Simple Firewall).

By iControlWP

5.0 rating based on 761 ratings
80,000+ Active Installs

WebDefender  (formerly CWIS Antivirus)

Provides antivirus scanner, malware removal, two-layer firewall, adware, spyware and SPAM Links Detection, updater, brute force bot attack prevention, anti-spam protection, vulnerabilities detection, blacklist monitoring, and IP Lockouts.

By CobWeb Security Ltd.

4.5 rating based on 12 ratings
Last Updated: 8 mins ago

2,000+ Active Installations



Akismet checks your comments against the Akismet Web service to see if they look like spam or not.

By Automattic

5.0 rating based on 884 ratings
1+ Million Active Installs

anti spam bee

Antispam Bee

Easy and extremely productive spam-fighting plugin with many sophisticated solutions. Includes protection against trackback spam…

By pluginkollektiv

5.0 rating based on 139 ratings
300,000+ Active Installations

Spam Protection by CleanTalk

Spam protection, anti-spam, all-in-one, premium plug-in. No comments spam & users spam, no contact form & WooCommerce spam. Forget spam.

By СleanTalk

5.0 rating based on 1,993 ratings
70,000+ Active Installs



No spam in comments. No captcha.

By webvitaly

5.0 rating based on 142 ratings
200,000+ Active Installs

Login Protection


MiniOrange 2 Factor Authentication

This plugin provides various two-factor authentication methods as an additional layer of security for wordpress login. We Support Phone Call, SMS, Email Verification, QR Code, Push, Soft Token, Google Authenticator, Authy, Security Questions(KBA), Woocommerce front-end login, Shortcodes for custom login pages.

By miniOrange

4.5 rating based on 87 ratings
Active installs: 6,000+


Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.

By Raj Kothari

5.0 rating based on 130 ratings
400,000+ Active Installs


Limit Login Attempts Reloaded

Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers. GDPR compliant.

By wpchefgadget

5.0 rating based on 24 ratings
80,000+ Active Installations

UpdraftPlus WordPress Backup Plugin

Backup and restoration made easy. Complete backups; manual or scheduled (backup to S3, Dropbox, Google Drive, Rackspace, FTP, SFTP, email + others).

By UpdraftPlus.Com, DavidAnderson

5.0 rating based on 2,803 ratings
1+ Million Active Installs


WP Database Backup

Create & Restore Database Backup easily on single click. Manual or automated backups (backup to Dropbox,Google drive,Amazon s3,FTP,Email).

By Prashant Walke

4.5 rating based on 51 ratings
60,000+ Active Installs

wp database


Schedule complete automatic backups of your WordPress installation. Decide which content will be stored (Dropbox, S3…).

By Inpsyde GmbH

4.5 rating based on 726 ratings
600,000+ Active Installs

backup guard

Backup Guard

Backup Guard is the best backup choice for WordPress. Backup, restore, clone, duplicate or migrate your website with few clicks.

By BackupGuard

4.5 rating based on 360 ratings
80,000+ Active Installs

wp backitup


Backup, restore, clone, duplicate or migrate your site effortlessly with WPBackItUp.

By WPBackItUp

4.5 rating based on 216 ratings
20,000+ Active Installs


blogVault Real-time Backup

Backup by blogVault is the most reliable way to perform WordPress backup for your site. It is the easiest way to backup, restore or migrate your sites

By Backup by blogVault

4.0 rating based on 71 ratings
20,000+ Active Installs


Duplicator – WordPress Migration Plugin

WordPress migration and backups are much easier with Duplicator! Clone, backup, move and transfer an entire site from one location to another.

By Snap Creek

5.0 rating based on 1,682 ratings
1+ Million Active Installations


Manages your WordPress database.

By Lester 'GaMerZ' Chan

4.5 rating based on 63 ratings
300,000+ Active Installs

All-in-One WP Migration

All-in-One WP Migration

Move, transfer, copy, migrate, and backup a site with 1-click. Quick, easy, and reliable.

By ServMask

5.0 rating based on 4,300 ratings
1+ Million Active Installations

obfuscate email

Obfuscate Email

Obfuscate email addresses to deter email harvesting spammers, while retaining the appearance and functionality of hyperlinks.

By Scott Reilly

3.5 rating based on 10 ratings
10,000+ Active Installs

email address encoder

Email Address Encoder

A lightweight plugin to protect email addresses from email-harvesting robots by encoding them into decimal and hexadecimal entities.

By Till Krüss

4.5 rating based on 97 ratings
100,000+ Active Installs

Start Your Free Trial Today!

really simple ssl

Really Simple SSL

No setup required! You only need an SSL certificate, and this plugin will do the rest.

By Rogier Lankhorst

5.0 rating based on 363 ratings
900,000+ Active Installs

ssl insecure content fixer

SSL Insecure Content Fixer

Clean up WordPress website HTTPS insecure content

By WebAware

5.0 rating based on 161 ratings
100,000+ Active Installs

Stay secure!

If you know of any WordPress security plugins that deserve to be on this list, please leave the information in comments below.

I’m always on the lookout for a better plugin!


secure_wordpress up 400

Subscribe to Blogsite Studio and get my new ebook!

Secure Your WordPress Website: How to Protect Yourself from Hackers, Spammers, Scrappers, and Imbeciles

A field guide to stopping evildoers from breaking into your website, stealing data, and injecting malware.

Plus, what to do after a hack!


Related Post