WP security plugins and products features comparison
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
 
ABCDEFGHIJKLMNOPQRSTUV
1
#TitleSucuri AntivirusCloudProxySucuri SecurityiThemes SecurityiThemes Sec. ProWordfenceWordfence Prem.BulletProof sec-tyBulletProof ProMinimal solution
2
1Price$199.99/y$9.99/mofreefree$80/yfree$3.9-39/yfree
$59.95 lifetime
free
3
2
4
3PROTECTION
5
4DDOS Mitigation and protection+
+ (Falcon caching)
+ (see bonus custom code)
6
5Brute Force Protection
+ (before attacks reach your server)
+ (using its own net that collects IPs that tried brute forcing)
+++
7
6Web Application Firewall+
+ (fake googlebots, malicious scans, botnets)
8
7Intrusion Prevention System+
9
8Virtual Patching and Hardening+
10
9
SQL, XSS, remote file inclusion, code injection prevention and other web-based attacks
+
+ (on .htaccess level)
11
10Hardening:
12
11 - Verify WP version (to remind you on updating)+
13
12 - Remove WP version+
+ (as a part of removing 'generator' tag)
14
13 - Protect uploads directory (forbid php execution)++ (new)+
15
14 - Protect wp-content directory (forbid php execution)
+ (btw: it may break WordFence)
16
15 - Protect wp-includes directory (forbid php execution)++
17
16 - Protect login page by IP (whitelisting your IP)+
18
17 - Verify PHP version+
19
18 - Checks security keys+
20
19 - Checks if readme.html leaks your WP version (and can fix it)+
21
20
- Checks if you're using a default admin user name (and can fix it)
++
22
21 - Disabling theme and plugin editor+++
23
22
- Checks if you are using a default database prefix (and can fix it)
+++
24
23 - Checks if log files with sensitive data are removed+
25
24
Balcklist-prevented (notifies if you link to a blacklisted site)
+
26
25SPAM Injections++
27
26
Intergration of wp-cli (command-line security management)
+
28
27
29
28Security by Obscurity
30
29
Changes the URLs for WordPress dashboard areas such as login, administrative area etc
+
31
30
Completely blocking login for a given time period (away mode)
+
32
31Removes the meta "Generator" tag (WordPress version)+
33
32
Removes update notifications from users who do not have permission to update themes, plugins, and core
+
34
33
Removes Windows Live Writer header information (if you use it)
+
35
34
Removes RSD header information (if you don't need RSD services such as pingbacks)
+
36
35Changes the ID on the user which has ID = 1+
37
36Changes path to wp-content directory+
38
37
Removes login error messages (not needed anymore — changed on WordPress core level)
+
39
38
Displays a random version number to non administrative users
+
40
39
41
40Banning bots and other undesired agents++
+ (incl. banning whole networks)
42
41Banning by Ips+
43
42Banning IPs after too many failed logins+
44
43Enforcing strong passwords
+ (incl. for users with roles above a certain level)
+
45
44
Forcing SSL for administrative area (if servers support SSL)
+
46
45
Forcing SSL for any post or page (if servers support SSL)
+
47
46
Detecting and blocking numerous attacks to database and filesystem of your WordPress
+
48
47
Replacing the existing jQuery version with a safe version which is the default for WordPress
+
49
48
Real-time blocking of known attackers who has ever atacked a website protected by Wordfence
+
50
49
One-click 2FA, Captcha and Password Protection on any page
+
51
50Two-factor authentication
+ (Google Authenticator or Authy using mobile phone)
+ (with cell-phone)
+ (gives recommendations)
52
51
Password expiration (and immmediate password change request for all users)
+
53
52Strong password generator
+ (from profile screen)
54
53Banning Ips by geographic location+
- coming soon
+
55
54Giving more privileges to a user for one time only+
56
55Captcha (against spam)
+ Google reCaptcha (against spam)
+
57
56
58
57SCANNING
59
58Intrusion Detection System++
60
59Malware Detection:
61
60Security Scans - front-side (not very efficient)++
+ (uses Sucuri's front-side scan)
62
61Security Scans - application-side (more efficient)+
+ (scheduled and automatically)
+ (automaticaly once a day)
+ (scheduled and/or more frequent than once a day)
63
63
Scanning for vulnerabilities, instant reporting and fixing (maybe overwhelming for non-tech users)
+
64
64
65
65MONITORING
66
66Managed Audit Logs / Security+
67
67Security Activity Auditing
+ (logging info, changes etc- very comprehensive; logs are on Sucuri's server for more security)
+ (log in, log out, file changes, intrusion attempts)
+ (as troubleshooting tool - spam, bots and diff hacking activity)
68
68Live traffic
+ (incl. bots, crawlers etc)
69
69Security Blacklist Monitoring Notifies you if your site has got blacklisted in searchengines and by antivirus programs+
+ (on home page)
70
70Security Monitoring++
71
71Blacklist Monitoring+
72
72File Change Detection
+ (only core files)
+ (compares against a remote sample installtion; with restore option; so called File Integrity Checks -
notifies if core files have been changed)
+ (not scheduled, only manual;
compares against a former version of files (not only core WP) saved at the last check; can be resource heavy)
+ (checks if change is malicious; checks core files only - chekcing themes and plugins files coming soon)
+ (checks not just WP core files, but themes, plugins comparing against WP repository;
restore option for coreonly; scheduled), shows files differences
+
73
73DB changes Audit
+ (get alert when new table is created; compares tables)
74
74DNS Monitoring++
75
75WHOIS Monitoring+
76
76SSL Certificate Monitoring+
77
77
Webite Integrity Monitoring (get notifications when anything is changed on your site)
78
78Checking for being associated with SPAM
+ (check if Spamvertised - sending spam, or domain is associatd with spam)
79
79Real time monitoring of traffic
+ (incl. robots, humans, 404s, logins, logouts, geolocation)
80
80
Monitoring disk space (useful in case of Ddos atacks which try to fill in all free space)
+
81
81Checks files permission+
+ ( and locks WordPress Mission Critical files index.php, wp-config.php, wp-blog-header.php and all .htaccess files with 400 and 404 file permissions)
82
82Securing wp-config.php (IP whitelisting)+
83
83Protecting access to .htaccess+
84
84
85
85POST-HACK
86
86 - Reset security keys+?
87
87 - Reset user passwords++
88
88 - Reset plugins+
89
89Malware Cleanup (Unlimited) — post-hack+
may help by showing what changed
90
90Website Blacklist Removal+
91
91Complete Website Hack Cleanup, malware removal+
92
92Dirty Search Engine Results+
93
93Desktop AntiVirus Blacklisting+
94
94Search Engine Blacklisting+
95
95Pharmaceutical Injections (Pharma Hack)+
96
96Phishing Lures++
97
97Malicious Website Redirects (i.e., Porn)+
98
98Hijacked Websites+
99
99Website Defacements+
100
100Database backups
+ (in a WP folder)
++
Loading...