CALL 0438 139 719FREE QUOTE

Best Free Wordpress Security Plugins 2022

By | First Published: | Last Updated: 4 May, 2022

In 2021, over 100,000 websites get hacked each day1. And, in these troubled times, the likelihood of attacks is even higher. Yet, as a small business owner, you may have a very tight budget. In this article, I will share the 4 best free security plugins for your WordPress website in 2022. We use these plugins on all our affordable website packages.

Free vs. Paid Security Plugins

Are the free plugins as good as the paid plugins? In general, no! There are some small exceptions, but paid plugins and services out there tend to do a better job of protecting your website.

Yet, even with paid plugins and services, there is no guarantee that your website won’t be hacked. In this sense, website security is no different to home security. There are things you can do for free, there are things and services you can pay for, but there are no guarantees.

What Does Website Security Involve?

The first and most obvious aspect of website security involves keeping hackers out. Yet, website security also involves:

  • Early detection
  • Recovery

Again, imagine your website was your home. You do what you can to keep intruders out (prevention). But you may also have:

  • An alarm system (early detection)
  • Insurance (recovery)

While early detection and recovery are never as good as prevention. They form a key part of any website security plan. So, they are included within the plugins I discuss on this page.

Best Free WordPress Security Plugins

The following is not just a list of alternative plugins to choose from. Rather:

  • Some of the plugins in this list work well together as they offer different ways of securing your website
  • Others compete with each other, and you need choose one or the other
  • Some overlap with both shared and different feature


Before talking about plugins that help prevent hackers from getting in, there are some critical things you can do without a plugin.

1. Wordfence

In my experience, Wordfence is the best free plugin for keeping hackers out! It does this in various ways, including:

  • A free Web Application Firewall (WAF) that blocks any known malicious traffic from accessing your website. The Wordfence WAF is the best free WAF available.
  • Enforcing strong passwords
  • Enabling two-factor authentication (2FA)
  • Including Google’s reCAPTCHA
  • Letting you disable XML-RPC authentication (a common source of hacks)
  • Limiting login attempts
  • Hiding your WordPress version

2. Sucuri

Sucuri offers the best firewall service but not:

  • Via a plugin
  • For free

Yet, they do have a free plugin that is worth installing and setting up. This is because it adds some WordPress hardening strategies not included by Wordfence. You can see these below. The green options were already applied by Wordfence.

sucuri hardening strategies - sucuri is one of the best free wordpress security plugins

Apply all of them, except the firewall. If you try to apply the firewall, it will tell you you need to subscribe to a paid service.

Note, use the Sucuri plugin as well as, not instead of Wordfence.

3. WPS Hide Login

By default, the WordPress login page is accessed through either:


This makes it easy for hackers and their bots to attack your website. Use the free WPS Hide Login plugin to change these default login pages.

4. Other Options I Don’t Recommend

The BBQ or Block Bad Queries Firewall plugin is both free and robust. But it lacks the other features Wordfence includes. So, go with Wordfence. The same is true for the All In One Security & Firewall plugin.

The Malcare WordPress Security plugin has the opposite issue. Its firewall is not as good as Wordfence, but its other features are great.

Plugins to Detect Hacks Quickly

The sooner you know about a hack, the easier (and cheaper) it is to fix. You can do this through scanning for:

  • Malware
  • Changes to Core WordPress files

5 (1). Wordfence

If you have already installed the Wordfence plugin, it includes a very thorough malware scanner. It is the one I normally use, but it is not the only good free option.

6 (4). Malcare

Malware scanning is the key feature of the free Malcare plugin. It does a great job, but no better than Wordfence. As Wordfence offers a better firewall, it makes sense to just use Wordfence.

7. Malware Scanners I Don’t Recommend

The paid Sucuri firewall is one of if not the best one out there. But their malware scanning can never be as thorough as a server-side plugin such as Wordfence.

In Summary

There are some great free WordPress plugins you can use to help secure your website. We use these plugins in all our affordable website design packages. These packages also include mobile-friendly designs.

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

shaun killian profile picture.jpg


Shaun Killian (me) is a small business owner, who is passionate about helping other small businesses succeed. He has been working with website design since 2008. He is also an expert in digital marketing, including SEO, content marketing and email marketing. In a former life, Shaun was a school teacher and principal before a heart transplant and bilateral leg amputation led him in other directions.