This section explains the precautions to be taken when using multiple security plug-ins together in WordPress.
Typical WordPress security plug-ins
The following security plug-ins are commonly installed on WordPress sites.
WordFence
WAF blocks malicious traffic. Malware scanner to detect and repair infections. Two-factor authentication (2FA) and brute force attack protection.
SiteGuard
Simply install and activate to provide basic login protection and prevent unintentional access to administrative screens. Protects against fraudulent logins by changing login page URLs, automatic lockouts, image verification (CAPTCHA), login alerts (email notifications), and more.
All-In-One Security (AIOS)
Complete WAF functionality, firewall (6G/8G rules), login protection (2FA, user enumeration prevention). File change monitoring and content protection (spam/hotlink prevention). Easy to use with security scoring, suitable for beginners.
Solid Security
Originally iThemes Security, offering multi-layered protection including login hardening (2FA/password policy), brute force protection, file change detection, and vulnerability scanning. Vulnerability scanning. File change detection and user activity logs.
MalCare Security
Malware scanner and WAF with WordPress-specific threat blocking. Vulnerability detection, activity logs, country blocking, login protection.
WP Doctor malware scanner pro
Block malicious traffic with WAF. Malware scanner, vulnerability scanning, IP blocking, attack monitoring features, and more.
Security plugin includes similar WAF features
A WAF is a feature that prevents hackers from attacking and makes it harder to hack. Plugins with this functionality often overlap in functionality, and more than 70% of them are the same. Also, login protection is found in almost all plugins.
If multiple plug-ins are enabled for these overlapping functions, there is a possibility that the functions will conflict, which may cause problems such as not being able to log in.
Also, security-related functions will be executed multiple times, which may slow down the load and speed of the site.
For this reason, we recommend that you set up similar security functions so that they do not overlap, even if multiple security plug-ins are installed.
False positives in malware scanning
Plug-ins with malware scanning functions may include detection patterns or malware-like code in their detection programs, which may cause the malware scanning functions to misdetect each other even though the code is safe.
Therefore, if multiple malware scanning plug-ins are running, a human must determine if the detected files are indeed malware.
The following is a method to determine if a safe file has been falsely detected or not.
The detected malware exists in the folder of another malware detection plug-in.
The detected file is included in the same version of the plugin as the legitimate distribution file, and the contents are identical.
In addition, if the malware scan is executed by multiple plug-ins, it may increase the load on the site and lead to site slowdown.
For this reason, we recommend that security plug-ins be combined into one plug-in that has a general WAF function, a malware scanning function (with a high detection rate), and a vulnerability scanning function.
This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content using generated AI is permitted.
1. it is not for the purpose of learning by the generated AI. 2. only the summary or title of the page content at a level that does not lead to the solution of the user’s problem is shown to the user. 3. in the case of 2, a link to this content is shown to lead the user to this page.
