Design & Development

11 Free Plugins for WordPress Security

WordPress is the most popular content management system on the web, mainly due to its flexibility with nearly 50,000 available plugins. For your own WordPress site, be sure to add an extra layer of security to the WordPress framework, so that your website is protected as much as possible from malicious hackers.

Here is a list of security plugins for WordPress. There are plugins for firewalls, spam protection, two factor authentication, and more. All of these plugins are free, though several offer additional premium features.



Wordfence is a popular security plugin with over 22 million downloads. The firewall stops you from getting hacked by identifying malicious traffic — blocking attackers before they can access your website. Its “threat defense feed” automatically updates firewall rules that protect you from the latest threats. Premium version has country blocking, two-factor authentication and real-time firewall updates. Monitor traffic in real-time, including robots, humans, 404 errors, logins and logouts, and who is consuming most of your content. Price: Free. Premium version is $8.25 per month.

iThemes Security

iThemes Security.

iThemes Security offers more than thirty ways to lock down WordPress in an easy-to-use security plugin. With iThemes Security Pro’s WordPress two-factor authentication, users are required to enter both a password and a secondary code sent to a mobile device such as a smartphone or tablet. Limit the number of failed login attempts allowed per user. Make your WordPress dashboard inaccessible during certain hours. Schedule database backups and have them emailed to you. Assess the security of all your WordPress user accounts at one time and take action on them if needed. Price: Free. Premium plans start at $80 per year.

All In One WP Security & Firewall

All In One WP Security & Firewall.

All In One WP Security & Firewall offers the latest recommended WordPress security practices and techniques as easy-to-use features. All In One WP Security also uses a security points grading system to measure how well you are protecting your site based on the security features you’ve activated. Add advanced security features to user accounts, login, and registration. Ban users by IP or user agents. Block brute force attacks. Get alerts when your files change. Schedule automatic backups and email notifications. Price: Free.



WP-SpamShield is a WordPress anti-spam plugin that eliminates comment spam, contact form spam, registration spam, trackback spam, pingback spam, and every other type of WordPress spam. This plugin works like a firewall to ensure your commenters are actually human, and that those humans aren’t spamming you. WP-SpamShield provides automatic anti-spam protection for all major contact form plugins, including Contact Form 7 forms, Gravity Forms, Ninja Forms, and Jetpack. Price: Free.

Really Simple SSL

Really Simple SSL.

Really Simple SSL automatically detects your settings and configures your website to run over HTTPs. To keep it lightweight, the options are kept to a minimum. All incoming requests are redirected to HTTPs. The site URL and home URL are changed to HTTPs. Price: Free.

Shield WordPress Security

Shield WordPress Security.

Shield WordPress Security is a complete security solution without “pro” feature restrictions. Block malicious URLs and requests, and block all spambot comments. Prevent brute force attacks on your login and attempted automatic bot logins. Verify user identity with email-based two-factor authentication. Review all major actions that have taken place on your WordPress site by all users. Hide your WordPress admin and login page. Easy-to-use kill switch temporarily turns off firewall features without disabling the plugin. Price: Free.

Hide My WordPress

Hide My WordPress.

Hide My WordPress is a plugin to change and hide WordPress admin and login URLs. Hide your admin and login pages, and redirect hackers to a 404 page. Guard against brute force attacks, SQL injection attacks, and cross-site scripting. Price: Free.

Sucuri Security

Sucuri Security.

Sucuri Security plugin for WordPress is a toolset for security integrity monitoring, malware detection, audit logging, and security hardening. Monitor all security related events within your WordPress site. Access multiple blacklist engines to ensure your brand reputation and website integrity. Get help on what to do if your site is compromised. And access CloudProxy, an enterprise grade firewall from Sucuril. Price: Free. CloudProxy firewall is a premium add-on.

WP Antivirus Site Protection

WP Antivirus Site Protection.

WP Antivirus Site Protection is a security plugin to prevent, detect, and remove malicious viruses and suspicious codes. It detects backdoors, rootkits, trojan horses, worms, fraud tools, adware, spyware, hidden links, redirection, and more. WP Antivirus Site Protection scans not only theme files, but also all the files of your WordPress website. Get alerts by email, and view security reports online. Price: Basic version is free. See site for premium pricing.

miniOrange Two Factor Authenticator

miniOrange Two Factor Authenticator.

Rather than relying on a password alone, which can be phished or guessed, miniOrange Two Factor Authenticator adds a second layer of security to your WordPress accounts. It protects your website from hacks and unauthorized login attempts. Price: Free.

Acunetix WP Security

Acunetix WP Security.

Acunetix WP Security plugin is a free security tool that helps you secure your WordPress installation and suggests corrective measures. Safeguard passwords, file permissions, database security, version hiding, admin protection, and more. The solution features easy database backup for disaster recovery, hiding dashboard and info from non-admins, security reporting, live-traffic to monitor your website activity in real-time, and more. Price: Free.

Sig Ueland

Sig Ueland

Bio   •   RSS Feed