What is the best WordPress security plugin?

Better WP Security vs Wordfence Security: The Battle For WordPress Best Security Plugin

We could have probably heard that website security is vital especially when hackers are all around nowadays. I am not going to leave any security loopholes in my WordPress site and I am sure you are either. When it comes to WordPress security plugin, there could have hundreds of plugins you can choose from but when you talk about the best, there could be two which comes to my mind.

Introducing Better WP Security and Wordfence Security.

Here are some information on both the plugins.

What is the best WordPress security plugin?
WordPress is the most popular blogging platform but security threats are very real

What is Better WP Security Plugin?

Created by: Bit51

What Better WP Security does:

  • Remove the meta “Generator” tag

  • Change the urls for WordPress dashboard including login, admin, and more

  • Completely turn off the ability to login for a given time period (away mode)

  • Remove theme, plugin, and core update notifications from users who do not have permission to update them

  • Remove Windows Live Write header information

  • Remove RSD header information

  • Rename “admin” account

  • Change the ID on the user with ID 1

  • Change the WordPress database table prefix

  • Change wp-content path

  • Removes login error messages

  • Display a random version number to non administrative users anywhere version is used

  • Scan your site to instantly tell where vulnerabilities are and fix them in seconds

  • Ban troublesome bots and other hosts

  • Ban troublesome user agents

  • Prevent brute force attacks by banning hosts and users with too many invalid login attempts

  • Strengthen server security

  • Enforce strong passwords for all accounts of a configurable minimum role

  • Force SSL for admin pages (on supporting servers)

  • Force SSL for any page or post (on supporting servers)

  • Turn off file editing from within WordPress admin area

  • Detect and block numerous attacks to your filesystem and database

What is Wordfence Security plugin?

Created by: Mark Maunder

What Wordfence Security does:

  • Scans core files, themes and plugins against WordPress.org repository versions to check their integrity.

  • Includes a firewall to block common security threats like fake Googlebots, malicious scans from hackers and botnets.

  • Includes advanced IP and Domain WHOIS to report malicious IP’s or networks and block entire networks using the firewall.

  • See how files have changed. Optionally repair changed files that are security threats.

  • Scans for signatures of over 44,000 known malware variants that are known security threats.

  • Scans for many known backdoors including C99, R57, RootShell, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx and many many more.

  • Continuously scans for malware and phishing URL’s including all URL’s on the Google Safe Browsing List in all your comments, posts and files that are security threats.

  • Scans for heuristics of backdoors, trojans, suspicious code and other security issues.

  • Checks the strength of all user and admin passwords to enhance login security.

  • Monitor your DNS security for unauthorized DNS changes.

  • Rate limit or block security threats like aggressive crawlers, scrapers and bots doing security scans for vulnerabilities in your site.

  • Choose whether you want to block or throttle users and robots who break your security rules.

  • Includes login security to lock out brute force hacks and to stop WordPress from revealing info that will compromise security.

  • See all your traffic in real-time, including robots, humans, 404 errors, logins and logouts and who is consuming most of your content. Enhances your situational awareness of which security threats your site is facing.

  • A real-time view of all traffic including automated bots that often constitute security threats that Javascript analytics packages never show you.

  • Real-time traffic includes reverse DNS and city-level geolocation. Know which geographic area security threats originate from.

  • Monitors disk space which is related to security because many DDoS attacks attempt to consume all disk space to create denial of service.

  • Wordfence Security for multi-site also scans all posts and comments across all blogs from one admin panel.

  • WordPress Multi-Site (or WordPress MU in the older parlance) compatible.

  • Premium users can also block countries and schedule scans for specific times and a higher frequency.

I know the list is rather long but it is relatively easy to say that both are trying their best to compete with one another. I tested both Better WP Security and Wordfence Security for a week each on various websites and I was surprised at my decision…really. Let me tell you why.

Security effectiveness

Better WP Security – 9.5/10, Wordfence Security – 9.5/10

When it comes to security, I can tell you that both plugins look very seriously into the matter. Both actually impressed me more than what I actually expected them to perform. If you are going to install either one of these, rest assured your security effectiveness will be top of the chart. And that, I am definitely sure.

User-friendly UI

Better WP Security – 9/10, Wordfence Security – 9.5/10

I have very split decision in this. I love Better WP Security’s direct layout but I prefer the Wordfence Security interface. Basically in Better WP Security, you will be able to see all the issues in different colours (red as dangerous, green as safe etc). With a simple click, it will redirect you immediately to the setting for you to do any adjustment required. Compared to Wordfence Security, the layout is more ‘WordPress-like’ (imagine using W3TC).

Both plugins layout are extremely versatile and easy to navigate through. At the same time, both the plugins developers are doing a great job by trying to provide a compact view on the plugin dashboard itself. Here’s are what both dashboards look like:

Better WP Security offers more security features compared to the rest of the WordPress security plugins.
Better WP Security Dashboard

Wordfence security provide easy to use navigation for both experience and beginers website developers.
Wordfence Security Dashboard

Plugin usability

Better WP Security – 7/10, Wordfence Security – 9/10

When it comes to security plugin usability, this is where it makes all the difference. Better WP Security plugin is great but what makes it short from getting a higher score from me is because it requires a higher curve of WordPress understanding for a person to actually utilize it properly. In other words, you are open to all options to configure your WordPress but you are prone to create an accidental mistake if you have no idea what you are doing.

Compared to Wordfence Security, most options are pretty direct and even a beginner could use the plugin to the maximum of its capabilities. This definitely gives a better rating to Wordfence Security compared to the latter.

How important is website loading speed for you?

Better WP Security – 10/10, Wordfence Security – 8/10

To be very honest, I been trying to search for this answer but failed miserably. Whenever I use Wordfence Security, I noticed that my site is loading less than one second slower compared to the time I used Better WP Security. after checking with various programs and tools, it really seems like Wordfence Security’s firewall feature is creating a small ‘lag’ which affects the page loading speed. Maybe this could be me but I am not experiencing that when I am using Better WP Security.

My honest conclusion between Better WP Security and Wordfence

If I would to choose and could only choose one as my best WordPress security plugin, then my money is going to Better WP Security. I know! I love Wordfence Security plugin and it is very close to flawless.

However, having the small page load ‘penalty’ really turns me off. Regardless what WordPress security plugin you choose, I am sure both of these plugins will not let you down.

How about you? Do you have any favorite security plugins you would like to share? Or, maybe you have your opinion on both the plugins? Feel free to fill the form below and tell us what you think.

If you like this article, could you please share this for me using the red Google+ button below?

58 thoughts on “Better WP Security vs Wordfence Security: The Battle For WordPress Best Security Plugin”

    1. Hi Ganco,

      Thanks for your reply. In fact, got to agree that BWPS is a slightly better security feature except for the slight loading speed effect. Nonetheless, thanks for your reading and hope you will be back for more!

      Reginald.

  1. Great review! I personally use Better WP Security on all of my sites, including multisite setups. Although it's not "noob" friendly, it's extremeley important to take time to set everything up properly so your site isn't vulnerable. Database backups, IP Blocking, Logs, and even "user name 1" type modifications all really add up to a safe site.

    1. Hi Jason,

      Thank you for your reply and glad you liked it. I uses Better WP Security on one of my main sites now. it was pretty easy until I nearly messed up one of my site as I accidentally changed the table prefix. Guess, we all have to start from somewhere huh?

      Nonetheless, thanks again and do come back for more.

      Regards,
      Reginald

  2. love you article and have a question… I am using both of the plugins and wanted to know how bad of an idea it is. First they seem to have a few hings that they do separate.

    Wordfence has a pid product that lets you block whole countries! I only sell in the U.S., Canada, and Caribbean. So I chose Wordfence and paid them for blocking software to block India and 100 other countries.

    I installed Better WP Security so I could change the table prefix and like 6 other things that Wordfence never said was a problem.

    So I think they both have a benefit and wish there was just one to do everything. We would even pay for the right plugin. Any suggestions or warnings on running both of these or on an all-in-one security plugin that does everything even at a cost?

    1. Hi Thomas,

      Thank you for your comment. Firstly, as much as you can use both at the same time, I would suggest not to. Reason is simply because it is too much of double work. Both the developers are very tempted to have a healthy fight and thus, they are in some way working hand in hand to make both the plugin better. Personally, I would suggest that the one that you feel most comfortable using. For example, asking yourself if you can live without A or B plugin.

      One thing is that if you are tech-geek enough, you can easily perform those without the help of the plugin. Of course, it could take some serious work though.

      Since security is a big issue for you, do you work with any developer for your website? You could get their assistance to get it fixed for you. Let's say if you don't have a developer, there are a few very good hosting companies which offers hands on security for your websites.

      Hey, do keep me informed of the progress as I am very interested to know how it work out for you. Again, drop me a line if you need assistance. I will be more than willing to help you as much as I can!

      Reginald

  3. So you are going with the Better WP Security. I feel it’s really a very tough choice, and as you said, both are pretty good. After getting some recommendations about these two plugins, I used both of them (used BWPS for only a single day just to try it out), and felt that both have almost the same features. Both of these have a couple of features which are missing in the other. Unfortunately, the extra features that BWPS has are not exactly the features I wanted. That’s why I went with Wordfence.

    1. Hi Sourav,

      Nice to see you here buddy! For me, both are pretty good though Wordfence looks cooler :p. And yes, both has the (very close) same features. Why? Because both the dev are competing between themselves and want to improve more! Good for us 🙂

      Thanks for sharing your point!

      Reginald

  4. Hi Reginald,

    I really have to take my hat off to you for this post. So many people have trouble comparing these plugins so finding a post that does it for us is excellent, thanks.

    I’m letting people know about your post because I know it’s going to help loads of them.

    Keep them coming mate,
    Barry

    1. Hi Barry,

      Thank you for the compliments. For this, I knew many people was thinking about it (especially me because I’m very absent minded). So, just a simple article to share my thoughts.

      Most importantly, I’m glad that you find this interesting. Appreciate your time commenting and thank you again! It meant the world for me 🙂

      Reginald

      1. You’re more than welcome Reginald, after all I referred to the article so much so I thought the least I could do was come and leave a comment 😉

        It’s going top help lots of people Reginald 🙂

  5. Hey Reginald,
    What’s up bro?
    I have been using Better WP Security for some months now and I think it’s been up to the task. I don’t know much about Wordfence but your review shows it’s as well an effective plugin.

    Thanks for the eye opening post

    1. Hey Enstine,

      Thanks for coming over. Glad you find this useful and of course, good for you mate … since you are using a WordPress security plugin. Both of these security plugins have their own pros and cons. But I’m pretty sure you won’t go wrong either one of them.

      Take care and come back for more!

      Reginald

  6. Thanks very much for this comparative review, Reginald. I’m already using WordFence and I’m going to stick with it after reading your bit about the fact that the other plugin requires a bit more technical know-how – I definitely need something simple to use, so I reckon WordFence is probably the right choice for me at the moment.

    Cheers – this is a very thorough and detailed comparison – very helpful.

    Sue

    1. Hi Sue,

      Thanks for commenting and thank God you felt the post was okay! Haha.

      I love reviewing as for one thing, I am a super picky customer. I want to make sure whatever I am using is possibly the best. Well, that’s the bad thing about me though!

      I love WordFence because it is really simple to use. Highly recommended and you do not need to worry breaking your website with it. I broke my site once with Better WP Security. Thank God was able to restore back in 2 hours 😉

      Reginald

  7. Hi Reginald,

    Wow’¦didn’t know that Better WP Security change the URL for wordpress dashboard including login, admin, and more. That’s just awesome!!! Looks like Better WP Security have laid out these for you with different colors. I like that. I have never really tried them. But I’m kinda hesitant to switch from one security to the other.

    So far I am using Wordfence. Man, I was glad that I have this installed coz it alerted me right away when I had a couple of malicious commenters who had malware and trojan horse on their commetluv links to me!!!! Also, it helps PROTECT my blogger friends from clicking these type of links when my blog is MODERATED, the links doesn’t get through til I examine it first’¦then the moron have the nerve to email me back and said, “How did you know I have trojan horse on my link? I want to treat it’¦” tried to email him back and it won’t go through. so he’s merely a legit malicious commenter.

    Back to Better WP Security’¦I’d like to try this but I’m SCARED because I’m not technical savvy. However, I heard some people said to me about Wordfence. One guy told me that his hosting service blocked him from using Wordfence coz it does takes a lot from their server. And so you may be right that using Wordfence can actually LOWER your speed. And so far, my site’s speed is 86 out of 100. I think it’s good but it could be better, right?

    Anyway, thank you very much for educating me regarding the 2 most powerful SECURITY for our wordpress. Have a great Thursday and may you have a lovely weekend.

    Till then,
    Angela

    P.S. May I copy your format on that StudioPress ad you have there? I’m an affiliate of StudioPress but somehow do not know where to put their banner in an appropriate place. So how did you do yours?

    1. Hi Angela,

      Thanks for your comment! Glad you find this useful. Both are very good and I too heard about WordFence and the speed issue. Therefore, I tested it to try. I am a website speed geek and I want my site to speed like no tomorrow. So, it was great having Better WP Security for me.

      I still love WordFence because I feel the UI is much better and yes, much simple to navigate. I broke my site once because of Better WP Security. Scary huh.

      Your website speed is okay. As long as you hit like 2 sec below should be fine.

      StudioPress format? What do you mean? Which part do you need to copy? I can send you the link to get the ads up if you want. Tell you what, I hit you on Twitter 🙂 And yes, feel free to follow this layout. No problem at all Angela.

      Take care.

      Reginald

  8. Hi Reginald!

    I also use BetterWP security and so far so good, but it’s never a good idea to rest on one’s laurels, so I always keep an eye out for new security plugins.

    1. Hi Nicole,

      Better WP Security is good and I don’t you need any other anymore 🙂 The plugin developer did great in terms of both security and usability. However, as time grows, best to have a ‘backup’ plan like what you said. Very true indeed!

      Thanks and have a great week ahead!

      Reginald

  9. Reginald,
    I used to be a big fan of Better WP Security but I had an unfortunate experience with it. About a month ago, I was notified in Google Webmaster Tools that I had a DNS error and I got the message “Googlebot can’t access your site”.

    After contacting BlueHost, they informed me that my htaccess file had been modified by the Better WP Security plugin and that it was blocking the search engines. I created a new htaccess file, deleted BWPS and replaced it with WordFence. That resolved the issue.

    To be perfectly honest, I did not report this to the developer. I don’t know for sure if it was BWPS that caused the issue and it could have been a conflict with something else on my site. That’s just my experience with it.

    1. Hi Sherryl,

      Thanks for sharing your experience 🙂 Oh yes, Better WP Security will amend your htaccess file. However, I didn’t experienced that since I basically amended that file personally. If I remember correctly, there’s an option (enable by default) that will make your htaccess invisible or something. This causes some sort of error 🙂

      Glad to hear your side of the story!

      1. Reginald,
        To clarify, I should have mentioned that I had used Better WP Security for well over a year prior to having an issue with it. It was out of the blue that I got the DNS error. I suspect that something else may have triggered it but it was enough to scare me. 🙂

        1. Hi Sherryl,

          Thanks for the feedback. Maybe it could just be a simple update that caused that 🙂 Nonetheless, it was great that you figured that out. Thats important! Have a great day ahead and keep in touch 😉

  10. How about I install Better WP Security first for first half of the security measures that Wordfence doesn’t have, then I uninstall Better WP Security and install Wordfence for all the advance scanning that Beter WP Security doesn’t have?

    1. Hi Kate,

      Firstly, yes it is doable. Secondly, all security configurations offered by both plugins (mostly) could be done manually if you have the knowledge. I did exactly what you said and there is absolutely no issue at all.

      Both the plugins are very close to each other in terms of features and therefore, shouldn’t be an issue at all 🙂

      Hope this helps.

  11. Reginald,

    Currently, I’m using for the past 3 years without any change to security plugins:

    Secure WordPress
    WordPress Firewall 2
    WP Security Scan
    Limited Login Attempts

    Can I remove any of these plugins if I install Better WP Security with it already having these features to take load off the number of plugins I use?

    I’m not familiar with all the possible security attacks such as injections, bad queries, and don’t want to compromise any security angle protection.

    For example, doesn’t seem Better WP Security has firewall, but do I really need WordPress Firewall 2 when have Better WP Security.

    Also, I understand that Better WP Securtiy blocks user from too much login attempt and hide the wp-admin so I can remove the Limited Login Attempt.

    1. Hi Jason,

      First of all, most of the bad plugins comes from either bad hosting, plugins or bad basic security practices. Both Better WP Security and Wordfence are equally good and you can’t go any wrong with them.

      Being said that, I don’t really see the need to install so many security plugins as you had stated above simply because there are some premium security plugins that does way better job. Also, it depends on the scale of your website.

      If you are running a commercial website, you should use some premium plugin while if you are on a leisure website and not a membership site, you can easily disable login page (only visible for you). From what I see, most of the security attacks originated from weak website maintenance.

      And therefore, I would it isa safe to use Better WP Security since it offers limited attempt of login in.

      *p/s Since you are talking about security plugin, you must read this article I recently wrote. 12 Most Important Tips To Improve WordPress Security.

      Hope this helps mate.

      1. Thanks. I do have one more question, what about using a firewall?

        Better WP Security doesn’t seem to have a firewall feature, so I was thinking maybe needing one like OSE Firewall or WordPress Simple Firewall (based off of WordPress Firewall 2)…or even BBQ: Block Bad Queries?

        Or BOTH…1 of the firewall and BBQ with Better WP Security?

        1. Hi Jason,

          I wouldn’t want to use a firewall as it might affect my website speed. Okay I’m a huge believer in website speed so, I don’t see a need in terms of using a firewall. Moreover, a huge amount of plugins available to download are very badly coded. They might even leave your website with more loop holes.

          Since you are asking on this, are you running a corporate or eCommerce website? If yes, I would suggest you in getting a better host or some premium security plugin.

          Of course, I have a few in mind if you need any recommendation.

          Have a great day mate!

          1. Hi,

            As the author of WordPress Simple Firewall, I completely understand your concerns about website speed and performance.

            If you look at the changelog to the plugin, you’ll see numerous references to performance optimizations. This plugin has been written by an experienced coder and an experienced WordPress Plugin developer… and reviewed by an even better one. While no plugin is perfect, this one goes a long way to be highly efficient and fast.

            There’s always room to improve, but it’s never worth discounting a plugin based on its performance if it remains untested 🙂

            The plugin has 4 other core features besides the firewall, so you can always benefit if you don’t want the firewall 🙂

            Cheers!
            Paul.

            1. Hi Paul,

              Welcome to my small and humble blog 🙂

              Yes you are absolutely right. Since the day i published this article until now, there are so many changes which happened and honestly speaking, i respect them both. Both had been great and will always be 😉

              Nonetheless, thanks for commenting and your insightly input on that. Have a great weekend ahead!

  12. Really in depth comparison about these two plugins. When it comes to security of your WordPress installation no measures are enough to achieve that.
    I’m also a user of Better WP Security plugin and I was cheching the .htaccess to see what it does to it and BWPS does pretty good job. I should give Wordfence a try.

    1. Hey Bob,

      Thanks for commenting. I think both plugins went through multiple updates over the months and it is always great to see the developers are trying their best to build a better WordPress security plugin. It is great to see another user loving what Better WP Security can offer 🙂

      Have a great day!

  13. Hi Reginald,
    nice post, you have compared and explained everything related to both plugin. .
    Talking about site speed while using Wordfence, it slowed my site 2-3 seconds. . After little researching in support forums i found out that enabling live traffic was affecting the speed, because it uses 3rd party app to collect visitor data. . .

    1. Hi Adithya,

      Thanks for commenting on this. Appreciate it buddy.

      Nowadays, I only use WordFence for my secondary sites and nothing more. Not bad since I seen a lot of changes from the day I published the post til today. Hoping for more (of course) to keep our website more secure than ever.

      See you around.

  14. Hi Reginald,
    thanks for a great article. I’m new to WordPress and looking for a good security plugin. I could test the Wordfence and I really like its interface and features. Everyone is talking about how good this plugin is, but what do you think about bad reviews on WordPress plugin site?
    Best,
    Damian

    1. Hi Damian,

      If you are asking about the negative thing about both the plugins, I would say they add a little weight (in terms of website loading speed). However, it is not noticable unless you really focus into it. Haha!

      Nonetheless, you won’t go wrong with any of those … so to speak.

      Hope this answers your question.

  15. Hi Reginald, I mean the 1-star reviews on wordpress org like this one:
    “Once I installed wordfence on my sites, all of them were compromised. WordFence opens a floodgate of hackers, and open doors.”
    What do you think?
    Best,
    Damian

    1. Hi Damian,

      I wouldn’t even consider about that. Why? Because I had no issues with WordFence and in fact, big web hostings such as WP Engine also suggest users to use it (for those who want advance settings). Basically, I don’t really care much about reviews as I test all the plugins myself.

      Of course, every plugin needs to be configured according to your liking and preference. Also, 876 5-stars over 14 1-star is pretty self explanatory from what I see. Haha~

      hope this helps mate.

  16. Thanks for the review. Just had a major problem with my site caused by BWPS and had to disable all my plugins to recover it. So I was looking for a comparison with Wordfence to decide whether to reactivate BWPS or stick with Wordfence. Incidentally I had both running and see from other comments that this might have impacted page load times. Issue gratefully noted!
    As your decision was so close, I have decided to go with Wordfence, as it is Wordfence that has notified me of malware issues, and I don’t want to have to upgrade my hosting to address the resource demands of BWPS.
    Thanks again for helping me to make the decision. 🙂
    Jan Moore

    1. Hi Janet,

      Welcome to my humble blog. Glad you find the post useful.

      Basically both are pretty good. At the moment, I am playing more towards WordFence as it is pretty decent. Personally, Better WordPress Security is also as good as WordFence and I believe you won’t go wrong with any.

      Of course, hit me up if you need any assistance and will try myself to help you.

      Take care!

  17. I have using wordfence security plugin from the last two years and found it very nice. But since I have migrate to VPS hosting I am getting an error and wordfence dose not work properly. Its not blocking any IP and also showing my own server IP in live activity page for all traffic even for google and other crawlers. Could you help me to fix this issue, I am be very thankful to you. Thanks

    1. Hi Saeed,

      Well it depends as I am not sure how far the issue is. Have you tried to contact your hosting company? I am guessing it comes from the VPS configurations and thus, you could start with it.

      Hope this gives you a little hint on where to start. Good luck.

  18. Thanks for the detailed post about these two security options for WordPress. I’ve been debating which one to use on my own blog and have been trying to get some opinions. I think I’ve almost narrowed it down.

    1. Hi Mike,

      Thanks for dropping by.Glad you find the article useful.

      I don’t think you can go wrong with either. However, keep in mind that the advance settings are really for advance users. You wouldn’t want to get locked out for no reason! Happen to me a couple of times. Haha~

      Talk to you soon.
      Reginald

    1. Hi Hafiz,

      Glad you find this useful. In fact, thank you so much for reading. I am setting up a new tutorial so keep your eyes glued to this blog ya?

      Talk to you soon mate.

  19. Hi,

    A few weeks ago we released a major update of Wordfence which includes a performance overhaul. We have also now added two caching engines which benchmarks show can yield up to 50X site performance increase above a standard WordPress install. We’ve had positive feedback from the community since the upgrade and have released several updates since then.

    Also it looks like BWPS has rebranded to iThemes and sold the company.

    This blog entry is now a year old so it’s probably time for a refresh. I’d love to see an updated version and I’m happy to help – just drop me an email if you need anything.

    Regards,

    Mark Maunder
    Wordfence Creator and Feedjit Inc CEO.

  20. Hey Reginald,
    I agree that both plugins are very very good.

    My preferred choice is Wordfence, because it gives you the ability to monitor LIVE traffic (see what’s happening if something is going wrong) and it monitors 3rd party elements like DNS, file space, file changes, etc.

    Another very good provider for WP Security is Sucuri.net, definitely worth checking them out too!

    Best,
    Jan

  21. I’ll weigh in on the discussion: It might be confusing to some currently that Better WP Security is now ithemes security (Even though that wasn’t the case on your post date.)

    And one issue that continually creeps on with some users, depending on their hosting platform, is that Wordfence has a tendency to be a resource hog. I’ve repeatedly gotten CPU usage warnings on installs of Wordfence from hosts (even with WP Supercache enabled) and never gotten those from installs of ithemes security. I like a lot of the features of Wordfence but really don’t need the hassle of having my host continually threatening to either throttle or suspend me. Sucuri might well be a viable alternative and gets good reviews; I just don’t have much experience with it.

Leave a Comment