We could have probably heard that website security is vital especially when hackers are all around nowadays. I am not going to leave any security loopholes in my WordPress site and I am sure you are either. When it comes to WordPress security plugin, there could have hundreds of plugins you can choose from but when you talk about the best, there could be two which comes to my mind.
Introducing Better WP Security and Wordfence Security.
Here are some information on both the plugins.
Created by: Bit51
What Better WP Security does:
Remove the meta "Generator" tag
Change the urls for WordPress dashboard including login, admin, and more
Completely turn off the ability to login for a given time period (away mode)
Remove theme, plugin, and core update notifications from users who do not have permission to update them
Remove Windows Live Write header information
Remove RSD header information
Rename "admin" account
Change the ID on the user with ID 1
Change the WordPress database table prefix
Change wp-content path
Removes login error messages
Display a random version number to non administrative users anywhere version is used
Scan your site to instantly tell where vulnerabilities are and fix them in seconds
Ban troublesome bots and other hosts
Ban troublesome user agents
Prevent brute force attacks by banning hosts and users with too many invalid login attempts
Strengthen server security
Enforce strong passwords for all accounts of a configurable minimum role
Force SSL for admin pages (on supporting servers)
Force SSL for any page or post (on supporting servers)
Turn off file editing from within WordPress admin area
Detect and block numerous attacks to your filesystem and database
Created by: Mark Maunder
What Wordfence Security does:
Scans core files, themes and plugins against WordPress.org repository versions to check their integrity.
Includes a firewall to block common security threats like fake Googlebots, malicious scans from hackers and botnets.
Includes advanced IP and Domain WHOIS to report malicious IP's or networks and block entire networks using the firewall.
See how files have changed. Optionally repair changed files that are security threats.
Scans for signatures of over 44,000 known malware variants that are known security threats.
Scans for many known backdoors including C99, R57, RootShell, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx and many many more.
Continuously scans for malware and phishing URL's including all URL's on the Google Safe Browsing List in all your comments, posts and files that are security threats.
Scans for heuristics of backdoors, trojans, suspicious code and other security issues.
Checks the strength of all user and admin passwords to enhance login security.
Monitor your DNS security for unauthorized DNS changes.
Rate limit or block security threats like aggressive crawlers, scrapers and bots doing security scans for vulnerabilities in your site.
Choose whether you want to block or throttle users and robots who break your security rules.
Includes login security to lock out brute force hacks and to stop WordPress from revealing info that will compromise security.
See all your traffic in real-time, including robots, humans, 404 errors, logins and logouts and who is consuming most of your content. Enhances your situational awareness of which security threats your site is facing.
Real-time traffic includes reverse DNS and city-level geolocation. Know which geographic area security threats originate from.
Monitors disk space which is related to security because many DDoS attacks attempt to consume all disk space to create denial of service.
Wordfence Security for multi-site also scans all posts and comments across all blogs from one admin panel.
WordPress Multi-Site (or WordPress MU in the older parlance) compatible.
Premium users can also block countries and schedule scans for specific times and a higher frequency.
I know the list is rather long but it is relatively easy to say that both are trying their best to compete with one another. I tested both Better WP Security and Wordfence Security for a week each on various websites and I was surprised at my decision...really. Let me tell you why.
Better WP Security - 9.5/10, Wordfence Security - 9.5/10
When it comes to security, I can tell you that both plugins look very seriously into the matter. Both actually impressed me more than what I actually expected them to perform. If you are going to install either one of these, rest assured your security effectiveness will be top of the chart. And that, I am definitely sure.
Better WP Security - 9/10, Wordfence Security - 9.5/10
I have very split decision in this. I love Better WP Security's direct layout but I prefer the Wordfence Security interface. Basically in Better WP Security, you will be able to see all the issues in different colours (red as dangerous, green as safe etc). With a simple click, it will redirect you immediately to the setting for you to do any adjustment required. Compared to Wordfence Security, the layout is more 'WordPress-like' (imagine using W3TC).
Both plugins layout are extremely versatile and easy to navigate through. At the same time, both the plugins developers are doing a great job by trying to provide a compact view on the plugin dashboard itself. Here's are what both dashboards look like:
Better WP Security - 7/10, Wordfence Security - 9/10
When it comes to security plugin usability, this is where it makes all the difference. Better WP Security plugin is great but what makes it short from getting a higher score from me is because it requires a higher curve of WordPress understanding for a person to actually utilize it properly. In other words, you are open to all options to configure your WordPress but you are prone to create an accidental mistake if you have no idea what you are doing.
Compared to Wordfence Security, most options are pretty direct and even a beginner could use the plugin to the maximum of its capabilities. This definitely gives a better rating to Wordfence Security compared to the latter.
Better WP Security - 10/10, Wordfence Security - 8/10
To be very honest, I been trying to search for this answer but failed miserably. Whenever I use Wordfence Security, I noticed that my site is loading less than one second slower compared to the time I used Better WP Security. after checking with various programs and tools, it really seems like Wordfence Security's firewall feature is creating a small 'lag' which affects the page loading speed. Maybe this could be me but I am not experiencing that when I am using Better WP Security.
If I would to choose and could only choose one as my best WordPress security plugin, then my money is going to Better WP Security. I know! I love Wordfence Security plugin and it is very close to flawless.
However, having the small page load 'penalty' really turns me off. Regardless what WordPress security plugin you choose, I am sure both of these plugins will not let you down.
How about you? Do you have any favorite security plugins you would like to share? Or, maybe you have your opinion on both the plugins? Feel free to fill the form below and tell us what you think.
If you like this article, could you please share this for me using the red Google+ button below?