In 2021, over 100,000 websites get hacked each day1. And, in these troubled times, the likelihood of attacks is even higher. Yet, as a small business owner, you may have a very tight budget. In this article, I will share the 4 best free security plugins for your WordPress website in 2022. We use these plugins on all our affordable website packages.
Free vs. Paid Security Plugins
Are the free plugins as good as the paid plugins? In general, no! There are some small exceptions, but paid plugins and services out there tend to do a better job of protecting your website.
Yet, even with paid plugins and services, there is no guarantee that your website won’t be hacked. In this sense, website security is no different to home security. There are things you can do for free, there are things and services you can pay for, but there are no guarantees.
What Does Website Security Involve?
The first and most obvious aspect of website security involves keeping hackers out. Yet, website security also involves:
- Early detection
Again, imagine your website was your home. You do what you can to keep intruders out (prevention). But you may also have:
- An alarm system (early detection)
- Insurance (recovery)
While early detection and recovery are never as good as prevention. They form a key part of any website security plan. So, they are included within the plugins I discuss on this page.
Best Free WordPress Security Plugins
The following is not just a list of alternative plugins to choose from. Rather:
- Some of the plugins in this list work well together as they offer different ways of securing your website
- Others compete with each other, and you need choose one or the other
- Some overlap with both shared and different feature
PLUGINS TO KEEP HACKERS OUT (prevention)
Before talking about plugins that help prevent hackers from getting in, there are some critical things you can do without a plugin.
In my experience, Wordfence is the best free plugin for keeping hackers out! It does this in various ways, including:
- A free Web Application Firewall (WAF) that blocks any known malicious traffic from accessing your website. The Wordfence WAF is the best free WAF available.
- Enforcing strong passwords
- Enabling two-factor authentication (2FA)
- Including Google’s reCAPTCHA
- Letting you disable XML-RPC authentication (a common source of hacks)
- Limiting login attempts
- Hiding your WordPress version
Sucuri offers the best firewall service but not:
- Via a plugin
- For free
Yet, they do have a free plugin that is worth installing and setting up. This is because it adds some WordPress hardening strategies not included by Wordfence. You can see these below. The green options were already applied by Wordfence.
Apply all of them, except the firewall. If you try to apply the firewall, it will tell you you need to subscribe to a paid service.
Note, use the Sucuri plugin as well as, not instead of Wordfence.
3. WPS Hide Login
By default, the WordPress login page is accessed through either:
This makes it easy for hackers and their bots to attack your website. Use the free WPS Hide Login plugin to change these default login pages.
4. Other Options I Don’t Recommend
The BBQ or Block Bad Queries Firewall plugin is both free and robust. But it lacks the other features Wordfence includes. So, go with Wordfence. The same is true for the All In One Security & Firewall plugin.
The Malcare WordPress Security plugin has the opposite issue. Its firewall is not as good as Wordfence, but its other features are great.
Plugins to Detect Hacks Quickly
The sooner you know about a hack, the easier (and cheaper) it is to fix. You can do this through scanning for:
- Changes to Core WordPress files
5 (1). Wordfence
If you have already installed the Wordfence plugin, it includes a very thorough malware scanner. It is the one I normally use, but it is not the only good free option.
6 (4). Malcare
Malware scanning is the key feature of the free Malcare plugin. It does a great job, but no better than Wordfence. As Wordfence offers a better firewall, it makes sense to just use Wordfence.
7. Malware Scanners I Don’t Recommend
The paid Sucuri firewall is one of if not the best one out there. But their malware scanning can never be as thorough as a server-side plugin such as Wordfence.
There are some great free WordPress plugins you can use to help secure your website. We use these plugins in all our affordable website design packages. These packages also include mobile-friendly designs.