Best WordPress Security Plugins 2020 - Wordfence v iThemes v Sucuri v All-in-One v NinjaFirewall

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey how's it going Alex here from idea spot and in today's WordPress tutorial we're going to be doing a comparison of my top for free wordpress security plugins okay for the past month or so I've been reviewing several different WordPress security plugins so this is the summary video where I'm going to compare all of them say the pros and cons of each one and come to a few conclusions and recommendations depending on what kind of hosting you're using and what kind of skill level you're at personally as a website designer so the options that I looked at five of these are plugins and one of them CloudFlare is not a plug-in it's a separate service but also really cool the options that I looked at will wordfence security CloudFlare all-in-one are themes and ninja firewall ninja scanners so all of these I have for how to look at in the past few weeks and before we go any further I think there's the obvious thing we need to consider is having good hosting good hosting is much better than using any of these plugins so I'll cover that as well I'll just cover a few of the hosts that I liked and have performed well in terms of their security features and the other thing is security really starts by backing up your data so you've got the updraft plug-in that I've used before in my previous videos and keeping your updates up to date obviously so your plugins your themes WordPress and there's the easy updates manager plug-in that I've reviewed in the past as well which is good in this regard so have a look at these things first make sure your hosting is good if these things are okay then these things are sort of just the cream on the cake now probably the one that most of us have already heard of and have probably tried at some point is wordfence now it's really really popular and it's for popular for a good reason so it's a super super easy to set up usually it is easy there's a few situations where it does require some manual configuration and it gives you a server-side scanner and that scanner is really powerful it scans your entire installation so it's quite good it gives you a Web Application Firewall there's very few plugins that will give you a true Web Application Firewall wordfence is one of those and also gives you two factor authentication login so that's all with the one plug-in these are quite premium features and most other systems require you to buy their premium product to get these features so wordfence excellent features for free but the big con on the free version is the firewall and the malware signature updates are delayed by 30 days for the free users so it's only the premium users that are getting real-time updates and everyone else is being delayed by 30 days now that can be a pretty big disadvantage if they've got 30 days to exploit any brand-new vulnerabilities but it hasn't been a big issue in most cases in most cases if there's a big big security breach why advanced we'll just roll that out across even the free version as well so the free work version still worth using and especially on on a good web host where you don't actually need that firewall way you've already got a firewall from your host so it can still be a good option and another big con was the wife runs on your server so it can slow down your website a little bit but in my tests if you've got a low traffic website the performance decrease is really not very noticeable so it's a small issue but some of you are really keen to get every little last tenth of a second out of your load time and so if you're one of those kind of people you may not want the application firewall running on the server you might want to have a remote firewall so I'll get into that a little bit more later ok now the next one is the only other free Web Application Firewall that I was able to find so that's ninja firewall so ninja firewall that was actually easy to set up - there were some cases where if you're using CloudFlare you have to do a little bit of manual file editing but if you're clever enough to set up clouds there you're probably clever enough to set up a ninja firewall so it did require a little bit of setup in some situations and it gives you a server-side scanner in the free version so ninja scanner scans your entire wordpress install server side the only disadvantage with that was I found that the manual scan picks up a lot of false positives so it scans through and finds any file that's been slightly modified and then you have to sort of manually confirm whether that's malware or not and I think 90% or like a hundred percent in most cases they're going to be false positives so you'll need to have a decent understanding of how WordPress actually looks and before you start scanning it I think in most cases people use this to only just manually scan a site that's already been hacked just in order to clean it up but in most cases you won't want to be manually scanning using the Indus canner all the time just because of how many notifications it generates from modified files so it can be a little bit tricky I probably don't recommend ninja scanner for beginners the ninja firewall is pretty cool I definitely would recommend that one and very very frequent signature updates on that ninja firewall so that covers off the disadvantage that word fans had wordfence has that 30-day delay this one has I noticed every single day almost it was updating its file or so and had a great report from a security expert I might just get into that as well in a second so pretty cool solution with ninja firewall and ninja scanner I think it's a little bit more tricky to set up so if you're more confident with WordPress maybe have a look at this one rather than wordfence so I was talking about the IT security expert Damian Swartz who this was articles in German but I was reading the translated version of it and he did a massive security test of word fence so word fence it did okay but I mean this guy's obviously really experienced and he was able to find multiple multiple vulnerabilities on word fence and he did test ninja firewall as well if perform better but again using a plug-in to try and secure a whole website it there's always going to be ways through it so I'm ninja file did a little bit better but just bear in mind that you're never going to be a hundred percent secure just using a um I plugin and you're gonna need to make sure that your actual server is well secured so that comes down to using good web hosting or knowing how to secure a service so if you already know how to secure a server you probably not watching my videos so make sure you hang around to the end of the video because I'm going to talk about three different web posts that I like and that are very affordable and still give you good security I will drop a link to the Damian Swartz article in my description if anyone wants to read it's not very good reading unless you're already an engineer so maybe just skip to that conclusion and decide what you're going to do with that but I'll still drop a link because I thought it was pretty cool to read myself okay now Securi is the next one or security depending on how you want to pronounce I think it's security so I thought this was really cool the free version gives you a remote scanner which is cool because it's scanning remotely it's not drawing any resources from your server they're using their own server to scan your website so that was cool to do that for free you get a decent quality scanner that's not causing any performance hit on your website so I thought that's quite generous but the cons on the free version was it does pop up with some manual changes that you need to do to file so if you're not confident editing your WP config or your HT access files then it's going to have these little annoying messages that these things still need to be edited so I might say this is for the more advanced WordPress users who are happy to edit those if you're a beginner and you don't really know how to do that then stick to some of the easier plugins but otherwise this was really cool and the big disadvantage was that there's no web application firewall in the free version but if you've got good web hosting you don't really need that anyway so and if you are running your own server I'll go for the paid version in this and it is a remote web application firewall as well so again no performance issues on your website they do all the hosting so that's probably worth the money if you need it so security I definitely recommend it it's mainly for the more advanced users or the users with a budget and their own server and they need something that runs remotely so security very highly recommended in those situations the other thing I should mention with security is you don't actually need the plug-in to scan your website you can just go to site set site check dot security net and your website in there hit scan and it will do a scan totally for free this is just a little free marketing tool that they use but you can get a free scan anytime you want so that could be another way to do scanning of your website I know lots of other web hosts actually just link to this sort of service and do their scanning through security so that's another way you can get some scanning done without even using a plugin so sites at site check security don't net so next up we've got all-in-one now this was pretty fun actually setting this up they have a gamer fide setup I think if you watch my video they have a little a speed dial where as you implement more security features the little little dial increases around the circle and it makes it look like you're actually achieving some progress so I thought that was cool singing it up and it was fairly easy to set it up now the free version you get a network file plus some additional rules on the firewall it's not really a true wife in the way that say the paid version of wordfence or what CloudFlare gives you on its pro plan but it still it's a little better than nothing and so it can be ok and the scanner it's not as fast as others it does check for modified files so it doesn't really give you like the virus signature scanning the way the word fence for security scans for malware and viruses like that so this one it didn't do as well but it's still a pretty cool security plugin if you've already got good hosting it does do good basic WordPress hardening so it goes through a lot of different things you can do to make your WordPress just generally more secure so this one is cool but I'd only recommend this one if you've got good managed hosting already ok and now this is another really popular one our themes now this was super super easy I think it only took two or three or four clicks to get this set up this was the easiest of all so and it gave really quite good additional WordPress hardening now it doesn't give you a firewall web application firewall and I think the scanner is just linking to security to do the the free scan but it's still pretty good this might be all you need if you're on a good shared or managed hosting so I think in a lot of cases all you need is just basically to harden up some of the permissions in WordPress just to make it more difficult to exploit your site so this can be a good option just for beginners to use and especially if you're on good hosting this might be all you need now this one is not actually a plug-in I just put it into the list because I really like it a CloudFlare it does give you cloud-based some protection even in the free plan it gives you free protection it gives you DDoS protection it's a reverse proxy so it kind of helps secure your server by obscuring it behind its cloud service and no plugins needed to use it you just set it up through the cloud flare dashboard at CloudFlare comm and it gives you a CDN for free like the CLEF LED delivery networks I've got a worldwide network that will deliver your images make your site load faster to people all around the world and they give free SSL as well so I know most hosts give free SSL but I mean if you're if you don't have SSL on the server that you've built yourself this is a good way of putting SSL on there and you can use this on top of any of these plugins so it doesn't cause any performance issues because it run it's running running in the cloud and it doesn't affect your server at all so it's really worth using even if you're just interested in improving your understanding of the Internet I think and web development in general this is a cool way to just learn a lot by learning to set up cloud for them I guess the disadvantages of cloud flare is you only get the web application firewall in the paid version the free version gives you some degree of protection but it doesn't have anywhere near as good as the pro version and there obviously is no malware scan and the setup isn't that beginner-friendly but it's not that difficult honestly over here on the CloudFlare website you can see the free version doesn't have many features but these are still really cool features DDoS attack mitigation and global content delivery sailors are pretty cool the pro version you get that Web Application Firewall so that is really really good and if we go to the actual full list of things you can have a look at all the little things that are included on the free plan this is a pretty cool reputation based threat protection so if they noticed that one of their sites in the cloud is under attack they will protect that site and they will extend the protection across the whole cloud so if you're under attack the cloud it helps protect you just by their reputation so they do have tons of like just network data from the whole Internet given that there's such a massive network and so this is a great way of protecting your site you'll see tons and tons of sites use CloudFlare and even a lot of web hosts just integrate it automatically into their hosting so and that's why I say learn to use it and learn to love CloudFlare cuz it's it's such a cool free service and I I just can't understand why it's free when it's so awesome I just think they just they want to build their brand amongst the IT community because I think they're gonna get a very big following for for decades really just on how generous this is okay so I think we're nearly at the end of this video so I've got my summary and my recommendations so I think for beginners if you're on good quality shared hosting that includes Web Application Firewall and malware scanning which most of them do I themes the free version is pretty cool the free version of wordfence is also okay just for the server side scanning that you get you can probably turn off the wordfence firewall because you won't need it because your hosts should be including a proper firewall and Web Application Firewall in your hosting so that's my recommendation for beginners I think for intermediate uses if you don't mind editing a few files I really like security and ninja firewall they just can't I thought those were cool too so if you don't mind doing a little bit of work and getting your hands dirty I like those two if you're running your own server you really shouldn't be listening to me should be getting some professional advice or you should already know how to do this but the security paid version awesome firewall I'll go for that or the class fare paid firewall either one of those I think this one gives you a little bit more like customer service if you ever did get breach they really helped fix things up the wordfence wanna again that's really awesome but I think the performance issue of running it on your own server makes it a little bit weaker than than security or CloudFlare so I think my top four is probably a theme security ninja and wordfence so I'd like those four and shout out to CloudFlare it's not a plug-in but if you're interested in just getting better skills in web development just learn how to use it I think it's really cool and the most important thing is find a host that includes good security automatically so let's have a look at that okay you've made it this far give my video a like and then give it give me a subscribe as well because you're gonna need to go through all the other videos I've referred to to understand what I've been talking about so do that as well I'm gonna come out with lots of new WordPress tutorials all the time but here are these three hosts I reviewed them previously in a previous video but SiteGround hosting a and green geeks these were the really quite cheap hosts with it when I tested them they did ok and they also include pretty good security so slight ground you can have a look at this page how to psych ground protect my website they do include the Web Application Firewall by default so you don't have to worry about any of that same with hosting here they do really well they've got protection against DDoS they've got a Web Application Firewall they do a good job and super super cheap so hosting it not the fastest but if you're on a budget and you're just learning this is a pretty cool way to go and finally green geeks they do have a lot of info Meishan about their security in this blog post here and also very cheap they warned a few WordPress hosts that were able to pass all of review signals benchmarks so this was really quite a fast one for the price it's amazing so green geeks did really well they didn't really mention whether they've got a web application file on the web page but I did chat to one of their staff members and yes they do actually have one that is haven't mentioned it on their features so it kind of just goes without saying that if you're decent hosts you're already running a Web Application Firewall especially if it's shared hosting different websites sharing the same server they're going to want to make sure that they all are secured so I mean that wraps it up hopefully it's been helpful again like subscribe I'll be back but hopefully this has made some help in terms of choosing how to secure your WordPress site so thanks for watching I'll see you later
Info
Channel: IdeaSpot
Views: 10,193
Rating: undefined out of 5
Keywords: wordpress security, wordpress security plugins, wordpress security tutorial, wordfence, sucuri, ithemes, ithemes security wordpress, ithemes security vs wordfence, cloudflare, ninjafirewall, ninjascanner, all in one security, how to secure wordpress website, wordpress security tips
Id: VH_G8QRsJNU
Channel Id: undefined
Length: 18min 33sec (1113 seconds)
Published: Thu Apr 23 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.