MalCare vs Wordfence vs Sucuri vs iThemes Security? Best WordPress Security Plugins?


MalCare vs Wordfence vs Sucuri vs iThemes Security? Best WordPress Security Plugins?

I am launching a multi-dwelling booking website and the host company includes free SSL certificate. Is it recommended to upgrade to a paid SSL certificate to facilitate online payment or should the free SSL certificate suffice? Also should I upgrade the security from the free IThemes security I am currently using? I have been reading some reviews on IThemes vs wordfence vs malcare vs Sucuri but want to ensure I have a the main things covered before I go live. Let me know your recommendations.

MalCare vs Wordfence vs Sucuri vs iThemes Security
solved 0
Ali Akkas 1 year 2020-06-26T15:15:06+00:00 12 Answers 0

Answers ( 12 )


    Best security plugin for WordPress:

    Have been using iThemes for 3 years because the code it writes in htaccess ( for Apache) is good. It works well in conjunction with MalCare ( and Wordfence ) but no need to use the three of them. It’d be overkill. Currently with MalCare ($99/year) and iThemes Security free.

    Why I prefer MalCare Pro over iThemes Security Pro?

    • Firstly because Malcare’s scanner is very sophisticated whilst iThemes security use Suxuri’s scanner which is with absolutely basic features. For example, it doesn’t scan the dB. So if one has an SQLi ( a SQL injection/ inclusion) it won’t be noticed.
    • Secondly MalCare Pro includes a WAF (Web Application Firewall). No such a thing with iThemes Security Pro.
    • Thirdly With MalCare Pro I have unlimited malware removals. Totally lacking in iThemes Pro.

    That’s why iThemes is cheaper $60/ year. Or even $40/ year almost every other week.
    One can use Cloudflare along with both of them. So you can use Cloudflare’s firewall rules and DDoS protection.
    Also, Malcare has an extremely good reputation. Simply check Trustpilot or G2.

    iThemes Security Review:

    I don’t say iThemes security is bad even the opposite, and that’s why I use the free version along with Malcare.. However, their Pro version lacks basic features like malware removal, a good scanner, etc.

    Visit MalCare Website


    Malcare is a better product because it doesn’t impact performance. I’ve steered clear of WordFence for that reason. Some hosts like WPEngine won’t even allow WordFence on their servers. MalCare offers advanced scanning and a strong firewall to protect your site.  All our processes take place on our off-site dedicated servers, aka – zero load on yours! There are also plans which include incremental backups.

    Get MalCare

    Best answer

    WordFence has been great for both my clients and my own company websites. I have seen recommended multiple times within this site here. Ithemes Security Pro Vs wordfence? What is the Best WordPress Security Plugin?


    There is no technical reason to pay for an SSL cert. A free cert offers the exact same encryption. If your host doesn’t offer let’s encrypt, you need a new host.
    If your host has given u a free SSL cert then it means its a bonus for you. No need to buy another SSL, your host can’t give u a fake one that will make your site vulnerable. the free one performs as good as the paid ones. Stick to the free on.


    Who is the Host? The host is everything. Dedicated IP address (at least for your own account regardless of how many sites you have on that acct). This isolates you from the rest of the chatter on the same server. Free SSL if it renews automatically, and consistently. Don’t see any reason to just jump the gun on paid versions of either WF or iT. Good host and something like Loginizer is even pretty secure if everything else it well. Kind of all depends on your needs, and budget but I wouldn’t spend it if you didn’t need to. Low and slow.
    I hope that helps.


    I would strongly recommend you look at Shield Security. Shield has the edge in my humble view for its sleek well-designed user interface and packed with all features needed. The free version does a lot and the premium is excellent value. Shield Security is constantly evolving.


    WP Security Ninja VS MalCare VS VirusDie:

    I have WP Security Ninja Unlimited sites, and some times it seems a little buggy, and I have MalCare for 3 Websites too and for me, the UI is better and they Scan the website outside of your server. virus die I don’t use. Malcare does a good job of protecting your sites and cleaning them. For complex malware that’s found in databases that malware can’t clean their support will clean it free of charge. Just put in a ticket and they’ll handle it within 24 hours. I’m so glad I stacked 3 codes and the $99 yearly backup solution for 15 sites.

    Get MalCare


    Best Security Plugin:

    Wordfence is the best security plugin by far. It’s also worth subscribing to their excellent blog where they inform readers about any plugin vulnerabilities and there is a really good set of tutorial articles about WordPress security best practices.

    Best Backup Plugin:

    Updraft plus for scheduled backups and All in One WP Migration for making, exporting, and importing full clones of your site.
    Don’t rely solely on your hosting provider’s backups and security, however good they claim to be!

    Best free WordPress security plugin 2020:

    When talking about the free versions, you can combine both. Wordfence’s file comparison gives you more insight but itheme can close down REST(which is really necessary!!!) and XMLRPC and can hide your wp-login.php. itheme does more but till now they work well together. Every plugin slows you down at some point, but security is critical and you can compensate on the frontend with good caching.


    How much does those plugin usually steal? Today I use WordPress security plugins since security is important. Both to keep them away and to have a proper backup system. Worth to mention guys, have a properly scheduled and automized off-site backup system.
    But there is a lot of plugins to choose from so a poll would be useful and some solid comments regard each plugin why good/bad etc. Think many users just pick what is easy and have a nice UX/UI rather than how good it is in protecting your site and have a minimalist effect on frontend performance.
    Cloudflare with WAF, performance, and CDN are only applied on my side with a business account. So that you can upload a custom SSL and not be on a big shady shared pool of IPs. But far from all can or want to pay 199USD per month for the business package. The only way to get a small IP pool on Cloudflare. But the WAF net doesn’t cover you for SQL and PHP injections and other open doors in WordPress? Or I might be wrong, a long time ago I read the WAF documentations.


    Security plugins are one of those areas where it’s all about preference and features/functionality. I’ve tried Sucuri, WordFence, and iThemes.
    I like Sucuri and WordFence the best and will use both of them, but WordFence has some features I’ve not seen in the other two. It’s a little more intense in the setup (altho a wizard setup can take you about 2 minutes or less,) but the alerting and reporting are better. I use both, depending on the client one or the other. I use & recommend Wordfence and iThemes Security Pro. They support everything you look for.


    For my experience, I’m using a VPS with root access so the first thing I protect my ssh I block the root login and create a user with admin command after that I start to install all the necessary (update my server install lemp, nginx, MariaDB, PHP) after that I use iptables with fail2ban, it’s the most basic you can do to protect your server from hacker after for WordPress I use only Akismet ( 5 USD per month) with a captcha and my hosting protect me from DDoS. And all the common things you can do always update WordPress and plugin etc never use nulled plugin !!!


    Do I need a security plugin for WordPress?

    If you chose the right hosting platform you wouldn’t even need to worry about it. If you haven’t chosen a hosting platform that handles security, I recommend Wordfence. If you update WordPress, with plugins & themes, properly and use safe passwords you most likely won’t need a security plugin. Otherwise, I’d recommend Cloudflare. Security plugins only tend to slow down your site and create a false sense of security. Having said that, You don’t necessarily need a security plugin, although a plugin can be a useful tool to help you implement proper security practices. There is much more to security than a plugin.

    Best WP security plugin?

    I use ithemes security pro on all of our sites… hide the admin, limit login attempts, ban attempts to login as username admin, two-factor authentication, google invisible Recaptcha on the login form, SSL on login form. plus way more.

    Get ithemes security pro

Leave an answer

What is the capital of Egypt? ( Cairo )