Best security plugin for WordPress

  blog, plugins

OK, here I will share what I think is the best security plugin every is. The answer….none of them.  OK, I know this will shock some people, and even make some upset.  I totally understand. I used to be a huge supporter of security plugins.  Then I noticed something really surprising. They didn’t really do anything to prevent WP hacks.

I host thousands of WP sites for my clients, and numerous for myself for many different projects.  I have seen and dealt with a lot of hacked WP accounts. Very few I could not fix. But something I noticed happening.  All the website I fixed from hacks all had one thing in common. They all had outdated software. Be it, WordPress, plugins, or themes.  A lot of these sites that were getting hacked at the popular security plugins installed like Wordfence, iThemes Security. What I did notice none of my sites were ever getting hacked, and some clients sites I worked on for other issues/reasons that were not getting hacked also had something in common.  They all were constantly updated.

At this point, I was using security plugins.  Primarily, I was using iThemes. I was never a fan of Wordfence.  I found it to be a resource hog. I had heard some hosts complain to me about it.  Now at times, I and some clients had a few issues with security plugins affecting WP sites from working.  As the issue started to grow, I started to wonder if I really need to use a security plugin. Also what I noticed, as long as you did not use the default password admin/pass, or something just as easy, the only way WP sites were getting hacked was through exploits in the software (wp core file, themes, plugins).  So I decided to stop using security plugins and looking for a good plugin that will auto-update WP, themes, and plugins for me. After testing a few of them, I found one that just worked constantly (Yes a few just did not work very well). I found Companion Auto Update https://wordpress.org/plugins/companion-auto-update/ to work the best.  So I started to test this on a few sites and also removing the security plugin.  After a while, I noticed my sites were not getting hacked at all. I now do not have any issues with security plugins.  I started to have my clients add this plugin to their sites as well.

So to summarize…

No, I do not use or suggest security plugins.  Now if you are a strong believer in security plugins, I would not argue against you.  I would say to each their own. I just would suggest not to use wordfence as it can be a resource hog.  (My opinion).

For a list of all plugins I use and suggest to use, go here.  Remember this is just my opinion. You can ask 10 people and you will get 10 different answers.