Last week I wrote a short post on the top 5 plugins every Divi site should use, but it was more from a style and marketing perspective. Therefore, today we’ll look at some of the top rated security plugins available for WordPress in general. In this day and age, security is an incredibly high aspect of web development that needs to be taken seriously. Therefore, whilst these plugins are certainly not the only ones out there, they are ones that either myself, developers I know and trust, or clients I have worked with have used or recommend.

All In One WP Security

We’ll start things off with a personal favourite of mine; All In One WP Security. With over 400,000 active installs, it is an incredibly popular plugin, and for good reason! From the dashboard in the WordPress admin section you are able to see a very handy visual rating for the level of security active on your site, so it gives you a great starting place.

On top of that, the sheer amount of settings and security options available is amazing. From securing the login panel with a lockdown feature, to moving it to an entirely new URL, you can really and truly protect the admin panel. And as if that wasn’t enough, there is protection settings for DDoS attacks and a really good firewall!

However, make sure you pay attention to the “difficulty levels” given for each setting. If you are still new to how WordPress and servers work, stick to the basic and mid-level settings, or get someone who knows what they are doing to tackle the advanced level settings! Otherwise, you may end up locking yourself out of your own site!


Next we’ll move on to quite possibly the most popular WordPress security available. WordFence has over 1 million active installs, which is almost crazy! Its also one that I have known a lot of clients to use. With similar features to All In One WP Security, including a really strong firewall and login security systems, it can really protect your site!

Its also great for people who are concerned with user experience and user journey, thanks to its built in monitoring system. From seeing traffic from both robots and humans, as well as what 404 pages are being landed upon. Even better, it can track all DNS records so you can keep track of any unauthorised DNS changes!

The only thing to be wary of it that I have seen of issues with Google’s Fetch and Render that are caused by WordFence blocking some of its files. Whilst this is a good thing from a security perspective, you can’t really afford to allow access to these files in robots.txt, so Google will always get a partial rendering of your website. This may not seem like an issue, but it could (potentially) hamper your site’s performance.

iThemes Security

Now, this next one is not one that I have used myself, but it has been recommended to me by a number of developers that I trust. And it seems the WordPress community would agree as iThemes Security has over 800,000 installs. I should mention, however, that I have always been told that its only worth it if you go for the PRO version, which obviously costs money. Therefore, it may not be the best one to choose if you are just starting a new personal site. If you are running a business, however, and are using WordPress as a CMS rather than a blogging platform, it is definitely worth it!

One of the best aspects is the two-step authentication, which is something many sites are using these days. Why? Because the security benefit it provides is absolutely amazing! iThemes Security also monitors your site’s file system for any unauthorised changes and modifications, and the backup system means you are able to restore your site whenever you need to!

Sucuri Security

The last one we are going to look at today is another one that was recommended to me by a developer I trust. Called Sucuri Security, it isn’t anywhere near as popular as WordFence or iThemes Security, but its one that the developers at my agency all love! The security auditing allows you to see what security holes exist in your WordPress installation. Remote malware scanning and the security blacklist monitoring can add a great amount of reassurance for any webmaster.

In fact, the blacklist system incorpates security engines such as AVG and Norton, so it is very robust and a great way to increase the overall security of your WordPress site. And of course, there’s an added benefit if you are willing to pay for the “pro” version; CloudProxy Firewall. This little add-on helps to protect against from DDoS attacks and brute force strikes against your site!

That’s Not All Folks!

Of course, these are just four of the WordPress security systems available from the community of amazing developers out there. You’ll be able to find a huge amount of them by looking around. This list, as I mentioned before, is formed by my own opinions, recommendations for developers I trust and ones that clients have used in the past.

If you have any others that you would recommend, feel free to let me know in the comments!

Liked this post? Want your say on what games I review or feature? Take control of the future of 16-Bit Dad by supporting on Patreon!