OK, here I will share what I think is the best security plugin every is. The answer….none of them. OK, I know this will shock some people, and even make some upset. I totally understand. I used to be a huge supporter of security plugins. Then I noticed something really surprising. They didn’t really do anything to prevent WP hacks.
I host thousands of WP sites for my clients, and numerous for myself for many different projects. I have seen and dealt with a lot of hacked WP accounts. Very few I could not fix. But something I noticed happening. All the website I fixed from hacks all had one thing in common. They all had outdated software. Be it, WordPress, plugins, or themes. A lot of these sites that were getting hacked at the popular security plugins installed like Wordfence, iThemes Security. What I did notice none of my sites were ever getting hacked, and some clients sites I worked on for other issues/reasons that were not getting hacked also had something in common. They all were constantly updated.
At this point, I was using security plugins. Primarily, I was using iThemes. I was never a fan of Wordfence. I found it to be a resource hog. I had heard some hosts complain to me about it. Now at times, I and some clients had a few issues with security plugins affecting WP sites from working. As the issue started to grow, I started to wonder if I really need to use a security plugin. Also what I noticed, as long as you did not use the default password admin/pass, or something just as easy, the only way WP sites were getting hacked was through exploits in the software (wp core file, themes, plugins). So I decided to stop using security plugins and looking for a good plugin that will auto-update WP, themes, and plugins for me. After testing a few of them, I found one that just worked constantly (Yes a few just did not work very well). I found Companion Auto Update https://wordpress.org/plugins/companion-auto-update/ to work the best. So I started to test this on a few sites and also removing the security plugin. After a while, I noticed my sites were not getting hacked at all. I now do not have any issues with security plugins. I started to have my clients add this plugin to their sites as well.
So to summarize…
No, I do not use or suggest security plugins. Now if you are a strong believer in security plugins, I would not argue against you. I would say to each their own. I just would suggest not to use wordfence as it can be a resource hog. (My opinion).
For a list of all plugins I use and suggest to use, go here. Remember this is just my opinion. You can ask 10 people and you will get 10 different answers.