SolidWP Security Review: Can It Keep My WordPress Site Safe?

Malware and data breaches destroyed my e-commerce and blog sites, causing thousands of dollars in harm. That is why I take proactive steps to secure my website. That is how I discovered SolidWP Security (formerly “iThemes”).

It significantly improved the security of my website in just two weeks. Its pro edition includes critical security features such as automated vulnerability patching, reCAPTCHA protection, passwordless logins, real-time site monitoring, and more.

It also includes robust brute force defense supported by a network of approximately 1 million locations. Patchstack and automated updates are other essential features.

So, SolidWP Security gives me 360-degree defense. I was hoping you could read about my full journey with it below. 

Security security reports

SolidWP Security

This is a comprehensive review of the SolidWP Security WordPress plugin. Here you can learn everything about the plugin, including key features, safety measures, and recommendations.

– Palash Talukder

solidwp
Brute force protection
Database backups
Strong password protection
File changes and 404 detection
30-days money-back guarantee

Summary

SolidWP Security is the best-selling WordPress security plugin. It has over 30 functions to secure your site from all angles. It also includes essential security features like brute force protection, file modification detection, two-factor authentication, and more. It is an all-in-one WordPress security plugin for any level of site.

5
YouTube video

SolidWP Security Plugin: Top Features 

During my two-week trip with the new SolidWP Security, I felt relaxed. So, here are the top features of this security plugin that I found useful:

(1) Brute Force Protection

The first feature I tried WordPress Brute Force Protection. After installing the plugin, I tried it by intentionally entering incorrect passwords on my login page.

The plugin performed flawlessly and locked me out after the number of attempts I had specified. 

Local Brute Force Settings
Local Brute Force Settings
Network Brute Force Settings
Network Brute Force Settings

(2) Strong Password Enforcement

The Strong Password Enforcement feature is very useful for you as a membership site administrator. You can avoid worrying about users setting weak passwords, which is a common security issue.

It ensures all users follow strict password policies. You no longer depend on other users’ security awareness to keep the site safe.

(3) Lock Out Bad Users

SolidWP Security tracks and blocks users who make too many failed login attempts. It also applies to those who generate a large number of 404 errors or who are on bot blacklists.

Lockouts settings
Lockouts settings

I worried when I found myself locked out after forgetting my password. However, this was immediately fixed by whitelisting my IP address. The little hiccup served as a reminder of the plugin’s alertness.

Authorized hosts settings
Authorized hosts settings

(4) Email Notifications

The Email Notifications system kept me in the loop. I receive an alert whenever a login attempt fails or an unusual file change occurs.

Site lockouts email notification
Site lockouts email notification

This feature was tested when one of my websites was attacked by several brute-force attacks. The huge number of email messages I received was a sign of an attack. This helped me to take immediate action.

First Impressions of SolidWP Security: My Feedback

When I first installed this plugin, I received a welcome with an easy setup wizard.

#1 Security Setup Tailored For Me

The first page asked a basic but important question: “What type of website is this?” The options varied from eCommerce to brochures.

Every type is ready to be fine-tuned following the setup process. As an eCommerce site owner, I selected the “eCommerce” button.

Selecting the website type
Selecting the website type

This level of customization shows its commitment to the demands of various WordPress sites.

#2 User-centric Configuration

Moving on to the second screen, it asked as to whether the setup was for “My Own Website” or a “Client Website.”

Choosing who the setup is for
Choosing who the setup is for

The difference here was crucial. It detected whether I was a webmaster or a developer setting up for a customer. It acted by proactively adjusting its settings. It matched the relevant access controls and security dashboard visibility.

I believe this amount of foresight is remarkable.

#3 Advanced User Protection

The third and fourth sections covered the core of user security: two-factor authentication and password policies.

Two factor authentication
Two-factor authentication
Strong password policy
Strong password policy

SolidWP Security provided a simple explanation of the importance of these features. It highlights the strong security against automated bot attacks given by two-factor authentication.

I appreciated the plugin’s commitment to best practices for security aspects.

#4 Comprehensive Security Features

After installation, I got a set of features that worked as a security wall around my site’s defense system.

The promise of twice-daily automated site checks was especially reassuring—like a watchful sentinel for my website’s health.

Site scan scheduling
Site scan scheduling

The “Magic Links” were noteworthy to me. It provides an opportunity to avoid lockouts. It is a sensible feature that shows the plugin’s desire to strike a balance between security and user accessibility.

Reassuring Dashboard 
Reassuring Dashboard 

Finally, I felt required to appreciate the new dashboard, “iThemes is now SolidWP.”

solidwp dashboard
Solidwp Security dashboard

The rebranding was not purely decorative. It provided new features and a fresh approach to security. Dashboard cards with security summaries and vulnerability reports provide evidence of this.

Site security summary
Site security summary

“Excellent news! “There looks to be no vulnerable software installed!” read one such card. This statement gave me quick relief.

No vulnerability assurance
No vulnerability assurance

Overall, my first impressions of this security plugin were really excellent. I am very excited to see what SolidWP will offer to my WordPress experience.

SolidWP Security’s Settings: In-depth Review

Settings are where you can discover a software’s magic. So let us look deeper into the plugin’s settings.

Global Settings

#1. Write to Files

SolidWP Security’s automated file-writing capability makes it easier to manually edit essential files like wp-config.php and .htaccess.

solidwp Write to files
Write to files

So, I think this capability is a massive comfort for those who are unsure about editing core files. It is a convenience that reduces human error. However, it also provides high-level access to the website’s backbone.

#3. Lockout Messages

I thought that the customized lockout message options showed a user-centered design. Administrators like me may tweak the message to keep the brand voice even in the context of security.

Lockout messages provide clear communication to users who may be legitimately locked out.

Lockout messages
Lockout messages

#4. Authorized Hosts

This feature helped to avoid unwanted lockouts. It automatically authorizes the IP addresses of administrative users. I believe the plugin proved that it knows the practical aspects of website management.

Authorized IPs
Authorized IPs

#5. Logging

The option to switch between database and file logging gives site administrators like me more flexibility.

file logging or database logging
File logging or database logging

You can select either option based on your server’s resources and traffic volume. Understanding the consequences of each decision is also important.

As a result, SolidWP Security gives explanations for both options, allowing users to make informed decisions.

#6. IP Detection

The plugin also provides a simple solution to IP detection. It offers several settings, including a recommended Security Check Scan, Automatic, Manual, and Disabled. It goes on to show that it understands how accurate IP identification benefits users.

IP detection
IP detection
Different IP detection schemes
Different IP detection schemes

Solid WP Advanced Features

(1) Login Security

The Login Security section includes lots of features that improve the security of user accounts. Two-factor authentication, passwordless login, and Trusted Devices’ beta feature all highlight contemporary security measures.

The biometric login options indicate forward-thinking. This aligns perfectly with the current industry trends.

solidwp Login security
Login security
Login security (2)
Login security (2)

(2) Firewall

Its firewall features are comprehensive. It includes options that allow admins to fine-tune the defense measures against both localized and networked brute force attacks.

The Magic Links feature enables actual users to overcome lockouts. To me, it felt like a very smart feature.

Options under firewall
Options under firewall
Magic link under firewall settings
Magic link under firewall settings

(3) Site Check

Site Check’s feature for file change detection and automated site scans is critical for maintaining site integrity. The user logging option proved to be a very useful tool for me in keeping track of audit trails.

solidwp Site check options
Site check options

Version management also helped me to ensure that software is up-to-date:

  • WordPress Core Updates: Automatic WordPress updates are a lifesaver. With this feature activated, you no longer need to manually check and update your WordPress version.
SolidWP WordPress updates feature
WordPress updates feature
  • Plugin Updates: Managing each plugin update is typically time-consuming. SolidWP Security’s automated plugin update capability helped speed up the process. With this enabled, you became less concerned about potential vulnerabilities in outdated versions.
Plugin update management
Plugin update management
  • Theme Updates: Themes, like plugins, are an essential part of any WordPress site and must be updated regularly. Again, it provided an automated theme update feature. Knowing that your site’s themes were also getting attention provided you a sense of confidence.
Theme update management
Theme update management
  • Additional Protection: The older WordPress installation is a feature that I particularly liked. Many people are unaware that older WordPress installations on their hosting account might be used as a backdoor by cyber criminals.

It tracks the server for these, and alerting you was a proactive step.

SolidWP Additional protection
Additional Protection

SolidWP User Groups Features

I was very impressed with the “User Groups”. It felt like an idea that went beyond WordPress’s standard user role categorizations. With this, I could now tailor security features to certain groups.

User group policies
User group policies

It recognizes that users have varied levels of trust and access needs. This, in my opinion, is a tremendously useful tool for large websites.

Solid WP Notifications

Notifications are a vital part of any security system. The Security Digest is an innovative way to manage the flow of information through email. This ensures that administrators remain informed of critical security events. I found it extremely essential.

Email notification options
Email notification options

Solid WP Advanced Settings

System Tweaks and WordPress Tweaks stand out in the Advanced settings.

They allowed you to enforce strict policies on file access and execution. The Hide Backend feature is also an excellent defense strategy. It obscures login URLs from automated scripts and reduces the likelihood of targeted attacks.

Advanced tweaks
Advanced tweaks

SolidWP Security – Pricing Review

It offers you a tiered structure.

  • There is a free version available. I initially tested it to gain an overview of the plugin’s UI and basic features. The free version includes key security features. I think it would work well for a small blog or personal website.
  • However, to fully harness the power of SolidWP Security, I looked into their premium offerings for 1 year (at $99 for 1 website). 
Solid-Security-price

Their price model is generally as follows.

PriceNumber of websitesDuration
Free (Basic)11 Year
$99 (Pro)11 Year
$199 (Pro)51 Year
$299 (Pro)101 Year
$399 (Pro)251 Year
$499 (Pro)501 Year
Must Contact Them50+1 Year

Should You Take The Pro Version (Pro Benefits)?

I believe you should get the SolidWP Security Pro version. Why? You will pay higher fees if your site is hijacked/attacked in the future. That is guaranteed.

Anyway, here is why I found the Pro features worth the money:

Pro FeaturesMy Experience
Patchstack Integration I am always confident in my website’s security. It is patched automatically. Vulnerabilities are fixed quickly, frequently before they become widely known.
reCAPTCHA Bots are no longer a problem for me. reCAPTCHA keeps them at bay. My site is for real users only. 
Passwordless Logins Logging in has become much easier. There is no need for passwords. A single click does the task for you.
Trusted Devices Device management is in my control. I protect my admin area effectively. It’s secure from session hijacks.
Automated Vulnerability Patching I am not worried about weaknesses. They are repaired automatically. My site remains secure and hands-free.
Privilege Escalation Granting admin access is both safe and temporary. It is secure and controlled.
Magic Links If I am locked out, I still have access. Magic Links are my backdoor. It is secure, and I can always get in.
Site Scanner My site is continuously tracked. Vulnerabilities are detected early. I am notified immediately.
User LoggingEvery user action is logged. I take mindful attention to changes. It explains how my website is used. It helps me manage better.
Version Management Updates are automated. I can easily keep up with current events. It is hands-free but absolutely secure.
Geolocation trackingI have taken user trust to a new level. I can get users’ precise locations by integrating with Google Maps.

SolidWP Security Vs Other Security Plugins (Comparison)

Here’s how it compares to other popular security plugins, including Wordfence, Sucuri, and All in One WP Security.

SolidWP Security versus Wordfence

When I compare SolidWP Security with Wordfence, I notice that the plugin’s Patchstack integration provides greater proactive security measures.

FeatureSolidWP SecurityWordfence
Real-Time DashboardYes (Pro)Yes
Automated Vulnerability PatchingYes (Pro)No (Manual intervention needed)
Login SecurityAdvanced (2FA, reCAPTCHA Pro)Basic 2FA
Performance ImpactMinimalModerate
User Activity LoggingYes (Pro)Yes (with Live Traffic)
Brute Force Protection NetworkNearly 1 million sitesLarge (exact number unspecified)

SolidWP Security Vs. Sucuri

Sucuri has capabilities such as a web application firewall and intrusion prevention system.

Here’s how it stands against SolidWP Security.

FeatureSolidWP SecuritySucuri
Automated PatchingYes (Pro)No (Manual intervention needed)
Real-Time MonitoringYes (Pro)Yes
Brute Force ProtectionYes (Basic and Pro)Yes
Server-Side ScanningNoYes
Security HardeningYes (Pro)Yes
Performance ImpactMinimalModerate to High

SolidWP Security Vs All In One WP Security

All in One WP Security & Firewall offers a high foundation level of security. Here’s how it compares to Solid Security plugin:

FeatureSolidWP SecurityAll In One WP Security
Real-Time MonitoringYes (Pro)No
Automated PatchingYes (Pro)No
Login SecurityAdvanced (Pro)Basic
Brute Force Protection NetworkNearly 1 million sitesNo network-wide protection
File Change DetectionYes (Pro)Yes
User Activity LoggingYes (Pro)No

Final Thoughts & Recommendation 

Overall, if I want preventative security precautions with minimum performance impact, SolidWP Security is my go-to. I am confident that it is the most effective security plugin.

I especially like how this simplifies security. Automated patching and one-click setup make protection available to many non-technical users.

Considering how easy security breaches can destroy a WordPress site, I feel SolidWP Security is a safe investment.

5/5 - (1 vote)

Palash Talukder

Hey, I’m Palash Talukder, a professional digital marketer with expertise in Facebook Ads, LinkedIn Ads, Google, and WordPress. I have also been an affiliate marketer since 2017. I help people make money online and grow their online businesses. Linkedin | Facebook

Leave a Comment