Security Plugins

Don’t use more than one at the same time.

https://www.ads-software.com/plugins/search/security

OK I’ve had a look at those too.

I’m wondering which is the best FREE option.
(i.e. not requiring a premium purchase or a subscription).

Wordfence talks about 30 days delays for various things, which sounds less than ideal…
Sucuri seems pretty good.

Sa, to all, interested in thoughts on this please?

@ronny is there a reason you are looking at wordfence alternatives? Come across particular issues?

Security plugins come in a variety of shapes and sizes:
– quasi anti-virus: detect changed files, malware, warn, replace files etc
– block bad activity: most look for obvious attempts at attacks
– request flooding: many provide spam captchas, rate limiting logins etc
– xml-rpc filtering: providing ways to disable certain ways the xmlrpc.php file is used by attackers to flood a server or to bypass login security
– all of the above and more

There are limits to what a security plugin can do, it is after-all subject to attacks on your website files as are any other file on your server. Think of them like your antivirus/anti-malware installed on your computer desktop – in that they do well at catching known/older issues, and generally miss the really new ones, but are often updated shortly afterward to prevent them from re-ocurring.

Some make arbitrary changes to the way your website functions in ways you may not understand until you try a certain *thing* and it doesn’t work, and some conflict with others.

By far though the best practices are:
– keep your website, themes, and plugins up to date
– install only the plugins you need, remove ones you are not using
– same goes for themes
– host your website on a reputable webhosting service

Thanks ??
Doing most of the above.
(I do have a few unused plugins- mostly so I can try to figure out what they do and mostly Contact Form 7 plugins)

Thanks guys for the information.