Trusted WordPress tutorials, when you need them most.
Beginner’s Guide to WordPress
25 Million+
Websites using our plugins
Years of WordPress experience
WordPress tutorials
by experts
Solid Security is a popular security plugin. It can protect your login pages with strong passwords and 2FA, while scanning your site for vulnerabilities and installing patches automatically.
Have you used "Solid Security" before? Add Your Review to help the community.


  • All-in-one security plugin
  • Vulnerability scanner and automated patching
  • Ready-made security templates
  • Support for Two Factor Authentication (2FA) and passwordless login
  • Enforce a strong password policy
  • Generate CAPTCHAs
  • Real-time security stats dashboard

WPBeginner users can get started from $99!

Visit Solid Security

(this discount will be applied automatically)

Solid Security Review: Is It the Right Security Plugin for You?

Editorial Note: We earn a commission from partner links on WPBeginner. Commissions do not affect our editors' opinions or evaluations. Learn more about Editorial Process.

Are you looking for a Solid Security review to help you decide if it’s the right WordPress security plugin for you?

This popular plugin aims to protect WordPress against all the most common security threats, including plugin vulnerabilities and brute force attacks. It also focuses on protecting the login screen, with features such as two-factor authentication and passwordless login.

In this Solid Security review, we’ll look at this popular plugin to see whether it’s the right choice for you.

Solid Security review: Is it the right security plugin for you?

Solid Security Review: Why Use It in WordPress?

Solid Security is a popular security plugin that’s designed to protect your site against bots, hackers, malware, brute force attacks, and many other common threats.

To achieve this, it focuses on enhancing WordPress login security with features such as passwordless login, two-factor authentication (2FA), password policies, and a list of trusted devices. It can also automatically block suspicious IP addresses, or remove admin privileges and notify you about a person’s suspicious activities.

The Solid Security WordPress security plugin

In addition, Solid Security monitors every website that uses the plugin. When it identifies an IP address that’s attempting to breach sites within that community, Solid Security will automatically ban that IP address across its entire network.

If you’re just getting started or have a limited budget, then you can download Solid Security lite from

The free Solid Security WordPress plugin

This free plugin comes with six templates that contain the recommended security settings for different types of website. For example, if you accept payments online then you can enable the eCommerce template.

In this way, you can protect your site within minutes, and with no special configuration required.

Solid Security Review: Is It the Right Security Plugin for You?

Security is a huge topic that can impact every part of your WordPress website. With the right security features and tools, you can keep your customers and users safe, improve the visitor experience, and even boost your WordPress SEO.

With that said, let’s see if Solid Security is the right plugin for your WordPress blog or website.

1. Ready-Made Security Site Templates

Different types of websites have different security needs. For example, an online store will need a different level of security compared to a personal blog.

To help you apply the right settings, Solid Security comes with six site templates. Simply select the right template in the onboarding wizard, and Solid Security will apply the recommend security settings for you:

  • eCommerce. This is perfect for websites that sell digital downloads, physical products, or any site where you accept online payments.
  • Network. This template is designed for community websites, such as social media sites or online forums.
  • Non-Profit. A template designed specifically for charities, or any site that accepts donations online.
  • Blog. This template is perfect for WordPress blogs.
  • Portfolio. A template that’s designed to show off your photographs, digital artwork, case studies, or similar work.
  • Brochure. This template is a good fit for small business websites.

2. Easy to Set Up

It’s easy to protect your site with Solid Security. To start, you can install and activate it just like any other WordPress plugin.

Upon activation, the setup wizard will show you exactly how to protect your site, including choosing the best Security Site Template.

The Solid Security website, blog, and online store templates

In fact, according to Solid Security the onboarding experience should take less than 10 minutes.

3. Customizable Security Settings

Do you share the dashboard with other people, or allow user registration on your website?

In that case, you may want to use different security settings for each user role. For example, you might enforce strict password policies for site admins, while giving customers more freedom.

During the set up process, Solid Security will sort your users into different groups. It can then apply recommended security settings based on your Site Template, and the information you shared during onboarding.

Managing different user roles using Solid Security

Alternatively, you can create your own settings for each user group.

4. Brute Force Protection

Solid Security can automatically identify brute force attacks using your lockout rules. It will then ban these IP addresses automatically. For example, you might block an IP address following a certain number of failed login attempts.

How to protect your site against brute force attacks

You can also change the maximum number of login attempts before you lock a host, computer, or username out of WordPress.

For extra security, this plugin can block IP addresses at the network level. If someone tries to break into other websites in the Solid Security community, then the plugin will automatically block the IP address across their entire network. According to the Solid Security website, their network includes over 1 million websites, so this is an impressive level of protection.

If you accidentally get locked out due to the brute force protection, then you can still log in using the plugin’s Magic Links. This feature provides a secure and user-friendly way to log into your account, even when it’s been temporarily restricted due to a suspected brute force attack.

For more on this topic, please see our guide on what to do when you’re locked out of WordPress.

5. Ban Users and IP Addresses

With Solid Security, you can permanently block specific IP addresses and user agents from accessing your site. For example, it allows you to ban known bots and trolls without editing your server configuration.

6. Vulnerability Scanner

Solid Security will check your site for known vulnerabilities in WordPress core files, plugins and themes, twice a day. If the security scanner detects a piece of vulnerable software, then it will apply a patch automatically, where available.

Scanning your site for security vulnerabilities

It can also detect other assorted security issues, such as any admins who haven’t enabled two-factor authentication.

Solid Security will notify the site admin about any issue it finds, but you can also see the results of previous scans directly in the WordPress dashboard.

Alternatively, you can run a manual scan at any time.

How to scan your site for security vulnerabilities manually

7. Database Backups

Backups give you a quick and easy way to restore a hacked site. That said, Solid Security can backup your WordPress database based on a schedule set by you. It will also zip these backups to reduce the file size, and then send the backup over email or store the file locally.

Just be aware that this isn’t a complete backup, so we still recommend using a dedicated backup plugin such as Duplicator.

8. Two Factor Authentication (2FA)

Solid Security allows you to add two-factor authentication using any Time-Based One-Time password Provider (TOTP). For example, you can use any iOS or Android app that supports the TOTP standard.

Additionally, you can use a YubiKey or other Trusted Platform Module (TPM) device.

Adding two-factor authentication to your WordPress blog, website, or online marketplace

For more on this topic, please see our guide on how to securely manage passwords.

9. Password Policy Requirements

With Solid Security, you can create and enforce a strong password policy for your users.

How to enforce a secure password policy on your WordPress website, blog, or online store

After activating the policy, Solid Security will check each user’s login details against a list of known compromised passwords.

If their password has been compromised, then they’ll be asked to create a new password.

How to add a password policy to your website

Another option is setting a time limit, so users must periodically change their password based on a schedule set by you.

10. Supports Passkeys and Biometric Passwords

Solid Security offers biometric login that’s compatible with Face ID, Touch ID, and Windows Hello.

You can also use passkey technology that’s compatible with all the major browsers, including Firefox, Chrome, and Safari.

How to set up passwordless login

11. Trusted Devices 

Solid Security can identify the devices that you and other people use to log into your WordPress website. It can then limit admin privileges to trusted devices only, or even block unknown devices completely. This way, even if a hacker has the correct username and password, they won’t be able to perform admin-level actions on your site.

Solid Security will also notify you every time someone logs into your site using an unknown device, so you can take action straight away.

12. Custom Login URL

WordPress is the most popular CMS platform and powers over 40% of websites. This popularity makes it a common target for hackers. Often, these hackers will try to break into your site using commonly-used login URLs such as wp-admin and wp-login.

With Solid Security, you can choose a custom login URL instead. Immediately, this makes it more difficult for hackers to find your login page, and then target you using brute force attacks.

Changing the login URL on your WordPress website

13. Enforce SSL

SSL is an encryption technology that protects the data that’s transferred between your web server and the visitor’s browser.

To help keep your site safe, Solid Security can force all connections to be made over SSL/TLS.

14. CAPTCHA Generator

Bots may try to perform all kinds of malicious activities on your site, such as posting spam comments, scraping your content, or hacking into accounts using leaked passwords.

You can generate a CAPTCHA inside Solid Security, and then start blocking bad bots.

How to protect your content using CAPTCHAs

15. Custom Database Prefix

Solid Security can help you avoid simple attacks by changing your database prefix from ‘wp_’ to a random value.

Replacing the WordPress database prefix with a custom prefix

This will make it more difficult for hackers to find your database prefix and exploit vulnerabilities in your blog, website, or online marketplace. Just be aware that hackers can still potentially find your database prefix programmatically, so this won’t stop more sophisticated attacks.

16. Real-Time Security Dashboard

Solid Security has a real-time WordPress security dashboard that monitors various changes and actions across your entire site. This can help you spot suspicious activity quickly, identify patterns, or pinpoint problems you need to address.

In the dashboard, you’ll find information about any changes made to your site’s files, pages, posts, plugins, or WordPress theme. It also tracks user registrations, logins, and other activites.

These dashboards are fully customizable so you can choose which reports to show. You can even create different dashboards for each user role. For example, you might show different reports to guest bloggers, compared to site admins or editors.

17. WordPress Multisite Compatible

Do you run a WordPress multisite network? Then you’ll be happy to learn that Solid Security works perfectly with WordPress multisite.

18. Community and Professional Support

WordPress security is a huge topic, but this popular plugin is designed with ease of use in mind. You can activate many of its security features with just a few clicks, and the default settings should work well for most WordPress websites.

However, sometimes you may have questions or need some extra help. If you want to get answers yourself, then Solid Security has a help center where you’ll find detailed documentation.

Solid Security's online documentation

If you want more information, then Solid Security has also published a series of free guides.

These cover a range of WordPress security topics such as tasks to perform when you first install WordPress, and how to perform a security audit.

Solid Security's guides

If you prefer one-on-one help, then you can submit a support ticket and the SolidWP team will get back to you as soon as possible.

Solid Security Review: Pricing and Plans

If you’re just getting started or have a limited budget, then you can download the lite version of Solid Security from This free plugin comes with six different site templates, so you can quickly and easily protect all kinds of websites.

However, if you want the more advanced features, then you’ll need to upgrade to a premium Solid Security plan.

Unlike some other WordPress security plugins, you’ll get the same features no matter what license you buy. This means you can secure your login page, protect against brute force attacks, patch vulnerabilities automatically, set up passwordless logins, and much more.

However, the price will vary depending on the number of sites where you want to use the Solid Security plugin.

Solid Security's pricing and plans

Do you need to secure a single WordPress website? Then a license will cost $99 per year.

Do you own a few different sites, such as multiple blogs in an affiliate marketing network? Then you can install Solid Security on 5 websites for $199 annually.

Meanwhile, if you run a WordPress development agency or manage lots of client websites, then you can install Solid Security on up to 50 sites for $499 per year.

Solid Security Review: Is It the Right Security Plugin for You?

After looking at the features, support, and pricing plans, we’re confident that Solid Security is a great security plugin.

It protects your site’s login page by enforcing strong passwords, and offering alternative login methods such as two-factor authentication and passwordless login. At the same time, it scans your site for vulnerabilities in your WordPress plugins, themes, and WordPress core.

If you only want to secure a single blog or website, then you can buy a yearly license for $99.

However, the price rises based on the number of websites where you use Solid Security. For example, if you need to install Solid Security on 10 websites, then you can expect to pay $299 per year.

We hope this Solid Security review helped you decide whether it’s the right security plugin for you. You can also check out our guide on how to increase your blog traffic, or see our expert pick of the best analytics solutions for WordPress users.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

WPBeginner users can get started from $99!

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us. Here's our editorial process.

Reader Interactions

1 User ReviewAdd Your Review

  1. Syed Balkhi says

    Hey WPBeginner readers,
    Did you know you can win exciting prizes by commenting on WPBeginner?
    Every month, our top blog commenters will win HUGE rewards, including premium WordPress plugin licenses and cash prizes.
    You can get more details about the contest from here.
    Start sharing your thoughts below to stand a chance to win!

Leave A Review

Thanks for choosing to leave a review. Please keep in mind that all reviews are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

Your Rating: