Solid Security Free

The best plugin for WordPress security. Powerful protection for your site begins on Day 1.

Shield your WordPress site from cyber threats, strengthen login security, and stop brute force attacks in their tracks.

  • Vulnerable software scanning
  • Firewall management & user security
  • Set up in 10 minutes or less
Download for Free

Features

Local brute force protection

Protect your site against spambots, search bots, specific IP addresses, repeated login attempts, and other bad users.

Two-factor authentication

Require extra layers of security on your site’s login page.

Scan for vulnerabilities

Schedule automated vulnerability scans that run four times a day to identify vulnerable software. Scans are checked against the Patchstack vulnerability database, and with Patchstack Priority scoring, you get clearer insight into which issues matter most so you can make informed decisions faster.

Solid Central integration

Temporarily whitelist your own IP, release lockouts, and override two-factor authentication from Solid Central.

Download for free

Benefits

Shield from cyberattacks

  • Proactively protect your WordPress site and data from brute force attacks, malware infections, and bad actors.

Prevent common vulnerabilities

  • Secure the most exposed part of your WordPress site—user logins—with two-factor authentication and password requirements.

Brute Force Protection network

  • Block attackers from accessing your site with your own blacklist plus added protection from a Solid Security network that’s nearly one million websites strong.

What’s Included in the best plugin for WordPress Security

Free

Pro

Ban bad bots & users

Block specific IP addresses and user agents from accessing the site

Patchstack Vulnerability Scan

Local & Network Brute Force Protection

Database Backups

File Change Monitoring

Site Scanner

Two-Factor Authentication

Custom Firewall Rules

Email Notifications

Real-time WordPress Security Dashboard

Strong Password Enforcement

Customizable Lockout messages

File Permission Check

Patchstack Virtual Patching

Passkeys for More Secure Logins

Magic Links & Passwordless Login

Trusted Devices

Session Hijacking Protection

Temporary Privilege Escalation

Version Management

Protect Login, Registration, and Password Reset from Bots

Real-time WordPress security dashboard widget

Settings Import & Export

File Integrity Check

User Activity Logging

WP-CLI Integration

Password Expiration

Reduce Spam Comments

Refuse Compromised Passwords

Restrict user capabilities on unrecognized devices

Require Two-Factor for vulnerable users

Private, Ticketed Support

Download for Free Go Pro

Customer trust, business stability, and brand reputation are lost when your site is breached

FAQ

SolidWP Support Explore SolidWP Resources Chat with us

No. Although we believe that Solid Security is the best plugin for WordPress security, it is designed to help improve the security of your WordPress installation, not guarantee prevention from every possible attack. Nothing replaces diligence and good practices. This plugin makes it a little easier for you to apply both.

Solid Security is our free site security plugin. Solid Security Pro offers all the benefits of Solid Security, plus additional features including passkeys, magic links and passwordless logins, Patchstack virtual patching, and more. Learn more about the differences between Solid Security and Solid Security Pro.

While Solid Security can be installed on either a new or existing site, we strongly recommend making a complete backup of your existing site before applying any features included in this plugin.

One of the most important security practices for WordPress site owners is keeping software up to date. Because of this, we only test this plugin on the latest stable version of WordPress and will only guarantee it works in the latest version.

Solid Security requires Apache or LiteSpeed and mod_rewrite or NGINX to work.

Solid Security makes significant changes to your database and other site files which can sometimes cause problems for existing WordPress sites. Therefore, we strongly recommended making a complete backup of your site before using this plugin.

While problems are rare, most support requests stem from the failure to make a proper backup before installation.

DISCLAIMER: Most importantly, under no circumstances do we release this plugin with any warranty, implied or otherwise. We cannot be held responsible for any damage that might arise from the use of this plugin.