Solid Security Review: Is It Any Good In 2024?

Solid Security Review – Summary

★★★★★

Solid Security or Solid Security Pro is one of the best WordPress Security plugins available in the market. It has all the features that you’ll need plus some extra that makes it even better. If you agree with the pricing then I’ve nothing else to complain about. It’s the perfect choice for every WordPress website owner.

Try Solid Security Pro Now

In today’s world, you cannot just create your website and hope that no one will attack it. Safeguarding your website is paramount and in this detailed Solid Security Review (formerly known as iThemes Security), we’re gonna find out if it is enough to protect your WordPress website.

The internet can be a bit of a scary place because of hackers and malware all around us.

According to SolidWP, over 30,000 websites are hacked every day, and over 50% of them are targeted towards small to medium-sized businesses. One single mistake or a cyber attack can bring all of your hard work and dreams to the ground.

In other words, digital threats are lurking around every virtual corner at every time and you need to be able to protect yourself and defend your precious websites.

So let’s talk about a companion or a tool that may be able to empower you and your website to do just that.

It’s called Solid Security (formerly known as iThemes Security).

Let’s start with an overview for those who heard about it for the first time.

Overview Of Solid Security (iThemes Security)

Solid Security is a comprehensive WordPress plugin designed to protect your websites from various security threats.

With the increasing number of cyber attacks and hackers targeting websites, having a solid security system in place has become an essential step for every website owner.

Also, as WordPress is one of the most popular CMS in the world, it is a flashy target for hackers and malware. This is why you must tighten up the security of your website from the get-go.

And that’s where the Solid Security plugin comes in handy.

Reasons To Use Solid Security

Well, the obvious reason is to protect your website but let’s have a summarized look at how it is beneficial to you and then we’ll discuss some of them in detail later in the features section.

For now, here are a few compelling reasons to use Solid Security on your WordPress website:

The Ever-Present Threat

As I said earlier, there are too many people and malware seeking to exploit any vulnerability found in your WordPress websites all the time.

Each day, countless cyber threats and attacks are unleashed upon websites across the globe and the next victim could be you.

According to SolidWP, 20-40% of WordPress websites have vulnerable codes right now that can be exploited and I’m hoping you don’t want to be in that situation. 

The sheer number of attack possibilities is reason enough to seek help for cyber attacks and Solid Security could be your knight in shining armor.

Mitigating The Fallout Of Attacks

Even with all precautions, attacks can happen and it is probably going to happen.

In that situation, a plugin like Solid Security doesn’t just aim to prevent attacks but also to minimize the impact by taking various actions such as sending email notifications to you or your security administrator, isolating the situation, etc.

In the unfortunate event of a breach or a security threat, it acts as a damage control expert, reducing the extent of the damage and facilitating a swift recovery by letting you know what possibly went wrong and how to fix the situation.

One of my websites was hacked a long time ago because of my mistake and it was filled with a lot of spam blog posts and pages in Russian which wasn’t a drastic situation but a lot of people completely lost their website along with everything else which is scary.

I haven’t faced any extreme situation like that “yet”, but I’m prepared for it and you should be too.

Protecting User Data

I don’t think I need to explain how important it is to protect your user’s data if you collect them and I’m not talking about the legal reasons only.

It’s a big responsibility and if you have a WordPress website that collects user data such as name, email, etc. it shouldn’t even be a question if you need to use all sorts of security measures to protect them.

If you’re a medium to large business owner then I would highly recommend you to use Solid Security Pro along with a dedicated employee who is solely responsible for maintaining the website security.

If you’re an individual or a small business owner then in that case using only Solid Security Pro might be enough but be proactive about protecting your website and user data at all costs.

Keeping this data safe and secure is not only a legal obligation but also a moral one.

By getting started with Solid Security Pro, you take the first step towards it.

(Note: Solid Security Pro was formerly known as iThemes Security Pro.)

Enhanced Reputation

Needless to say, a secure website isn’t just a shield; it’s a badge of trust.

When users know that your website is fortified with top-tier security measures, it enhances your credibility and reputation.

That is why it’s extremely important especially if you collect user data.

For example, if you own an eCommerce site built on top of WordPress using WooCommerce then you should use the maximum security possible to retain the trust of your customers.

You should go for the Solid Security Pro without any doubt! (Formerly known as iThemes Security Pro)

It will only enhance or uplift your reputation but also increase your sales and profit as the customers won’t have to worry about security and data breaches.

Search Engine Friendliness

Just like you care about your reputation, search engine companies like Google do too. That’s why they take website security very seriously.

If your site is vulnerable to attacks, it can be blacklisted and lose its ranking on the search result which you do not want to happen to you.

On top of that, once your website gets infected with malware or it gets hacked, who knows what the attacker would do with your website?

In most cases, they post a lot of spam posts and comments which will ruin your search engine ranking and reputation.

And trust me when I say this, once this happens to you, it’s very difficult to regain your search engine rankings no matter what you do.

Solid Security ensures that your website remains search engine-friendly by making sure it is malware-free and there isn’t any identified vulnerability that can be exploited by bad actors.

It’s better to be safe than sorry!

Sustained Website Availability

It’s also common that when your website is hacked or infected by malware, it uses all the resources your server provides which makes it unavailable to anyone.

Even when your website is not hacked or infected, the attacks themselves can also cause website downtime which is annoying for your visitors and your profit.

And not to mention the slowing down of your website and excessive use of your server resources which can cost you a lot of money unnecessarily.

You may also get blacklisted by your hosting provider if you use a shared hosting service.

Solid Security‘s firewall in combination with other amazing features will help you prevent that.

And again it’s also good for your website’s SEO as Google’s bots will also be able to access your website without any downtime or excessively slow-loading time.

By the way, I also highly recommend that you use WP Rocket on your WordPress website to make it as fast as possible. It helps a lot!

Legal Compliance

Compliance with data protection and privacy laws is essential. Almost every country now has strict laws for data protection and privacy such as GDPR, CCPA, etc. and your website must comply with the law.

Especially if you collect user data. An example would be an eCommerce or services website.

Full disclosure that I’m not a legal expert and you should seek professional help to comply with such laws.

Solid Security just adds a layer of protection that is non-negotiable in this day and age. You don’t necessarily have to use Solid Security but you must do everything you can to protect your user data.

On top of this, you also need to make sure that your website is GDPR, CCPA, etc. compliant by using plugins such as WP Cookie Consent, WP Legal Pages, etc.

You can read more about it over here.

Simplified Security Management

Even if you’re someone who’s an expert in website security, managing a website’s security can be a daunting task.

Solid Security can make things easier for you. Especially if you manage multiple websites.

It’s also a great choice for freelancers and agencies that offer WordPress Seruciry Services as the management becomes much more simple and efficient.

Make sure to try it out if that’s you.

The Value of Peace of Mind

Above all, knowing that your website is fortified against potential attacks brings you a sense of peace and tranquility which is the most important thing in my opinion.

It’s like having a vigilant guard standing at the gates of your online castle, ensuring that you can sleep soundly at night. Who wouldn’t want that right?

Stop constantly worrying about potential attacks on your website and get started with Solid Security today! You can even try it for free if you’re not so sure yet.

Solid Security Review: The Features

It’s not a surprise that Solid Security is packed with a wide range of features. After all, it’s one of the best WordPress security plugins out there.

However, to keep this article short and simple, I have to stick to the highlight features of the plugin and you can learn about the rest once you get started with it.

I know that the highlights will be enough to convince you to check it out so don’t worry about it.

For now, let’s explore some of the key features of Solid Security and how they can benefit you:

Brute Force Protection

The most annoying attack that you have to deal with is a brute force attack. It’s the most common form of attacking a website and it happens more than you can think of.

It poses a significant threat to your website, with hackers or bad actors persistently attempting to guess usernames and passwords for unauthorized access.

While mostly these types of attacks are organized to take a chance to guess login details that can be exploited.

In some cases, it’s just your competitors or bad actors trying to slow down your website with an overwhelming amount of traffic trying to access your website. Which are not real obviously!

In a situation like this, Solid Security helps you by providing robust protection measures, limiting login attempts, and blocking potential hackers’ IP addresses.

Implementing a Brute Force Attack Protection with tools such as Solid Security provides you with peace of mind as you know that your websites are shielded from potential security breaches and other relevant issues.

Excellent Firewall Solution

Solid Security also has an excellent firewall built-in for you. If you don’t know what it is, it’s like your website’s virtual bouncers, keeping the sketchy characters at bay.

This feature allows you to block certain IPs that are known for malicious attempts such as brute force attacks.

In my case, I block the user IPs that try to use certain usernames for login that do not exist or are very common such as admin. It works like a charm!

By the way, don’t use usernames like admin for the love of god. I know a lot of people that still do.

Anyway…

The country-blocking option takes it up a notch, allowing you to throw up a digital barricade against entire countries or regions so that you can prevent unauthorized visits.

It’s most likely that we’ll never use this option for security reasons but it may come in handy if you have to cut off your website’s access to certain parts of the world.

For example, a local eCommerce website that doesn’t need to operate worldwide can block all the other countries or regions to limit access to the website which will result in fewer attacks and fewer threats.

These blocking features grant you control and tighten security by proactively shielding your valuable data, sensitive information, and website resources from potential malicious attacks.

A word of caution, though—these blocking options are powerful tools and you have to use them wisely.

Tailor their use to fit your website’s unique requirements. For instance, blocking entire countries might not be the best move if your website caters to a global audience.

And by the way, the Solid Security Firewall is powered by Patchstack. One of the most renowned names in the WordPress Security atmosphere. Brilliant, isn’t it?

Powerful Malware Scanner & Security

While it is less likely to happen if you’re careful, however, it happens more often than I thought.

In most cases, it happened because the website owner was trying to use premium plugins such as Thrive Architect, Elementor, etc. for free by downloading them from random websites.

Needless to say, it is stupid to do so unless you know what you’re doing and understand the consequences.

However, in some cases, it might happen for an unknown reason and that’s a scary situation to be in.

That’s where a powerful malware scanner such as Solid Security comes into play to save your day and potentially your life.

It diligently inspects all the folders and files on your website that it can access and quarantines any critical malware or infected files that can be dangerous for your website.

Additionally, Solid Security also looks for vulnerable codes and patches them automatically for you.

It is a relatively new feature that was introduced recently and I think it’s a game changer.

The malware scanner uses a database of known vulnerabilities to scan your WordPress website for any sort of potential security risks.

If it finds a vulnerable code, it will attempt to patch it automatically and you will receive an email notification if it’s successful.

And, in case the patch cannot be applied automatically, you will receive an email notification with instructions on how to patch the vulnerability manually.

Please also note that the Solid Security plugin cannot patch all vulnerabilities automatically.

In some cases, the only solution would be to update your WordPress core, plugins, or themes to patch the vulnerability and it will let you know when it’s time to do so.

You can also schedule your scans, giving you the flexibility to decide when and how often your website gets a security check.

It’s helpful when you don’t want to stress out your server resources and plan it for efficient use.

Lastly as expected, you also get detailed reports and logs of scans and threat detections to deep dive into the data and understand things in a better way.

These insights give you a backstage pass to your website’s security, allowing you to proactively monitor the situation and address the vulnerabilities effectively.

Rest assured that if there’s anything wrong, Solid Security will find it and help you fix it whenever possible.

Extensive Security Checks & Logs

While advanced features like a firewall are crucial, Solid Security also makes sure that it doesn’t leave small things unchecked.

It continuously looks for the situation where your website security might be compromised and also maintains a comprehensive record of login attempts, error messages, and a lot of other useful data that helps you to make better decisions.

These logs aren’t just archives; they’re your proactive defense strategy, allowing you to review and respond swiftly to any security flaws or incidents.

Passwordless/Bio-Metric Login (Passkey)

One of my favorite features of Solid Security Pro is the passwordless login feature that enables you to use a passkey on your website and allows a convenient way of logging in while maintaining exceptional security.

I’ve already written a detailed post about it which you can read over here.

If you noticed, I said Solid Security Pro specifically. And that’s because this is a premium feature available in the pro version of the plugin only.

It is a cutting-edge feature, revolutionizing the way you access your WordPress website.

At first, I didn’t even believe it and then I went through my skeptical period before finally acknowledging the genius.

You have probably used a feature like this already from some major brands such as Google but now you can implement the same on your own WordPress websites as well.

With this advanced authentication method, you can say goodbye to the traditional passwords and embrace a more secure and seamless login experience which is far more convenient and better in many ways.

It leverages biometric authentication, such as fingerprints or facial recognition, on your device such as your phone, and treats it as your passkey.

This adds an extra layer of security by uniquely identifying you based on your biological features which is not easy to copy or obtain unless you’re Tom Crusie playing Ethan Hunt in Mission Impossible.

No need to remember complex passwords and compromise security anymore. Get started with Solid Security Pro today!

Two-Factor Authentication

I don’t think I need to explain this one but let me tell you that you can also enable Two-Factor Authentication for login on your WordPress website.

It adds an extra layer of security by requiring you to verify your identity through your email, mobile device, or an authenticator app such as Authy in addition to your traditional password.

This means unauthorized access can be prevented even if a password is compromised or someone is able to guess it somehow.

The reason that almost all the websites in the world use some form of two-factor authentication is that it’s very effective and easy to set up.

Also, as it’s a very common practice, almost all of your users would know how to utilize it.

On the other hand, Passkey or passwordless login is something that not everybody knows about. Thus the traditional 2FA could also be useful in some cases.

Interested in trying it out? Give it a go!

Better Password Security

The reason we require 2FA in the first place is mostly because people tend to use very weak passwords and often it’s pretty common and thus it can be guessed easily.

On the other hand, even if you choose a difficult password, there’s a possibility that it can figured by using a brute force attack.

While the Solid Security Firewall, Brute Force Protection, and 2FA features will help you prevent any critical situation, it’s better to have a strong password in the first place.

That’s why Solid Security also has a feature that takes care of it by allowing you to force strong passwords for user accounts and create a better password security policy.

While easy-to-remember or recycled passwords may be tempting, they leave you vulnerable to potential attacks. You must avoid using common phrases or personal information in your passwords to prevent such actions.

A strong password includes upper and lower-case letters, numbers, and special characters, ideally over eight characters long which is very common these days as most people like to use password managers such as LastPass to generate or save them.

However, it’s better to be safe than sorry. Make sure you enable it on your WordPress website.

By the way, Solid Security takes it up a notch by also allowing you to set expiration for the passwords.

Enforcing password expiration policies is vital and the regular changes of passwords reduce the risk of prolonged access or guesswork through brute force attacks or password breaches.

A reasonable expiration period typically lasts between 90 to 180 days which minimizes the likelihood of compromised passwords on your website.

Implementing these practices is very helpful in preventing severe security breaches and data leaks.

Not to mention that implementing strong passwords and password expiration policies may seem inconvenient and annoy a lot of users, but the benefits outweigh the minor hassle.

Remember, prioritizing strong passwords and regular updates is crucial – it only takes one weak password to compromise your entire website.

Tighten your WordPress security today!

Customize Your Login URL

The default login page URL for a WordPress website is not a secret and everybody knows about it, which is not always a good thing.

The login page is your most vulnerable spot and it stands out as a prime target for brute-force attacks.

By changing or customizing the WordPress login URL, you add one more step of figuring out the login page for the attackers which is a good thing.

A customized login URL will make it a little bit difficult for bad actors to launch brute-force attacks.

If you host a website where users register and log in to their accounts then it makes sense to use something simple such as “/login” as your login page destination but if not, you may make it whatever you want it to be.

I would highly recommend using a URL which is hard to guess if it’s just for the admins or yourself.

Please note that just changing the login page location is not enough on its own, you must use all the features available with Solid Security to fortify your website at best.

Real-Time Security Dashboard

If for some reason you need real-time data about your website’s security, Solid Security has got you covered.

I can see it being very useful for a high-traffic website that often gets attacked so a dedicated person is there to monitor the situation all the time.

In my case, I do not care much about real-time data but monitoring your website activity is crucial to identifying potential security risks and it can be very helpful to you.

With the help of Solid Security, you can stay proactive and monitor your website activity so that you can quickly detect and mitigate security risks, ensuring the overall safety of your website.

Complete Database Backups

More often than not, it’s the database backup that will save your website. Also, it’s a good practice to back up your database before making any significant changes or updates to your website.

That’s why Solid Security also allows to you create complete database backups that you can use to restore your website to its glory in case anything breaks during the updates or the changes that you’ll be making on your website.

I will also highly recommend that you use a dedicated complete backup plugin such as Solid Backups or UpDraft Plus.

In addition to this, you should also make sure that you’re using a hosting provider that has an automatic backup and restore facility such as Hostinger or HostArmada (It’s the hosting that I’m currently using).

Now to get back to the point, Solid Security allows you to create database backups before installing updates or making any changes to maintain the integrity of your website’s core files and server configurations just in case something bad happens.

This again adds up to all the excellent features that Solid Security has to offer and makes it a great choice for your website.

Core File Comparison Tool

Ever had that nagging worry about someone sneaking into the vital core files of your website?

That’s where the Core File Comparison Tool or the file change detection feature comes in handy.

During the regular scans and security checks, Solid Security also compares the core files with the original and tries to find any irregular changes.

If any part of your website looks like it has been tampered with, the file change detection feature will catch it and warn you before it can make the situation even worse.

Please note that it might also warn you about the changes that you’ve made yourself, in that case simply ignore the warning but keep an eye on it as someone else may get involved sooner or later.

User-Friendly Dashboard & Interface

Often when a plugin comes with a lot of advanced features, it becomes very complicated to make it seamless for everyone.

However, I’m happy to say that Soid Security made sure that even people without any technical background can navigate through it and set it up for the best performance.

It has one of the best and most user-friendly interfaces that will guide you through and help you make better decisions.

Don’t worry if you don’t know much about WordPress security or cyber security. Everything is made to make sense to anyone using the Solid Security plugin and you also have help which we’ll talk about in a moment.

I have no complaints but only praise when it comes to a user-friendly interface. Solid Security, nailed it.

Super Lightweight & Fast

When I talk about installing a security plugin and explaining what it does, my clients almost always ask me about the website’s speed as SEO experts talk about it too much.

Even when they don’t, I see the concern on their faces.

If it’s the same for you then let me tell you that Solid Security is crafted to be a lighter and faster security plugin that ensures your website’s speed and performance doesn’t get affected significantly.

Please note that it will add a few milliseconds on the server side for the operations that it has to carry but it’s totally worth it if you look at what you’re getting in return.

It’s way better than most of the plugins out there when it comes to WordPress security or any other plugin that you’re probably using right now.

What I’m trying to say is that Solid Security is a very lightweight and super-fast plugin that doesn’t affect your website’s speed or performance enough to notice or care.

Try it for yourself and see the difference.

Excellent Support & Documentation

While I never needed to contact the support team or look at the documentation, it’s there if you need it.

If you ever run into any security issues or need help with something you’ll find plenty of resources such as tutorial videos, articles, and detailed documentation.

Along with that you also have access to the customer support team that will be happy to help you in any type of situation regarding Solid Security.

Also, if you’re a Solid Security Pro customer with active subscriptions for premium add-ons then you’ll receive front-of-the-line access in their support queue.

On top of that, every SolidWP customer gets personalized service from the Priority Support Team on every technical issue.

They’re known for providing actionable responses from real live people to every new conversation within 2-4 business hours which is excellent.

If I’m to believe them which I do, their average response time is within 1-2 hours and they have over 98% satisfaction rate which means you don’t have to worry about issues not getting resolved or responses that are too late.

Now obviously these were just some of the highlights and key features of Solid Security, there’s a lot more in there that you can learn about by trying it yourself.

If you’re not ready to invest in Solid Security Pro then you test the free version first and then proceed to try the premium version if you liked it.

And in case it doesn’t work for you for some reason, there’s always the 100% money-back guarantee that you can rely on. There’s nothing to worry about it, just give it a go!

Solid Security Pro Pricing

The Solid Security solution comes in three different packages:

Solid Security Basic which is completely free of cost.

Then there’s Solid Security Pro which starts at $99/year.

And finally, you can also get it with the Solid Suite subscription which starts at $199/year.

I highly recommend going with the Solid Suite option if that makes sense for you. That’s the most valuable option as you also get Solid Backups, and Solid Central along with it.

For individuals. I think the Solid Security Basic or the Solid Security Pro would make much more sense.

Here’s a pricing table to make the decision easier for you:

Alternatives To Look Out For

While Solid Security is one of the best WordPress security plugins out there, it’s obviously not the only one. Let’s briefly talk about the other alternatives that you should look out for.

Sucuri

Sucuri was the first ever WordPress security plugin that I used and it’s a great alternative. However, I did feel like it was very limited for me.

It is a popular name in this industry and is known for its comprehensive suite of features.

Sucuri offers a web application firewall (WAF), malware scanning, DDoS protection, etc. It is quite similar to Solid Security in many ways.

However, in my use case, I felt like there weren’t enough options for me to control which can be a good or a bad thing. If you like a very simple interface with limited options then you might like it.

On the other hand, if you’re like me, then you probably won’t as I always like to customize and configure everything myself for the best result.

It’s not a bad choice though. You may learn more about it here.

MalCare

I don’t remember which hosting at the moment but I used MalCare for the first time when I was migrating one of my websites to a different hosting.

The hosting company offered it for free so I tried it and it’s pretty much an excellent alternative.

It’s more of an off-site solution though, it’s not like Solid Security or Sucuri which works on your server directly. Again, this may or may not be what you want for your website.

Similar to others, MalCare offers daily malware scans, a robust firewall, and an intuitive dashboard that is easy to use. I like it a little bit more than Sucuri but I would still keep it in the third place this clash.

I find it appealing to me because it has more things that I can control myself and configure the way I want to for the best result possible.

You may learn more about it over here.

Frequently Asked Questions

Although I’ve said everything that I want to say about Solid Security, let’s have a look at some frequently asked questions just in case you’re wondering about it. Here we go:

That’s enough information in my opinion but if you have any more questions about it, please feel free to let me know in the comments section below. I’ll make sure to answer any questions you have.

Or you can just go ahead and give it a try now!

Conclusion

The security of your website is the most important thing you need to worry about. Unless there’s a plugin that can take care of most of the stuff for you.

Oh wait, there is!

Solid Security or the Solid Security Pro plugin is the solution that you need to get rid of that excessive stress and focus on your business instead or whatever it is that you like to do.

If you are an individual blogger or content creator then Solid Security Basic might be enough which is completely free. You can try it over here.

However, if you’re a professional or a business owner then upgrading to the Solid Security Pro would be the right decision. Especially if you collect user data on your website.

And it’s a no-brainer for an e-commerce website!

It’s one of the best WordPress security solutions out there and you won’t regret it. Give it a try now!

If you have any other questions, stories to share, or need advice on securing your WordPress website then feel free to comment down below. I’ll do my best to respond to each one of you.