A short overview of 5 WordPress Security plugins
This is my take on the following plugins.
Features that stand out:
- Mentions it is good practice to backup: .htaccess file, database and wp-config.php files before activating security features. Easy to backup and restore these files.
- Easy to disable security features, all firewall rules and turn on debug to check for issues that might show up on the site.
- Easy to Export and Import plugin security settings.
Dashboard that shows Security Strength Meter, Security Points Breakdown, Critical Feature Status, Last 5 logins, Logged in Users, Locked IP Addresses, Maintenance Mode Status and more.
Settings that helps with backups and export/import.
Database Security (Change DB Prefix and do a DB backup)
SPAM Prevention (Comment Spam, Monitoring, BuddyPress)
Scanner (File Change Detection and Malware Scan)
Maintenance (Visitor Lockout)
Checking with P3 (performance Plugin Profiler and old plugin used to test the load speed of various plugins) the All in One WP Security & Firewall uses 0.0219 seconds to load.
Adjustments I made to the various settings in All in One WP Security & Firewall plugin:
User Login: Enable Login Lockdown Feature.
User Registration: Enable manual approval of new registrations.
Firewall: Enable Basic Firewall Protection.
SPAM Prevention: (Enable) Block Spambots From Posting Comments.
Or just go to WP Security -> Dashboard and turn of the various Critical Feature Status options.
Dashboard: Review, Generate API Key, Dashboard, Firewall and Settings.
Firewall Settings: One needs an API key to use it.
Last Logins: All Users, Admins, Logged-in Users, Failed logins, Blocked Users.
- General: API key is needed, Data Storage, Log Exporter, Reverse Proxy, IP Address Discoverer, Timezone, Import & Export Settings, Reset Security Logs, Hardening and Settings.
- Scanner: Scheduled Tasks, Integrity Diff Utility, Integrity, Ignore files and folders during scans,
- Post-Hack. Update Secret Keys, Reset User Password, Reset Installed Plugins, Available plugin and theme updates.
- Alerts: Recipient, Trusted IP Addresses, Subject, Per Hour, Password Guessing Brute Force Attacks, Security Alerts, Post-Type Alerts.
- API Service Communication: Via Proxy, Malware Scan Target, WordPress Checksums API,
- Website Info: Environment Variables, Access File Integrity.
Checking with P3 (performance Plugin Profiler) with Sucuri Security – Auditing, Malware Scanner and Hardening uses 0.0314 seconds to load.
On activation shows a notification in the top with a Getting Started Guide.
Dashboard: Overview, Activity, Recently locked out IP addresses.
Activity: A drop down where one can select what kind of event and/or search for IP or username.
Main Settings: Limit Login attempts, Proactive security rules (also displays a 404 page), Custom login page, Citadel mode, Activity, Preferences.
Access Lists: White IP Access List, Black IP Access List.
Checking with P3 (performance Plugin Profiler) with Cerber Security & Antispam uses 0.0587 seconds to load.
After activating it shows two news notifications in the top of the admin.
Mentioning the security dashboard got a new look and take your site to the next level by activating iThemes Brute Force Network Protection.
Settings: On initial visit there is a Security Check feature that will install certain modules. Clicking Secure Site then will likely tweak various files to secure them. Either clicking Secure Site or excited out of it will show the modules one can turn on and off.
File Change Detection
Local Brute Force Protection
Network Brute Force Protection
Strong Password Enforcement
Malware Scan Scheduling
Settings Import and Export
User Security Check
Checking with P3 (performance Plugin Profiler) the ithemes Security uses 0.0396 seconds to load with all the modules off.
By turning on: 404 Detection, Banned Users, Local Brute Force Protection the load time became 0.0441 seconds.
On activation activates a “Start Tour” guide to show features and one can also insert ones e-mail to get alerts and news.
Dashboard: Optimize Firewall. Shows a green dot and the word enabled for various features that are activated. Also shows premium sections one has to purchase. Threat Defense Feed, Firewall Summary, Total Attacks Blocked, Top IPs Blocked, Login Attempts.
Scan: Scan, Scheduling and Options.
Tools: Password Audit, Whois Lookup, Cellphone Sign-in and Diagnostics
Options: License, Get Premium and a long list of options.
Upgrade to Premium.
Checking with P3 (performance Plugin Profiler) with WordFence Security uses 0.3394 seconds to load.
Bottom line is:
iThemes Security and WordFence feels heavier then the three other plugins.
Just try the plugins and see what you think.
I will test out All in One WP Security & Firewall with a few sites because I feel that they will help me backup the files that need to be backed up before adding the security code into the same files. I can also disable the plugin and import the backed up files if I need to. They also have a lot of good settings that I will try out.