5 best security plugins 2020

The Five Best Security Plugins for 2020

Nate the web design noob is back.woocommerce vs shopify

He is thinking about building his website using WordPress, but someone has told him WordPress sites are a prime target for hackers.

He wants to learn more about security for his site and how he can keep it safe.


Why is security important?

Nate is right to be worried about security.

WordPress is currently powering about 455 million websites around the world. But around 100,000 cyber-attacks are happening every minute on WordPress sites.

As an open source platform, it is easy for someone to inject some malicious code inside a site’s WordPress files. Or into any of the themes and plugins that are developed by third-party designers.

And if the owner is someone like Nate, they may never even know it is there.

So, without knowing it, Nate’s website could become an open door to identity theft, credit card fraud and the distribution of malware and viruses.

All these things can not only damage his reputation and credibility but potentially expose him to expensive claims for compensation

If Nate is using a shared hosting provider, malware can infect every site on that server and even cause the server to crash.

To stop this nightmare from happening, putting in place a good security system for Nate’s website – and for yours – is essential.

This will not only protect you against attacks, but a good security plugin installed on your WordPress website will improve your site speed, ranking, and conversion rate.


How can you make your site secure?

To install the security you need, your first step is to choose a secure web hosting company. The good ones will build a lot of security features into your hosting plan.

WordPress has some built-in security features, so you will also need to make sure these are turned on in your admin page.

But if you want to really beef up your protections you should think about adding a WordPress security plugin.


Choosing a security plugin

OK, so you have decided to take the responsible route and install an additional security plugin on your website.

But you quickly hit another brick wall when you realise there are around 1,000 different security plugins available. How can you possibly work out which is best for you?

Well, we are here to make it as easy as possible by guiding you through the process and our recommendations.

To get things started, you need to decide what sort of additional security features you need. And these features will be different depending on the type of site you are running.

For example, an eCommerce site that receives personal information about clients like their address and credit card details will need a different range of features to a blog or simple information sharing site.

As a minimum, a good security plugin should offer you scanning, cleaning, and protection services.

  • Scanning involves checking your website for malware.
  • If the scanner finds malware present on your website, the cleaner will help remove any malicious codes found.
  • And protection involves taking measures that will prevent hacks.

The types of additional features you can get in a security plugin include:

  • Ongoing site monitoring, including regular file and malware scanning
  • Firewall protection
  • Protection against dangerous sites through blacklist monitoring
  • Authentication protocols for users in different roles
  • Password protocols that reject weak passwords
  • Immediate email notifications of suspicious activity
  • Site and file backups for protection against attacks, outages, and other events.


What are the best security plugins for 2020?

Once you have decided which features you need, you are still stuck with the question of which plugin is best for you.

Well, we hope to make this decision a little easier by listing our pick of the top x security plugins for 2020.

Unfortunately, we don’t have room to go into detail about how to install and operate each of the plugins.

But once you have decided on the right plugin for you, there is plenty of information freely available on the Internet to help you with the installation process. And all these plugins offer customer support to help walk you through the process.

So, here is our summary of the top five security plugins for 2020 (in no particular order).

iThemesSecures your site so that hackers can’t study your architecture and apply the right techniques to hack it. Provides great all-round protection and over 30 different security measures.


Key offeringsHighlights
Website malware scanner and scan scheduling

Website security report & dashboard

WordPress login protection

Central dashboard for multiple sites

WordPress version management facilities

iThemes and WordPress security dashboard

Users security check

Brute force attack protection

Scheduled database backup

Custom login URL

WordPress file change detection and alerting

Import and export security settings

Strong password enforcement



·         Easy setup

·         Two Factor Authentication

·         Away mode, so no one can access the site admin area during set times

·         You can ban users, hosts, countries, and IP addresses

·         Backup Buddy



·         Using iThemes advanced features can break your site if you don’t know what you are doing and can be a drain on your site resources, causing it to run slow.
Doesn’t come with a built in malware cleaner so this will need to be sourced, and paid for, separately
Comes in four versions:

·         The Plugin Suite – $249 per year

·         iThemes Security Pro Gold – $199 per year for unlimited sites

·         iThemes Security Pro Small Business – $129 per year for up to 10 sites

·         iThemes Security Pro Blogger – $80 per year for one site



MalCareProvides a real time WordPress security scan and an instant malware removal tool.
Key offeringsHighlights
·         Alerts you if there is a threat or malware

·         Online WordPress vulnerability scanner and offsite scanner tool

·         Smart captcha protection for login page

·         WordPress core update from one dashboard

·         One-click malware clean

·         WordPress file changes tracking, so, you know who added something like code or text and when

·         Tool for real time IP and geo-blocking

·         Brute force attack prevention with smart recognition


·         Easy setup – Automatic installation under one minute

·         A smart firewall that detects malware in real-time

·         The plugin then carefully removes the malware code, not entire files



·         Doesn’t offer Two Factor Authentication (yet).

·         Can’t scan, clean, and protect websites built on your computer.

Comes in three versions:

·         Personal – $99 per year for one site

·         Small business – $259 per year – up to 5 sites

·         Developers – $599 per year – up to 20 sites


SucuriGreat all in one security platform. The pro version is well worth the additional investment.


Key offeringsHighlights
Website malware scanner and malicious script removal

Brute force attack protection

WordPress site changes tracking, including file changes, last logins, and failed login attempts

Firewall security to block malicious traffic

DNS monitoring

SSL certificate detection

Security dashboard inside the WordPress admin dashboard

Automatic cloud-based backups


·         Will clean up your WordPress site at no additional cost if you get malware

·         Google blacklist removal request

·         Fast customer assistance

·         Supports all kinds of Content Management Systems (not just WordPress)



·         Can’t detect hidden malware – only malware that the browser can see

·         Lacks agile response to issues

·         Basic plan doesn’t support SSL

Comes in three versions:

·         Basic – $199.99 per year (per site)

·         Pro – $299.99 per year (per site)

·         Business – $499.99 per year (per site)


Astra WordPress Security Suite·         Easy to install and use plugin with rock-solid firewall, instant malware removal and harnesses the power of a community of trusted hackers.
Key offeringsHighlights
Website malware scanner

Website security report

WordPress login protection & notifications

Daily website monitoring & scanning to check for blacklisting and issues

Instant file upload protection against malware code

Brute force attack protection

Trust seal for your site

Logs all attacks

Online dashboard to monitor your site health including what’s going on in terms of threats and malware removal


·         WordPress firewall and malware protection that scans plugins for bad code

·         Immediate malware removal

·         Has a high level of protection for WordPress core, and applies patches automatically in the case of malware or viruses being found on the site.

·         A community of trusted hackers employed to test and recommend improvements to secure your site.

·         Fast customer assistance

·         Supports all kinds of Content Management Systems (not just WordPress)

·         Has a public forum that hackers can use to find and target security holes. The community does resolve each issue identified but there are still windows of riskComes in three plans:

·         Pro – $19/month / $228 billed annually

·         Advanced – $39/month / $468 billed annually

·         Business – $119/month or $1428 billed annually



WordfenceGood for sites run on VPS and dedicated servers.


Key offeringsHighlights
Website malware scanner

Website security audit & Wordfence dashboard

Hacked file removal

WordPress login protection

Live traffic views

Dedicated intelligent firewall

Brute force attack protection

Option to block users by IP, countries, or IP ranges

Login page protection

Hacked file removal

Strong password enforcement


·         Monitors visits and hack attempts in real time

·         Who Is look up for suspicious looking visitors



·         Runs on your own server rather than cloud based.

·         This could slow down your site. Not good for sites run on shared hosting

·         Confusing dashboard design

·         No set turnaround time for cleaning up sites that have been hacked

·         Licenses are purchased annually starting at $99 for 1 licence. This drops to $74.25 per licence when more than 15 licenses are purchased.

·         WordPress cleaning service costs an additional $214.80

·         WordPress security audit costs an additional $214.80



No matter how good a security plugin is, it is important to choose one that provides quick and responsive customer support. If you have a major security issue, you don’t want to wait for days to hear back from the support team.

A security plugin that also offers a free cleaning service as part of your package is also a great way of managing your costs.

With each security plugin that we’ve listed, their basic versions will offer you scanning and some limited hack-prevention measures. But to really implement effective security measures for your site, you will probably need to purchase one of their more premium packages.

Of all the plugins we assessed, the two that we think offer the best mix of features, price and support are MalCare and Astra WordPress Security Suite.

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email