A short overview of 5 WordPress Security plugins

This is my take on the following plugins.

All in One WP Security & Firewall

All In One WP Security Firewall: Settings

Features that stand out:

• Mentions it is good practice to backup: .htaccess file, database and wp-config.php files before activating security features. Easy to backup and restore these files.
• Easy to disable security features, all firewall rules and turn on debug to check for issues that might show up on the site.
• Easy to Export and Import plugin security settings.

Sections:
Dashboard that shows Security Strength Meter, Security Points Breakdown, Critical Feature Status, Last 5 logins, Logged in Users, Locked IP Addresses, Maintenance Mode Status and more.

Settings that helps with backups and export/import.
User Accounts
User Login
Manual Approval
Database Security (Change DB Prefix and do a DB backup)
Filesystem Security
WHOIS Lookup
Blacklist Manager
Firewall
Brute Force
SPAM Prevention (Comment Spam, Monitoring, BuddyPress)
Scanner (File Change Detection and Malware Scan)
Maintenance (Visitor Lockout)
Miscellaneous

Checking with P3 (performance Plugin Profiler and old plugin used to test the load speed of various plugins) the All in One WP Security & Firewall uses 0.0219 seconds to load.

Adjustments I made to the various settings in All in One WP Security & Firewall plugin:
User Login: Enable Login Lockdown Feature.
User Registration: Enable manual approval of new registrations.
Firewall: Enable Basic Firewall Protection.
SPAM Prevention: (Enable) Block Spambots From Posting Comments.

Or just go to WP Security -> Dashboard and turn of the various Critical Feature Status options.

Sucuri Security – Auditing, Malware Scanner and Hardening

Sucuri Security WordPress plugin: Dashboard

Dashboard: Review, Generate API Key, Dashboard, Firewall and Settings.
Firewall Settings: One needs an API key to use it.
Last Logins: All Users, Admins, Logged-in Users, Failed logins, Blocked Users.

Settings:

• General: API key is needed, Data Storage, Log Exporter, Reverse Proxy, IP Address Discoverer,  Timezone, Import & Export Settings, Reset Security Logs, Hardening and Settings.
• Scanner: Scheduled Tasks, Integrity Diff Utility, Integrity, Ignore files and folders during scans,
• Hardening.
• Post-Hack. Update Secret Keys, Reset User Password, Reset Installed Plugins, Available plugin and theme updates.
• Alerts: Recipient, Trusted IP Addresses, Subject, Per Hour, Password Guessing Brute Force Attacks, Security Alerts, Post-Type Alerts.
• API Service Communication: Via Proxy, Malware Scan Target, WordPress Checksums API,
• Website Info: Environment Variables, Access File Integrity.

Checking with P3 (performance Plugin Profiler) with Sucuri Security – Auditing, Malware Scanner and Hardening uses 0.0314 seconds to load.

Resources:
hostingpill.com/security/sucuri

Cerber Security & Antispam

On activation shows a notification in the top with a Getting Started Guide.

WP Cerber Security WordPress plugin: Dashboard

Dashboard: Overview, Activity, Recently locked out IP addresses.
Activity: A drop down where one can select what kind of event and/or search for IP or username.
Lockouts.
Main Settings: Limit Login attempts, Proactive security rules (also displays a 404 page),  Custom login page, Citadel mode, Activity, Preferences.
Access Lists: White IP Access List, Black IP Access List.
Hardening.
Users.
Notifications.
Help.

Checking with P3 (performance Plugin Profiler) with Cerber Security & Antispam uses 0.0587 seconds to load.

ithemes Security

iThemes Security plugin – Settings showing some of the modules one can enable.

After activating it shows two news notifications in the top of the admin.

Mentioning the security dashboard got a new look and take your site to the next level by activating iThemes Brute Force Network Protection.

Settings: On initial visit there is a Security Check feature that will install certain modules. Clicking Secure Site then will likely tweak various files to secure them.  Either clicking Secure Site or excited out of it will show the modules one can turn on and off.

Available modules:
Security Check
Global Settings
Notification Center
404 Detection
Away Mode
Banned Users
Database Backups
File Change Detection
File Permissions
Local Brute Force Protection
Network Brute Force Protection
SSL
Strong Password Enforcement
System Tweaks
WordPress Salts
WordPress Tweaks
Pro modules
Magic Links
Malware Scan Scheduling
Password Expiration
Privilege Escalation
ReCAPTCHA
Settings Import and Export
Two-Factor Authentication
User Security Check
User Logging
Version Management

Checking with P3 (performance Plugin Profiler) the ithemes Security uses 0.0396 seconds to load with all the modules off.
By turning on: 404 Detection, Banned Users, Local Brute Force Protection the load time became 0.0441 seconds.

WordFence Security

WordFence Security settings dashboard

On activation activates a “Start Tour” guide to show features and one can also insert ones e-mail to get alerts and news.

Dashboard: Optimize Firewall. Shows a green dot and the word enabled for various features that are activated. Also shows premium sections one has to purchase. Threat Defense Feed, Firewall Summary, Total Attacks Blocked, Top IPs Blocked, Login Attempts.

Scan: Scan, Scheduling and Options.
Firewall
Blocking
Live Traffic
Tools: Password Audit, Whois Lookup, Cellphone Sign-in and Diagnostics
Options: License, Get Premium and a long list of options.
Upgrade to Premium.

Checking with P3 (performance Plugin Profiler) with WordFence Security uses 0.3394 seconds to load.

Bottom line is:
iThemes Security and WordFence feels heavier then the three other plugins.
Just try the plugins and see what you think.

I will test out All in One WP Security & Firewall with a few sites because I feel that they will help me backup the files that need to be backed up before adding the security code into the same files. I can also disable the plugin and import the backed up files if I need to. They also have a lot of good settings that I will try out.