Malware and data breaches destroyed my e-commerce and blog sites, causing thousands of dollars in harm. That is why I take proactive steps to secure my website. That is how I discovered SolidWP Security (formerly “iThemes”).
It significantly improved the security of my website in just two weeks. Its pro edition includes critical security features such as automated vulnerability patching, reCAPTCHA protection, passwordless logins, real-time site monitoring, and more.
It also includes robust brute force defense supported by a network of approximately 1 million locations. Patchstack and automated updates are other essential features.
So, SolidWP Security gives me 360-degree defense. I was hoping you could read about my full journey with it below.
SolidWP Security Plugin: Top Features
During my two-week trip with the new SolidWP Security, I felt relaxed. So, here are the top features of this security plugin that I found useful:
(1) Brute Force Protection
The first feature I tried WordPress Brute Force Protection. After installing the plugin, I tried it by intentionally entering incorrect passwords on my login page.
The plugin performed flawlessly and locked me out after the number of attempts I had specified.
(2) Strong Password Enforcement
The Strong Password Enforcement feature is very useful for you as a membership site administrator. You can avoid worrying about users setting weak passwords, which is a common security issue.
It ensures all users follow strict password policies. You no longer depend on other users’ security awareness to keep the site safe.
(3) Lock Out Bad Users
SolidWP Security tracks and blocks users who make too many failed login attempts. It also applies to those who generate a large number of 404 errors or who are on bot blacklists.
I worried when I found myself locked out after forgetting my password. However, this was immediately fixed by whitelisting my IP address. The little hiccup served as a reminder of the plugin’s alertness.
(4) Email Notifications
The Email Notifications system kept me in the loop. I receive an alert whenever a login attempt fails or an unusual file change occurs.
This feature was tested when one of my websites was attacked by several brute-force attacks. The huge number of email messages I received was a sign of an attack. This helped me to take immediate action.
First Impressions of SolidWP Security: My Feedback
When I first installed this plugin, I received a welcome with an easy setup wizard.
#1 Security Setup Tailored For Me
The first page asked a basic but important question: “What type of website is this?” The options varied from eCommerce to brochures.
Every type is ready to be fine-tuned following the setup process. As an eCommerce site owner, I selected the “eCommerce” button.
This level of customization shows its commitment to the demands of various WordPress sites.
#2 User-centric Configuration
Moving on to the second screen, it asked as to whether the setup was for “My Own Website” or a “Client Website.”
The difference here was crucial. It detected whether I was a webmaster or a developer setting up for a customer. It acted by proactively adjusting its settings. It matched the relevant access controls and security dashboard visibility.
I believe this amount of foresight is remarkable.
#3 Advanced User Protection
The third and fourth sections covered the core of user security: two-factor authentication and password policies.
SolidWP Security provided a simple explanation of the importance of these features. It highlights the strong security against automated bot attacks given by two-factor authentication.
I appreciated the plugin’s commitment to best practices for security aspects.
#4 Comprehensive Security Features
After installation, I got a set of features that worked as a security wall around my site’s defense system.
The promise of twice-daily automated site checks was especially reassuring—like a watchful sentinel for my website’s health.
The “Magic Links” were noteworthy to me. It provides an opportunity to avoid lockouts. It is a sensible feature that shows the plugin’s desire to strike a balance between security and user accessibility.
Finally, I felt required to appreciate the new dashboard, “iThemes is now SolidWP.”
The rebranding was not purely decorative. It provided new features and a fresh approach to security. Dashboard cards with security summaries and vulnerability reports provide evidence of this.
“Excellent news! “There looks to be no vulnerable software installed!” read one such card. This statement gave me quick relief.
Overall, my first impressions of this security plugin were really excellent. I am very excited to see what SolidWP will offer to my WordPress experience.
SolidWP Security’s Settings: In-depth Review
Settings are where you can discover a software’s magic. So let us look deeper into the plugin’s settings.
Global Settings
#1. Write to Files
SolidWP Security’s automated file-writing capability makes it easier to manually edit essential files like wp-config.php and .htaccess.
So, I think this capability is a massive comfort for those who are unsure about editing core files. It is a convenience that reduces human error. However, it also provides high-level access to the website’s backbone.
#3. Lockout Messages
I thought that the customized lockout message options showed a user-centered design. Administrators like me may tweak the message to keep the brand voice even in the context of security.
Lockout messages provide clear communication to users who may be legitimately locked out.
#4. Authorized Hosts
This feature helped to avoid unwanted lockouts. It automatically authorizes the IP addresses of administrative users. I believe the plugin proved that it knows the practical aspects of website management.
#5. Logging
The option to switch between database and file logging gives site administrators like me more flexibility.
You can select either option based on your server’s resources and traffic volume. Understanding the consequences of each decision is also important.
As a result, SolidWP Security gives explanations for both options, allowing users to make informed decisions.
#6. IP Detection
The plugin also provides a simple solution to IP detection. It offers several settings, including a recommended Security Check Scan, Automatic, Manual, and Disabled. It goes on to show that it understands how accurate IP identification benefits users.
Solid WP Advanced Features
(1) Login Security
The Login Security section includes lots of features that improve the security of user accounts. Two-factor authentication, passwordless login, and Trusted Devices’ beta feature all highlight contemporary security measures.
The biometric login options indicate forward-thinking. This aligns perfectly with the current industry trends.
(2) Firewall
Its firewall features are comprehensive. It includes options that allow admins to fine-tune the defense measures against both localized and networked brute force attacks.
The Magic Links feature enables actual users to overcome lockouts. To me, it felt like a very smart feature.
(3) Site Check
Site Check’s feature for file change detection and automated site scans is critical for maintaining site integrity. The user logging option proved to be a very useful tool for me in keeping track of audit trails.
Version management also helped me to ensure that software is up-to-date:
- WordPress Core Updates: Automatic WordPress updates are a lifesaver. With this feature activated, you no longer need to manually check and update your WordPress version.
- Plugin Updates: Managing each plugin update is typically time-consuming. SolidWP Security’s automated plugin update capability helped speed up the process. With this enabled, you became less concerned about potential vulnerabilities in outdated versions.
- Theme Updates: Themes, like plugins, are an essential part of any WordPress site and must be updated regularly. Again, it provided an automated theme update feature. Knowing that your site’s themes were also getting attention provided you a sense of confidence.
- Additional Protection: The older WordPress installation is a feature that I particularly liked. Many people are unaware that older WordPress installations on their hosting account might be used as a backdoor by cyber criminals.
It tracks the server for these, and alerting you was a proactive step.
SolidWP User Groups Features
I was very impressed with the “User Groups”. It felt like an idea that went beyond WordPress’s standard user role categorizations. With this, I could now tailor security features to certain groups.
It recognizes that users have varied levels of trust and access needs. This, in my opinion, is a tremendously useful tool for large websites.
Solid WP Notifications
Notifications are a vital part of any security system. The Security Digest is an innovative way to manage the flow of information through email. This ensures that administrators remain informed of critical security events. I found it extremely essential.
Solid WP Advanced Settings
System Tweaks and WordPress Tweaks stand out in the Advanced settings.
They allowed you to enforce strict policies on file access and execution. The Hide Backend feature is also an excellent defense strategy. It obscures login URLs from automated scripts and reduces the likelihood of targeted attacks.
SolidWP Security – Pricing Review
It offers you a tiered structure.
- There is a free version available. I initially tested it to gain an overview of the plugin’s UI and basic features. The free version includes key security features. I think it would work well for a small blog or personal website.
- However, to fully harness the power of SolidWP Security, I looked into their premium offerings for 1 year (at $99 for 1 website).
Their price model is generally as follows.
Price | Number of websites | Duration |
Free (Basic) | 1 | 1 Year |
$99 (Pro) | 1 | 1 Year |
$199 (Pro) | 5 | 1 Year |
$299 (Pro) | 10 | 1 Year |
$399 (Pro) | 25 | 1 Year |
$499 (Pro) | 50 | 1 Year |
Must Contact Them | 50+ | 1 Year |
Should You Take The Pro Version (Pro Benefits)?
I believe you should get the SolidWP Security Pro version. Why? You will pay higher fees if your site is hijacked/attacked in the future. That is guaranteed.
Anyway, here is why I found the Pro features worth the money:
Pro Features | My Experience |
Patchstack Integration | I am always confident in my website’s security. It is patched automatically. Vulnerabilities are fixed quickly, frequently before they become widely known. |
reCAPTCHA | Bots are no longer a problem for me. reCAPTCHA keeps them at bay. My site is for real users only. |
Passwordless Logins | Logging in has become much easier. There is no need for passwords. A single click does the task for you. |
Trusted Devices | Device management is in my control. I protect my admin area effectively. It’s secure from session hijacks. |
Automated Vulnerability Patching | I am not worried about weaknesses. They are repaired automatically. My site remains secure and hands-free. |
Privilege Escalation | Granting admin access is both safe and temporary. It is secure and controlled. |
Magic Links | If I am locked out, I still have access. Magic Links are my backdoor. It is secure, and I can always get in. |
Site Scanner | My site is continuously tracked. Vulnerabilities are detected early. I am notified immediately. |
User Logging | Every user action is logged. I take mindful attention to changes. It explains how my website is used. It helps me manage better. |
Version Management | Updates are automated. I can easily keep up with current events. It is hands-free but absolutely secure. |
Geolocation tracking | I have taken user trust to a new level. I can get users’ precise locations by integrating with Google Maps. |
SolidWP Security Vs Other Security Plugins (Comparison)
Here’s how it compares to other popular security plugins, including Wordfence, Sucuri, and All in One WP Security.
SolidWP Security versus Wordfence
When I compare SolidWP Security with Wordfence, I notice that the plugin’s Patchstack integration provides greater proactive security measures.
Feature | SolidWP Security | Wordfence |
Real-Time Dashboard | Yes (Pro) | Yes |
Automated Vulnerability Patching | Yes (Pro) | No (Manual intervention needed) |
Login Security | Advanced (2FA, reCAPTCHA Pro) | Basic 2FA |
Performance Impact | Minimal | Moderate |
User Activity Logging | Yes (Pro) | Yes (with Live Traffic) |
Brute Force Protection Network | Nearly 1 million sites | Large (exact number unspecified) |
SolidWP Security Vs. Sucuri
Sucuri has capabilities such as a web application firewall and intrusion prevention system.
Here’s how it stands against SolidWP Security.
Feature | SolidWP Security | Sucuri |
Automated Patching | Yes (Pro) | No (Manual intervention needed) |
Real-Time Monitoring | Yes (Pro) | Yes |
Brute Force Protection | Yes (Basic and Pro) | Yes |
Server-Side Scanning | No | Yes |
Security Hardening | Yes (Pro) | Yes |
Performance Impact | Minimal | Moderate to High |
SolidWP Security Vs All In One WP Security
All in One WP Security & Firewall offers a high foundation level of security. Here’s how it compares to Solid Security plugin:
Feature | SolidWP Security | All In One WP Security |
Real-Time Monitoring | Yes (Pro) | No |
Automated Patching | Yes (Pro) | No |
Login Security | Advanced (Pro) | Basic |
Brute Force Protection Network | Nearly 1 million sites | No network-wide protection |
File Change Detection | Yes (Pro) | Yes |
User Activity Logging | Yes (Pro) | No |
Final Thoughts & Recommendation
Overall, if I want preventative security precautions with minimum performance impact, SolidWP Security is my go-to. I am confident that it is the most effective security plugin.
I especially like how this simplifies security. Automated patching and one-click setup make protection available to many non-technical users.
Considering how easy security breaches can destroy a WordPress site, I feel SolidWP Security is a safe investment.