Best WordPress Security Plugins in 2018

In this article, we will explore the best WordPress security plugins available right now.

WordPress by itself already has its own set of security features built-in to their platform. Whenever a vulnerability is discovered, WordPress has its own team of experts that work on the security patch and roll it out as soon as possible.

Photo by Sarah Pflug from Burst

The problem there is, while the WordPress team is still working on the patch for the said vulnerability. Your WordPress website is 100% free for hackers to prey upon.

This is where the best WordPress security plugins will come in handy as they would add an extra layer of protection from the hackers.

Here are the best WordPress security plugins in 2018.

1. Wordfence

Wordfence is undoubtedly the most popular WordPress security plugin in this list with over 1 million downloads and installations.

Their security incorporates endpoint firewall and malware scanner that they custom built especially for WordPress.

They also has Threat Defense Feed which updates Wordfence with the newest firewall rules, malware signatures and malicious IP addresses. This means that you can rest assure that your system will always be up to date with the latest security threats and block them immediately.

Some of the top features of Wordfence are:

  1. WordPress Firewall
  2. WordPress Security Scanner
  3. Live Traffic Monitoring
  4. Bruteforce Protection
  5. IP Blocking

2. iThemes Security

iThemes Security, formerly known as Better WP Security, is a top tier WordPress security plugin that lets you protect your WordPress website in over 30+ ways.

This plugin helps you lock down your WordPress website, fix common backdoor holes, stop automated bot attacks and also strengthen your credentials.

The team behind iThemes Security has been creating WordPress themes and plugins since 2008 and has a really outstanding track record behind them.

Some of the best features of iThemes Security are:

  1. Two-Factor Authentication
  2. WordPress Salts & Security Keys
  3. Malware Scan Scheduling
  4. Google reCAPTCHA
  5. User Action Logging
  6. Online File Comparison
  7. Temporary Privilege Escalation
  8. Obscure Dashboard Area
  9. Obscure Login Area

3. Sucuri Security

Sucuri Inc. is a well regarded company that specializes in website security. I have worked with their security tools before and found them really useful.

It does not come as a surprise when they finally created a dedicated WordPress security plugin.

Despite being a high profile figure in website security, their WordPress plugin remains free for all users to download.

Some of the best features of Sucuri Security are:

  1. Security Activity Auditing
  2. File Integrity Monitoring
  3. Remote Malware Scanning
  4. Blacklist Monitoring
  5. Effective Security Hardening
  6. Post-Hack Security Actions
  7. Security Notifications
  8. Website Firewall (premium)

4. All in One WP Security & Firewall

Installing All in One WP Security & Firewall plugin will upgrade your WordPress security to a whole new level.

This plugin enforces the latest recommended WordPress security practices and techniques thus reducing security risk.

The All in One WP Security also has a security points grading system which shows you how well protected your website currently is.

Some of the best features of All In One Security are:

  1. User Accounts Security
  2. Brute Force Protection
  3. User Registration Security
  4. Database Security
  5. File System Security
  6. File Backup and Restore
  7. Blacklist Functionality
  8. Firewall Functionality
  9. Security Scanner

5. Shield Security

Shield Security boasts that they are the easiest security plugin to setup by simply activating it.

The way they do it is after activating, you will be presented by a step by step guide that will walk you through the basic configurations of their plugin.

The other attention catching feature of Shield Security is that it doesn’t constantly send you useless notifications. Unlike its competitions.

It will only send you one if it is of an absolute importance.

Some of the top features of Shield Security are:

  1. Easy-To-Use Guided Wizards
  2. Limit Login Attempts
  3. Block Automatic Brute-Force Bots
  4. Powerful Core File Scanners
  5. Automatic IP Black List
  6. 2-Factor Authentication
  7. Audit Trail & User Activity Logging
  8. User Activity Logging
  9. Firewall

6. SecuPress Free

SecuPress is a WordPress security plugin that protects your website from malware, block bots and blocks suspicious IPs.

They have a dedicated security scanner that will give you a clear security grade and report for your WordPress website.

Currently, SecuPress is the only security plugin with a full scanner able to fix the issues for its users. It only requires a consent from the user to roll out the fix by itself.

In addition to this, once it is finished fixing the security issues it will give a grade for your current security level.

Some of the best features of SecuPress are:

  1. Security Audit
  2. Two Factor Authentication
  3. XML-RPC Blocking
  4. REST API Blocking
  5. Firewall
  6. Malware Scan
  7. DB and File Backups
  8. Anti Spam
  9. Alerts

7. BulletProof Security

BulletProof Security is another complete package WordPress security protection plugin which many advanced users love to use.

What makes BulletProof Security standout from the rest of the WordPress security plugins in this list is that they allow you to custom code a security feature for your website.

Though their dashboard is pretty advanced, there is no need to shy away from them as they provide tons of written guides, video guides and also has public forums where you can join in.

Some of the best features of BulletProof Security are:

  1. One-Click Setup Wizard
  2. Malware Scanner
  3. Firewalls
  4. .htaccess Website Security Protection
  5. Hidden Plugin Folders
  6. Login Security & Monitoring
  7. DB Backup
  8. Security Logging
  9. Extensive System Info

8. Cerber Security

Cerber Security is a WordPress security plugin that defends your website from trojans, viruses, hacker attacks, malwares and spam.

It can also mitigate brute force attacks by limiting the number of login attempts to discourage the attacker.

Cerber Security also provides you with a black access list and white access list. The latter will help you to not get accidentally locked out of your website.

The Cerber Security also has its own anti-spam engine which does not require reCaptcha and it is compatible with the popular form plugins.

Some of the best features Cerber Security has are:

  1. Limit Login Attempts
  2. Permit or Restrict Access
  3. Cerber Anti-Spam Engine
  4. File Integrity Checker
  5. Disable WP REST API
  6. Disable XML-RPC
  7. Stop User Enumeration
  8. Malware Scanner

9. Jetpack

Jetpack is an all rounder WordPress plugin which has services for design, marketing and security.

If we focus on the security features,  they provide automatic defense against hacking, malware, spam, data loss and downtime.

Jetpack also offers a notification in case your website went down by receiving an email or a push notification on your mobile app.

Some of the best features of Jetpack are:

  1. Brute Force Attack Protection
  2. Spam Filtering
  3. Downtime Monitoring
  4. Daily or Real-Time Backups
  5. Two-Factor Authentication
  6. Malware Scanning
  7. Fast & Reliable Support

10. Anti-Malware Security

Anti-Malware Security is a WordPress security plugin created for the sole purpose of helping admins clean infection off their websites.

The creator of this plugin was inspired to create a WordPress security plugin after his WordPress website was hacked.

The Anti-Malware scanner searches for viruses, malware, trojan back doors and other security threats or vulnerabilities on your server.

If vulnerabilities or security threats where found, the plugin will help and give suggestions on how to fix them.

Some of the main features of Anti-Malware Security are:

  1. Website Firewall
  2. Malware Scanner
  3. File Integrity Checker
  4. Brute Force Protection
  5. DDoS Protection
  6. Malware & Virus Removal


All of the WordPress security plugins mentioned above are complete package plugins which mostly include protection from viruses, malwares, trojans, spams and bruteforce attacks.

I highly recommend the top 4 in this list but you are still open to try the ones below them.

Just remember to keep your security plugin up to date at all times. If they provide an auto update feature then I highly recommend to keep it enabled.


Best CDN Service Providers in 2018

During the last two weeks, I have been busy trying to find the best CDN service provider I can use for this site.

I am happy to say that I am finally able to choose one that I like the best.

In this article I will also tell you about the other CDN service providers that can stand toe to toe with my choice.

But first let’s have a quick look at what a CDN is and how it helps your website.

What exactly is a CDN?

CDN is a short term for Content Delivery Network, what it basically does is allow you to host your static images, CSS and JS files in several servers around the world.

Now, when a visitor visits your website it will serve those static images, CSS and JS files from the server which is closest to them thus making your website load faster.

Image by geralt from Pixabay

The main benefits of CDN are:

  1. Faster loading for visitor.
  2. Removes a good amount of burden from your host.
  3. Built in redundancy in case one of the servers fail the traffic will be automatically re-routed to the closest server.

Also do not be afraid as most of them are really easy to setup.

Now let’s go to the list of the best CDN service providers in 2018.

1. MaxCDN

MaxCDN is a highly regarded CDN service provider founded in 2009. They have been acquired by StackPath awhile back which then integrated a lot of security features to MaxCDN.

MaxCDN is known for their absolute speed. This is because they are only using SSDs in their servers.

They have data centers all over the world including North America, South America, Europe, Middle East and Asia Pacific.

Another best thing about MaxCDN is if you have a WordPress website, it can easily be integrated in popular performance plugins like W3 Total Cache, Autoptimize and WP Super Cache.

Pricing Starts: $9/Month.

2. CloudFlare

CloudFlare has 152 data centers spread out across the globe. This means they only need fewer hops and has lower latency thus resulting to incredible load speed.

A recent sentiment survey also favors CloudFlare CDN by 6% more than it’s competitors.

One more thing that you should know about CDN service providers is that some of them charge by bandwidth used. If you exceeded the specified limit then you would be charge based on the additional bandwidth you used.

This is not the case in CloudFlare, they charge a flat rate for their services so you should not need to worry about a bill shock if a bandwidth spike ever happens on your site.

The best thing about CloudFlare, which I think is the real reason why they are being favored right now, is that they offer a Free plan. If you are on a tight budget then this is the best fit for you.

CloudFlare can also be integrated easily in a WordPress website using W3 Total Cache and WP Super Cache.

Pricing Starts: Free

3. KeyCDN

In my opinion, KeyCDN has the most user friendly website and highly intuitive user dashboard.

All of their guides are very accessible and very easy to follow.

They are also highly recommended right now because of their pricing. If you compare it side by side with the other platforms they will come out as the cheapest.

They currently have 33 data center across the world including Americas, Europe, Asia, Oceania and Africa.

And since they are in a pay-as-you-go payment system, I am happy that they allow disabling the automated charges to your card.

If you have a WordPress website, KeyCDN can be easily integrated with popular caching plugins like W3 Total Cache, Autoptimize and WP Super Cache.

Pricing Starts: $0.04/GB

4. CDN77

CDN77 has 32 strategic data centers spread across North America, Europe, South America and Asia.

One of the first things that you will see in their homepage is a gauge showing their daily traffic peaks. Currently their network capacity can handle up to 7Tbps.

The other thing that caught my eye is their very well presented pricing plans.

CDN77 offer both pay-as-you-go and monthly plan. If you are a starter website and just consumes up to 5TB bandwidth they would offer you a pay-as-you-go plan.

However if you need 5TB and up you can choose whether to go pay-as-you-go or monthly plan.

The one thing that makes CDN77 stand out from the rest in this list is that they offer a 50GB of storage for free. Their competitors either charge extra or doesn’t support this at all.

Pricing Starts: $0.049/GB

5. Sucuri

The free website scanner in Sucuri has served me well in the past. It is a great pleasure for me to know that they now have a CDN service as well.

The Sucuri CDN service is not entirely an independent service. Basically it is a free feature if you subscribe to their Website Application Firewall service also known as WAF.

Sucuri has data centers around the world including North America, Australia, Japan, Singapore, Germany, United Kingdom and South America.

If you think about it, Sucuri is the closest competitor of CloudFlare since they are both experts in security. The only catch is that CloudFlare is mainly focus in preventing the attack.

As soon as the attack became successful, Sucuri is your best bet to clean the mess.

This is why I see a potential for Sucuri to stand toe-to-toe with CloudFlare in the future.

Pricing Starts: $9.99/Month

6. CloudFront

CloudFront is an AWS service which currently has 136 data center locations across the globe and they are planning to expand even more as we speak.

What makes CloudFront one of the best CDN service is the fact that it is a service of AWS. This means that it can be easily integrated with other services of AWS like AWS WAF or AWS Shield Advanced to take advantage of the security features those other services bring.

Similar to other services in AWS. CloudFront also runs through a pay-as-you-go payment system.

If you haven’t used AWS before and want to try out CloudFront then here is the good news.

CloudFront is part of AWS Free Usage Tier. So you can use it freely for 12 months however it has 50GB data transfer limit and 2,000,000 HTTP/HTTPS requests limit.

CloudFront can also be easily integrated to WordPress with popular performance WordPress plugins like W3 Total Cache and WP Super Cache.

Pricing Starts: $0.085/GB

7. RackSpace

RackSpace is a household name when it comes to enterprise level managed cloud computing. It is no surprise that they have extended their reach to a CDN service as well.

I was contemplating whether to add RackSpace here on this list already or for a later article which focus on enterprise level CDN service providers.

The reason I consider RackSpace as purely enterprise level CDN service initially is because they are partner with Akamai.

Akamai is an industry leader when it comes to enterprise level CDN service which comes at a high cost.

But since they also offer a pay-as-you-go payment system and their prices is not far from the others in this list. I have decided to include them here already.

Because of the partnership with Akamai, RackSpace also now has access to 200 data centers around the globe making it the largest in this list.

RackSpace is also well known for great and very accommodating technical support team.

Pricing Starts: $0.0141/GB


All of the CDN service providers I mentioned above have remarkable performance. They just vary in pricing and the way they charge those prices.

If you are on a budget go ahead and try the Free version of CloudFlare.

Before I end this topic, I want to warn you about the pay-as-you-go mode of payment.

If you want to go and use this do not add too much balance on your account. You should also keep an eye on your credit card statements if you use your credit card.

I am warning you about this because of bandwidth spikes.

If ever an attack happens to your website, it would cause bandwidth spikes. Attacks can last for days and if this happens then you might be caught off guard by your huge bill.