Did you know that over 30,000 WordPress websites are hacked every single day?
By taking proper precautions, you can make sure your website isn’t one of them. When it comes to WordPress, installing the right security plugin can prevent your site from getting hacked. In fact, many site owners rely on security plugins to safeguard their sites from malware, brute force attacks, and other common security vulnerabilities.
However, only a few WordPress security plugins can be trusted, and that’s where Solid Security (formerly iThemes Security) comes in. In this Solid Security Review, we’ll take a deep dive into what Solid Security offers, how it can strengthen your overall security, and pricing.
So, you can decide whether you should use the Solid Security plugin to protect your WordPress website or not. So, let’s get started…
Table of Contents
- Solid Security Review: Why Use It in WordPress?
- 1: Site Protection & Hardening
- Brute Force Attack Protection
- XML-RPC Protection
- System File Lockdown
- Advanced Firewall Protection
- 2: Advanced Login Security
- Two-Factor Authentication (2FA)
- Passwordless Login
- Login Lockouts
- CAPTCHA Integration
- Session Hijacking Protection
- Strong Password Enforcement
- User Session Management
- 3: Real-Time Monitoring & Scheduling
- Security Dashboard
- Scheduled Malware Scans
- Automated Lockouts and Bans
- Auto-Reporting & Email Summaries
- 4: Site Environment Security Utilities & Extra Tools
- Hide Login URL and WordPress Version
- Change WordPress Database Prefix
- WooCommerce Security
- Automatic Lockdown on Suspicious Activity
- Solid Security Plans & Pricing
- Pros & Cons of using Solid Security
- Pros of Solid Security:
- Cons of Solid Security:
- FAQs on the Solid Security plugin
- Will Solid Security plugin completely stop all attacks on my sites?
- Does Solid Security Pro plugin offer a refund policy?
- Will Solid Security plugin work on any type of server & hosting?
- Can Solid Security break my site design?
- Can Solid Security plugin repair hacked sites?
- Is Solid Security better than Wordfence?
- Best Solid Security Plugin Alternatives
- 1: Wordfence
- 2: Malcare
- 3: All-In-One Security
- Final Thoughts
Solid Security Review: Why Use It in WordPress?
Solid Security, formerly known as iThemes Security. It is one of the most popular WordPress security plugins and is currently used by nearly 1 million websites worldwide to protect their website.
Solid Security is currently managed by the Liquid Web team. It is designed to protect your website from common WordPress vulnerabilities like brute force attacks, malware, and unauthorized logins, enhanced vulnerability detection, while also helping you monitor and harden your site’s overall security posture.
Solid Security offers both free and paid versions, aiming to provide a comprehensive WordPress security solution for users of all technical levels. Whether you’re running a blog, an eCommerce store, or a business portfolio site, Solid Security plugins offer layered security protection and multiple lines of defense against a wide range of cyber threats.
I’ve been using the Solid Security Pro plugin on my website. Here are some important features you need to know:
1: Site Protection & Hardening
Site protection and hardening is your WordPress site’s front line of defence. It’s about minimizing vulnerabilities, increasing visibility, and making your site defense tougher. Solid Security plugin offers solid features under this category to systematically lock down your WordPress site from potential threats.
Brute Force Attack Protection
Brute force attacks are one of the most common forms of intrusion. Attackers use automated tools or scripts to guess your login credentials by trying all possible combinations of letters, numbers, symbols, and other characters, by trying hundreds or thousands of combinations.
Solid Security’s brute force protection can prevent repeated login attempts by locking out users after too many login failures. You can set the number of failed login attempts allowed before Solid Security automatically locks out the IP address.
And you can also track, block IP addresses temporarily or permanently based on your configuration. If somehow you lock yourself out, you can request a “magic link” to your registered admin email to bypass the usual login process.
XML-RPC Protection
XML-RPC is a WordPress remote communication feature between third-party applications and your website. However, hackers can exploit this to launch a DDoS attack on your server.
With Solid Security plugin, you can either enable or disable XML-RPC with a single click. You can also restrict access to most REST API data to block public requests for potentially private data. I recommend you disable XML-RPC with the Restrict access to Rest API option.
System File Lockdown
Solid Security plugin lockdowns all important WordPress system files. This option prevents public access to readme.html, readme.txt, wp-config.php, install.php, wp-includes, and .htaccess files. If a hacker gains access to these files, they can take full control of your site.
Most of the hosting automatically prevents these files from public access. This setting essentially doubles up that essential file protection. It also disables editing theme and plugin files directly from the WordPress dashboard. Locking these files ensures that even if someone hacks into your website, they can’t change your website’s core setup.
Solid Security plugin also monitors your WordPress core, theme, and plugin files for unauthorized changes. This plugin automatically scans your website files, and if anything changes, such as a file being added, removed, or modified, Solid Security alerts you to changes not made by yourself. Also, if some visitors trigger too many 404 errors, Solid Security automatically blocks those visitors that exceed a set threshold in a short time period.
Advanced Firewall Protection
A firewall acts as a barrier between your website and potentially harmful traffic. It protects against SQL injection, cross-site scripting (XSS), and other attempts to exploit WordPress vulnerabilities on your website.
Solid Security firewall is integrated with Patchstack to offer real-time protection against vulnerabilities. It comes with an advanced firewall system that can ban repeat offenders, customize the lockout messages, ban user-agents, add new authorized IPs, etc.
Solid Security also offers an Automated Firewall option that automatically patches vulnerabilities in real-time without requiring manual intervention. Along with that, you can also add your own custom firewall rules for blocking or redirecting users to another location, or simply logging and allowing the request.
2: Advanced Login Security
The WordPress login page is one of the most targeted pages by hackers. Hackers are scanning for WordPress login vulnerabilities, attempting brute-force attacks, & session hijacking. Solid Security plugins offer a robust suite of features to enhance WordPress login security. Here’s a breakdown of key aspects:
Two-Factor Authentication (2FA)
Using a strong password is not enough to secure your admin login. If somehow your admin login details got compromised, 2FA prevents attackers from logging in without the secret code.
2FA adds an extra layer of security to your WordPress login process. Instead of just entering a username and password, you’ll also need to provide a second form of verification (typically a time-based one-time code from an authenticator app or sent via admin email). This drastically reduces the risk of account hijacking.
Passwordless Login
Solid Security Pro has integrated passwordless login features to enhance login security while simplifying the process. Solid Security uses different types of passwordless login: Magic links & Passkeys.
Magic Links: When enabled, you can request a one-time login link that is sent to their registered email. Clicking the link logs your site dashboard automatically. It eliminates the need to enter a traditional password or remember it.
Passkeys: Passkeys are the most secure way to log into your WordPress websites. It utilizes cryptographic key pairs and biometric authentication (like Face ID or Touch ID) to verify user identity.
Passkeys solve the problem of stolen or leaked passwords as they make it virtually impossible to have your password leaked or stolen. With one click using your face or your fingerprint, you can log in to your WordPress website instead of having to deal with long passwords, extra emails, or 2FA codes.
Login Lockouts
Solid Security incorporates robust login lockout features to protect WordPress websites from brute-force attacks. These features allow administrators to configure various lockout parameters, including: number of allowed failed login attempts, duration of the lockout period, & whether to lock out by IP address or username.
If somehow you lock yourself, you can release lockouts from the Solid Security dashboard, from your site’s database using phpMyAdmin, or using Solid Security magic links.
CAPTCHA Integration
Solid Security’s CAPTCHA integration provides a valuable tool for protecting WordPress websites from bot-driven attacks. It stops automated bots from logging in or spamming comment area by adding Google CAPTCHA verification.
Solid Security supports Google reCAPTCHA v2 (checkbox or image-based) and v3 (invisible scoring) on critical areas of your WordPress site, such as: Login forms, registration forms, comment sections, & password reset forms.
Session Hijacking Protection
Solid Security always monitors user sessions for suspicious activity, such as sudden changes in IP address or browser fingerprint. It is designed to protect your websites from session hijacking (when an attacker steals a user’s session cookie to gain unauthorized access).
Solid Security uses a Trusted Devices Module as a core component to protect against session hijacking. This plugin also uses Geolocation features to help determine if a login attempt is coming from an unusual location.
Strong Password Enforcement
Solid Security allows admins to set password strength requirements based on user roles. It forces users to create strong, complex passwords based on your defined criteria and also prevents users from reusing previous passwords. I recommend you to use 1Password to create a strong password.
User Session Management
Solid Security allows admins to view all active user sessions and terminate them if needed with a single click. From the Solid Security dashboard, you can see who’s logged in, from where, and on what device. Also, force a logout of any user session if you think anyone has compromised.
3: Real-Time Monitoring & Scheduling
Security isn’t about a firewall or adding too many login security measures. You’ll also need to be aware of what’s going on your website. Solid Security plugin offers real-time monitoring, helps you find all vulnerabilities.
Security Dashboard
Solid Security plugin centralizes all security data in one interactive dashboard. Dashboard shows charts, graphs, and logs about your site’s security health: failed login attempts, recent lockouts, malware scan results, monitor ongoing attacks in real time, user activity, basic administration details, file changes, etc. You can also filter security details by date, user, action type, IP address, or event type to focus on what matters most.
Scheduled Malware Scans
Solid Security automatically scans your website for malware, vulnerabilities, and blacklisting at regular intervals. You can choose how often the Solid Security scans run — daily, weekly, or custom intervals.
Solid Security security scans look for malware, known vulnerabilities, blacklisting, and file tampering. Results are shown in the dashboard, and admin alerts are sent when threats are found.
Automated Lockouts and Bans
Solid Security plugin automatically detects suspicious users, bots, or IP addresses based on preset security rules. If some users constantly violate your security rule, like how many failed login attempts or 404 errors allowed, Solid Security automatically locks out or bans offending IPs, without manual review. However, you need to set how long bans last or when a permanent ban is needed.
Auto-Reporting & Email Summaries
The Solid Security plugin automatically sends admin email reports with summaries of recent security activity. This information includes recent banned users, suspicious IPs, 404 errors, lockout users, malware scans, file changes, etc. You can also set when you want these Security report summaries and what types of reports you want.
4: Site Environment Security Utilities & Extra Tools
Solid Security not only protects your WordPress website, but also offer advanced utilities tools to harden your site environment, prevent common exploits, and hide important details.
Hide Login URL and WordPress Version
The default WordPress login page is well-known and heavily targeted by hackers. With Solid Security plugin, you can change your WordPress login URL from the default /wp-login.php or /wp-admin to a custom URL like yoursite.com/mySecret404x
Also Solid Security plugin automatically removes WordPress version information from your site’s source code, RSS feeds, and meta tags. By hiding your login URL& WordPress version, you instantly block thousands of low-level intrusion attempts.
Change WordPress Database Prefix
Some hackers use SQL injection to target WordPress database’s default wp_ prefix. Solid Security plugins safely change the default wp_ database table prefix to something unique and update your config file to match. Changing the database prefix makes it harder for hackers to exploit known SQL vulnerabilities.
WooCommerce Security
WooCommerce sites are especially attractive to attackers because they often hold sensitive customer details like credit card information, home address, phone number, email, etc. Solid Security plugin offers powerful tools to lock down your WooCommerce site and also safeguard customer data, payment info, and transaction integrity.
Automatic Lockdown on Suspicious Activity
If malware or a security breach is detected on your website, Solid Security can automatically lock down your website. It automatically triggers complete site backup via Solid backup plugin, sends an admin email alert, and blocks all login access until the issue is resolved. It blocks out attackers, limits damage, and gives you space to investigate and restore your site safely.
Solid Security Plans & Pricing
Basic Solid Security plugin is completely free with limited features and available on the WordPress plugin repository. By purchasing the pro version will get access to all premium security features like Passwordless login, Patchstack Integration, File Change Detection, malware scanning, Session Management, Advanced Firewall, Brute Force Protection, IP banning, etc.
Solid Security Pro pricing starts at $99/year for a single-site licence. However, if you want to protect more websites, here’s the overall pricing list:
- For 1 website: $99 per year.
- For 5 websites: $199 per year.
- For 10 websites: $299 per year.
- For 25 websites: $549 per year.
Solid Suite: It’s an all-in-one WordPress management solution by SolidWP. It bundles three powerful plugins (Solid Security, Solid Backup, & Solid Central) into a single subscription to simplify, secure, and streamline your WordPress website workflow. Solid Suite plans start at $199/year for a single site license to $949/year for a 25-website license, and all plans come with a 30-day refund policy on SolidWP plans.
DEAL ALERT: Our exclusive SolidWP coupon code to get an extra 30% discount on all plans. All you have to do is click on the like below, and our coupon code applied automatically, or you can use “THANKYOU30” code on the checkout page.
If you compare Solid Security plugin pricing with other popular security plugins like Wordfence, Sucuri, Malcare, & Cloudflare Pro. You’ll find that the Solid Security plugin is far cheaper, easier to use, & reduces your WordPress website’s risk to nearly zero.
Pros & Cons of using Solid Security
I have been using the Solid Security plugin on my websites for over 4 years now. Here are the pros & cons of using Solid Security plugin from my experience.
Pros of Solid Security:
Below are some advantages of using Solid Security plugins:
- Powerful firewall to protect your website from unwanted visitors.
- Very easy to use interface compared to other security plugins. It offers one-click configuration setup for different types of websites.
- Centralized security dashboard to monitor security-related events and get real-time updates on users.
- Super easy to track users’ logging activity, file changes, plugin updates, etc, to help you with security audits.
- Automatic database backup with a single click (However, I still recommend you to use a WordPress backup plugin like UpDraftPlus or Solid Backup)
- Robust login security features like 2FA authentication, passwordless login, CAPTCHA integration, etc.
- Real-time vulnerability database update via PatchStack.
- Automated firewall by PatchStack
- Ban suspicious IP addresses automatically.
- Hide your WordPress version, admin URL, disable Directory Browsing, etc.
Cons of Solid Security:
- SolidWP primarily relies on ticket-based support; it lacks options like live chat, phone calls. However, Solid WP Documentation is very detailed and well-maintained.
- Basic Solid Security plugin comes with a low number of security features.
- Take lots of server resources to protect your website. Make sure you’ve enough server resources to properly use Solid Security plugin. Otherwise, this plugin can slow down your overall website loading time.
FAQs on the Solid Security plugin
Below are commonly asked questions about Solid Security plugin. If you have any other questions related to the Solid Security plugin, let me know in the comments section, or you can ask the SolidWP support team.
Will Solid Security plugin completely stop all attacks on my sites?
Unfortunately No. Solid Security plugin designed to help strengthen your website defence, but it cannot prevent every possible attack. Nothing replaces your diligence and good security practices. You need to use secure hosting like Rocket.net, Kinsta, or Nexcess hosting with Cloudflare CDN and Solid Security plugin to reduce your WordPress website’s risk to nearly zero. You can check our WordPress security checklist to protect your website.
Does Solid Security Pro plugin offer a refund policy?
Yes, SolidWP offers a 30-day complete refund policy. If you’re unsatisfied with Solid Security Pro for any reason, reach out to the SolidWP team within 30 days of your purchase, and you’ll get a full refund.
Will Solid Security plugin work on any type of server & hosting?
Yes, Solid Security plugins work with all types of hosting, including Apache, LiteSpeed, mod_rewrite, or NGINX type servers.
Can Solid Security break my site design?
To most sites, it doesn’t break anything. To make your site defence stronger, Solid Security makes significant changes to your site database and other site files. If your site has too many custom-made plugins & themes Solid Security plugin can break site design. That’s why make sure you take a complete backup of your site using UpDraftPlus, Solid Backup, or BlogVault plugin.
Can Solid Security plugin repair hacked sites?
Solid Security plugin scan identifies any potential vulnerabilities in your WordPress themes and plugins. However, if your site is already hacked and you can use the SolidWP SolidFix service to identify malware and hacked site restored by professional teams thoroughly.
Is Solid Security better than Wordfence?
Well, it depends on your needs. In my opinion, Wordfence & Solid Security are both of the best Security plugins available for WordPress. In terms of ease of use, malware detection, database backups, & password authentication, Solid Security works better. Wordfence is better when it comes to firewall & brute force protection. Read the complete comparison between Solid Security & Wordfence.
Best Solid Security Plugin Alternatives
There are only a handful of WordPress security plugins available that can be trusted to protect your website from unwanted visitors. If you’re looking for alternatives to Solid Security plugins, here are the top 3 plugins I recommend:
1: Wordfence
Wordfence is one of the best WordPress security plugins with over 5 million active installations. If you are looking for Solid Security alternatives, Wordfence is probably the best choice.
Similar to Solid Security, Wordfence offers a variety of WordPress security features like a powerful firewall, malware scanner, login security, block malicious traffic, scans for vulnerabilities, detects real-time threats, and a regular security audit to enhance overall site security.
Wordfence is available in both a free and a premium version. Free version comes with basic security features, while the premium version provides advanced protection, real-time updates, priority support, IP blocklist, etc. Wordfence Premium costs $149/year for a single site licence.
2: Malcare
Malcare is also one of the security plugins you can use as a Solid Security alternative. The Malcare plugin is known for its advanced malware detection and one-click malware removal option without slowing down your website. It uses cloud cloud-based Malware Scanner to identify complex and new malware, and implements a firewall to block all incoming threats automatically.
Malcare is available in both a free and a premium version. The free version comes with basic malware scanning features, however, you need to buy premium version to remove malware from your website with a single click. Along with malware scanning, it comes with bot protection, backup, Real-Time Firewall, uptime monitoring, etc. Malcare premium plans cost $149/year for a single-site licence.
3: All-In-One Security
Our last Solid Security plugin alternative is All-In-One Security from TeamUpdraft. This plugin is currently used by over 1 million websites and offers both free & premium versions. All-In-One Security plugin offers a wide range of tools, including login lockdown, firewall protection, file integrity monitoring, malware scanning, spam prevention, protecting sensitive files, database backups, etc.
Unlike other security plugins, it monitors server uptimes, response time, blocks IPs based on 404 errors, and blocks fake Google bots and POST requests made by bots. All-In-One Security plugin’s premium plan costs $70/year for a single-site licence.
Final Thoughts
To conclude this Solid Security review, I’m confident that it’s the best security plugin available for WordPress. Right now, Solid Security plugin is used on over 1 million websites to protect from malware, spyware, etc.
While the basic Solid Security plugin comes with a limited number of features, it gets the job done. If you just started your WordPress website, I recommend that you use the basic free version of Solid Security plugin.
However, Solid Security Pro unlocks powerful features that can help you strengthen your WordPress site’s defence. It safeguards your user and ecommerce data, restricts users’ actions, strengthens user login authentication, identifies vulnerable files, implements a powerful firewall, Patchstack integration, etc.
Finally, you can use Solid Security Pro on up to 25+ websites. This makes it a convenient choice for agencies and freelancers who need a single solution to protect all their client sites. SolidWP also offers a 30-day money-back guarantee. So, no risk is involved.
So, what are you waiting for? Give it a try. Click on the link below to claim an extra 30% discount on Solid Security plans. (Our SolidWP Coupon works automatically, or you can use “THANKYOU30” code on the checkout page)
If you have any further questions about the Solid Security plugin? Let me know in the comments section below, or contact me. I’d be glad to reply!
Note: Only using Solid Security or any other security plugin is not enough to protect your website from potential threats. You need strong hosting, a good CDN, reliable themes, plugins, and most importantly, your diligence. If you’re thinking about switching your hosting platform. Try using Nexcess hosting, it’s completely optimized for the Solid Security plugin.
Thank you. Have a nice day.
