Looking for a Solid Security review? We’ve got just what you need. Solid Security, formerly known as iThemes security, is a popular WordPress security plugin. It has a lot of features intended to protect your WordPress website from malware and cyber threats.
WordPress security is something that you MUST take seriously. For that reason, it is a wise decision to use reliable tools and methods to protect your website from cyber threats. Solid Security is a well-known plugin that hundreds of thousands WordPress users rely on for protecting and securing their site.
But the question is, how good is Solid Security? Is this plugin enough to protect your WordPress website from cyber threats? Well, we’ve used this plugin for months (free and paid). We will share our experience with Solid Security in this post. Let’s get started.
Solid Security Review: What is Solid Security?
Solid Security is a security plugin for WordPress. It aims to protect WordPress websites from cyber attacks and security vulnerabilities. The plugin is extremely popular among WordPress users. It has 900,000+ active installations and 3,384 5-star reviews on wordpress.org. That makes Solid Security one of the most popular and trusted WordPress security plugins.
Solid Security has a brute force protection network which is nearly 1 million sites strong. It utilizes this large network and its own blacklist to automatically lock out suspicious users. The most commonly attacked part of a WordPress website is the user login authentication screen. Solid Security has measures to secure and defend this authentication screen to prevent any unauthorized access to your site.
The plugin provides a range of important security functionalities that are essential in protecting a WordPress website. Let’s take a look at some of these.
- Brute force attack prevention
- Real-time dashboard in WordPress
- Passkeys and biometric authentication
- Two-factor verification and passwordless login
- Firewall with virtual patching
- Scanner for vulnerable plugins and themes
Each of these features have layers of functionalities. Take the brute force attack prevention feature for example. Solid Security secures and protects the most commonly attacked part of your website, which is the WordPress user login authentication. It also automatically locks out bad actors which are identified by its brute force protection network and the site’s own blacklist.
There are several layers of protection provided by Solid Security. But how good is it? Well, hopefully by the end of this article, we will find out the answer to that question.
Our experience with Solid Security
To see the plugin in action, we got Solid Security Pro and tried out its various security features. Here’s our experience with it.
Solid Security setup wizard
Solid Security has a setup wizard which can be used to quickly enable the most important security features that your website needs.
The setup wizard has five steps. In the first step, we are asked what website we’re running. There are various choices as you can see from the screenshot above. After selecting a type, you will be asked if you own the site or making the site for a client. Based on what options are selected, it will ask more questions.
In the next step, the global settings, we can configure the basic settings of how Solid Security functions. Firstly, we have to input our authorized IPs.
The following step is a very important one, the features section. Here we get to choose what security features we want to include in our site. Three tabs will be given, login security, firewall, and site check. Within login security, we can enable features like two-factor authentication, password login, and trusted devices.
In the firewall tab, firewall rules engine, local brute force, network brute force, CAPTCHA, etc. can be seen. Finally the site check tab has only one option. If this is enabled, our WordPress site will be regularly auto-scanned. If any issues are found, an email will be sent to the selected user.
We can quickly select the features that we need. In the next step, we can enable/disable security features for specific groups of users. We can choose what features will be enabled for which specific groups.
Finally we can set where the notification emails will be sent to. The setup wizard is a really useful tool as it helps in quickly setting up the security features for a website. However, you can change them later from Solid Security settings.
Real time threat dashboard
The first option of Solid Security is the dashboard. This is where we can see the overall security status of our WordPress website. We can see the login attempts, banned users, WordPress updates, plugin updates, lockouts, number of threats blocked, banned IPs, and other important information.
This is a real time threat dashboard. We can also check the number of database backups taken by Solid Security. By clicking on the “Backup Now” button, we can take a database backup immediately. We will explore the backup options later on in this review. But to sum up, the overall WordPress security status can be monitored from this dashboard.
Brute force attack protection
One of the common ways through which malicious actors compromise a system is the brute force attack. It’s a method where a hacker uses different combinations of passwords, passphrases, or encryption keys until the correct one is found. As you can imagine, it involves a lot of trial and error.
Solid Security defends against brute force attacks in two ways:
- Local brute force: It protects a site from attackers that try to randomly guess login details. It is also possible to customize the login brute force protection settings. We can specify the number of maximum login attempts per IP and per user. We can also choose how long the bad login attempts should be remembered.
- Network brute force: When this feature is enabled, it automatically reports the IPs of the failed login attempts to Solid Security and will block those for a length of time.
Besides joining a network, Solid Security also creates a blacklist of our own with a list of suspicious actors.
During the setup wizard, these features can be enabled. Again, if anyone wants to access these settings again, these can be found in the Firewall tab of Features option within Solid Security > Settings from the WordPress admin dashboard.
Firewall
We’ve already seen the brute force protection offered by the Solid Security firewall. However, the firewall also offers more options such as banning users, firewall rules engine, magic links, and CAPTCHA. We can ban specific IPs, and also tweak firewall engine rules.
The firewall can be accessed from Solid Security > Firewall from the WordPress admin dashboard. Here we can monitor how many threats the firewall has blocked along with other information. We can tweak the firewall rules, manage IPs, configure the firewall, and access the automated option.
Site scans
It is important to perform regular site scans to check for malware and other vulnerabilities. Solid Security automatically scans for these vulnerabilities (if the feature is enabled). You can also initiate the scan from Solid Security > Site Scans. The site scan checks for inactive users, rogue installs, plugins, themes, etc.
The site scan settings can also be accessed from the Solid Security > Settings section. Here we can enable the various features of site check. For example, we can enable the File Change feature to scan for unexpected changes of files. We can schedule site scan, log user logins, and enable version management features.
Passkeys and biometric login
Passkeys are one of the most secure and easy methods for logging in to online accounts. Instead of creating a password, we can use passkeys and log in to our WordPress dashboard without passwords.
The way a passkey works is that it uses some digital data from our computer or phone when logging in to the server. We can approve each use of the data with an authentication step such as fingerprint, face recognition, checking a PIN code, etc.
Solid Security lets us use passkeys on mobile devices, mac computers, windows, and so on.
Two factor authentication
Two Factor Authentication or 2FA is also a very secure way of logging in to your WordPress admin dashboard. Using Solid Security you can enable Two Factor Authentication for your WordPress website.
This feature is commonly provided by many popular security plugins. As this is an easy and secure method, we always recommend protecting your WordPress site with Two factor authentication.
Database backup
Having a backup of the WordPress database is immensely helpful. In case something happens to your site, and if you have a backup, you can restore it. This will replace all the existing content from the database with the fresh ones. With Solid Security you can backup your WordPress database. Schedule the backup and choose the number of days after which a backup of the database will be taken.
As for the backup files, we can choose if we want those to be sent through email or saved locally. It is also possible to include/exclude tables from the database. You can also use other plugins/tools to backup WordPress files and database.
Customize login URL
A good way to increase a WordPress site’s security is to have a customized URL for the login page. So instead of the default “wp-admin” at the end of the URL, we can have a customized one. This way, it will be harder for hackers to access the login page.
In the Advanced tab of Solid Security > Settings, we can see that Solid Security has the feature to hide the WordPress login screen.
Solid Security pricing
If we take a look at the pricing page of the Solid Security website, we can see 4 products. These products are:
- Solid Security: This is the main security application.
- Solid Backups: This application helps you backup your entire site and restore when needed.
- Solid Central: This is a multi-site management system with a centralized dashboard.
- Solid Suite: A three-in-one application. It has Solid security, backup and maintenance.
We will take a look at Solid Security as this is our main focus here. When you purchase Solid Security, you get all the features of the plugin. You can choose the number of sites you want to use it on. Here’s the pricing for the number of sites:
- For 1 site – $99/year
- For 5 sites – $199/year
- For 10 sites – $299/year
- For 25 sites – $399/year
- For 50 sites – $499/year
If you need to purchase Solid Security for more than 50 sites, you have to contact the team and discuss a plan.
Do you actually need any security plugin?
WordPress is the most popular CMS today. It is no surprise that WordPress is a big target for cyber attackers. A large number of WordPress sites come under attack daily. Hackers use different tactics and strategies to attack a website. When a hacker gets access to your WordPress dashboard, they can cause so many problems including bringing your entire site down. In some cases many website owners don’t know what to do when a website gets hacked. That is why, it is a wise decision to secure your WordPress website before anything bad happens to it.
There are many powerful WordPress security plugins that you can use to protect your site. If you suspect there’s malware within your site, you can take the help of any malware removal tools or services.
Your website is an important part of your business and online reputation. Security is something that many people consider “Not Important” until it’s too late. Therefore, we believe you should take every action possible to secure your WordPress website.
Conclusion
So that’s everything for now from us with Solid Security. There’s a lot more to talk about, but we believe in keeping things short and simple. We explored different security features that Solid Security provides. We looked at two-factor authentication, firewall options, site scanning, passkeys, database backup, and more. These features are actually very important if we want to keep a WordPress website safe.
After using Solid Security we can say one thing, Solid Security does provide solid security for a WordPress site! It can be reliable when you have the right configuration. So what do you think about Solid Security? Which plugin do you rely on for your WordPress site’s security? Let us know in the comments!
Disclaimer: This post may contain affiliate links and we may receive a small commission if you purchase something by following them. However, we recommend services/products that we believe good to serve your purpose.
