Solid Security

Are you looking for a Solid Security review to help you decide if it’s the right WordPress security plugin for you?

This popular plugin aims to protect WordPress against all the most common security threats, including plugin vulnerabilities and brute force attacks. It also focuses on protecting the login screen, with features such as two-factor authentication and passwordless login.

In this Solid Security review, we’ll look at this popular plugin to see whether it’s the right choice for you.

Solid Security Review: Why Use It in WordPress?

Solid Security is a popular security plugin that’s designed to protect your site against bots, hackers, malware, brute force attacks, and many other common threats.

To achieve this, it focuses on enhancing WordPress login security with features such as passwordless login, two-factor authentication (2FA), password policies, and a list of trusted devices. It can also automatically block suspicious IP addresses, or remove admin privileges and notify you about a person’s suspicious activities.

In addition, Solid Security monitors every website that uses the plugin. When it identifies an IP address that’s attempting to breach sites within that community, Solid Security will automatically ban that IP address across its entire network.

If you’re just getting started or have a limited budget, then you can download Solid Security lite from WordPress.org.

This free plugin comes with six templates that contain the recommended security settings for different types of website. For example, if you accept payments online then you can enable the eCommerce template.

In this way, you can protect your site within minutes, and with no special configuration required.

Solid Security Review: Is It the Right Security Plugin for You?

Security is a huge topic that can impact every part of your WordPress website. With the right security features and tools, you can keep your customers and users safe, improve the visitor experience, and even boost your WordPress SEO.

With that said, let’s see if Solid Security is the right plugin for your WordPress blog or website.

1. Ready-Made Security Site Templates

Different types of websites have different security needs. For example, an online store will need a different level of security compared to a personal blog.

To help you apply the right settings, Solid Security comes with six site templates. Simply select the right template in the onboarding wizard, and Solid Security will apply the recommend security settings for you:

• eCommerce. This is perfect for websites that sell digital downloads, physical products, or any site where you accept online payments.
• Network. This template is designed for community websites, such as social media sites or online forums.
• Non-Profit. A template designed specifically for charities, or any site that accepts donations online.
• Blog. This template is perfect for WordPress blogs.
• Portfolio. A template that’s designed to show off your photographs, digital artwork, case studies, or similar work.
• Brochure. This template is a good fit for small business websites.

2. Easy to Set Up

It’s easy to protect your site with Solid Security. To start, you can install and activate it just like any other WordPress plugin.

Upon activation, the setup wizard will show you exactly how to protect your site, including choosing the best Security Site Template.

In fact, according to Solid Security the onboarding experience should take less than 10 minutes.

3. Customizable Security Settings

Do you share the dashboard with other people, or allow user registration on your website?

In that case, you may want to use different security settings for each user role. For example, you might enforce strict password policies for site admins, while giving customers more freedom.

During the set up process, Solid Security will sort your users into different groups. It can then apply recommended security settings based on your Site Template, and the information you shared during onboarding.

Alternatively, you can create your own settings for each user group.

4. Brute Force Protection

Solid Security can automatically identify brute force attacks using your lockout rules. It will then ban these IP addresses automatically. For example, you might block an IP address following a certain number of failed login attempts.

You can also change the maximum number of login attempts before you lock a host, computer, or username out of WordPress.

For extra security, this plugin can block IP addresses at the network level. If someone tries to break into other websites in the Solid Security community, then the plugin will automatically block the IP address across their entire network. According to the Solid Security website, their network includes over 1 million websites, so this is an impressive level of protection.

If you accidentally get locked out due to the brute force protection, then you can still log in using the plugin’s Magic Links. This feature provides a secure and user-friendly way to log into your account, even when it’s been temporarily restricted due to a suspected brute force attack.

For more on this topic, please see our guide on what to do when you’re locked out of WordPress.

5. Ban Users and IP Addresses

With Solid Security, you can permanently block specific IP addresses and user agents from accessing your site. For example, it allows you to ban known bots and trolls without editing your server configuration.

6. Vulnerability Scanner

Solid Security will check your site for known vulnerabilities in WordPress core files, plugins and themes, twice a day. If the security scanner detects a piece of vulnerable software, then it will apply a patch automatically, where available.

It can also detect other assorted security issues, such as any admins who haven’t enabled two-factor authentication.

Solid Security will notify the site admin about any issue it finds, but you can also see the results of previous scans directly in the WordPress dashboard.

Alternatively, you can run a manual scan at any time.

7. Database Backups

Backups give you a quick and easy way to restore a hacked site. That said, Solid Security can backup your WordPress database based on a schedule set by you. It will also zip these backups to reduce the file size, and then send the backup over email or store the file locally.

Just be aware that this isn’t a complete backup, so we still recommend using a dedicated backup plugin such as Duplicator.

8. Two Factor Authentication (2FA)

Solid Security allows you to add two-factor authentication using any Time-Based One-Time password Provider (TOTP). For example, you can use any iOS or Android app that supports the TOTP standard.

Additionally, you can use a YubiKey or other Trusted Platform Module (TPM) device.

For more on this topic, please see our guide on how to securely manage passwords.

9. Password Policy Requirements

With Solid Security, you can create and enforce a strong password policy for your users.

After activating the policy, Solid Security will check each user’s login details against a list of known compromised passwords.

If their password has been compromised, then they’ll be asked to create a new password.

Another option is setting a time limit, so users must periodically change their password based on a schedule set by you.

10. Supports Passkeys and Biometric Passwords

Solid Security offers biometric login that’s compatible with Face ID, Touch ID, and Windows Hello.

You can also use passkey technology that’s compatible with all the major browsers, including Firefox, Chrome, and Safari.

11. Trusted Devices 

Solid Security can identify the devices that you and other people use to log into your WordPress website. It can then limit admin privileges to trusted devices only, or even block unknown devices completely. This way, even if a hacker has the correct username and password, they won’t be able to perform admin-level actions on your site.

Solid Security will also notify you every time someone logs into your site using an unknown device, so you can take action straight away.

12. Custom Login URL

WordPress is the most popular CMS platform and powers over 40% of websites. This popularity makes it a common target for hackers. Often, these hackers will try to break into your site using commonly-used login URLs such as wp-admin and wp-login.

With Solid Security, you can choose a custom login URL instead. Immediately, this makes it more difficult for hackers to find your login page, and then target you using brute force attacks.

13. Enforce SSL

SSL is an encryption technology that protects the data that’s transferred between your web server and the visitor’s browser.

To help keep your site safe, Solid Security can force all connections to be made over SSL/TLS.

14. CAPTCHA Generator

Bots may try to perform all kinds of malicious activities on your site, such as posting spam comments, scraping your content, or hacking into accounts using leaked passwords.

You can generate a CAPTCHA inside Solid Security, and then start blocking bad bots.

15. Custom Database Prefix

Solid Security can help you avoid simple attacks by changing your database prefix from ‘wp_’ to a random value.

This will make it more difficult for hackers to find your database prefix and exploit vulnerabilities in your blog, website, or online marketplace. Just be aware that hackers can still potentially find your database prefix programmatically, so this won’t stop more sophisticated attacks.

16. Real-Time Security Dashboard

Solid Security has a real-time WordPress security dashboard that monitors various changes and actions across your entire site. This can help you spot suspicious activity quickly, identify patterns, or pinpoint problems you need to address.

In the dashboard, you’ll find information about any changes made to your site’s files, pages, posts, plugins, or WordPress theme. It also tracks user registrations, logins, and other activites.

These dashboards are fully customizable so you can choose which reports to show. You can even create different dashboards for each user role. For example, you might show different reports to guest bloggers, compared to site admins or editors.

17. WordPress Multisite Compatible

Do you run a WordPress multisite network? Then you’ll be happy to learn that Solid Security works perfectly with WordPress multisite.

18. Community and Professional Support

WordPress security is a huge topic, but this popular plugin is designed with ease of use in mind. You can activate many of its security features with just a few clicks, and the default settings should work well for most WordPress websites.

However, sometimes you may have questions or need some extra help. If you want to get answers yourself, then Solid Security has a help center where you’ll find detailed documentation.

If you want more information, then Solid Security has also published a series of free guides.

These cover a range of WordPress security topics such as tasks to perform when you first install WordPress, and how to perform a security audit.

If you prefer one-on-one help, then you can submit a support ticket and the SolidWP team will get back to you as soon as possible.

Solid Security Review: Pricing and Plans

If you’re just getting started or have a limited budget, then you can download the lite version of Solid Security from WordPress.org. This free plugin comes with six different site templates, so you can quickly and easily protect all kinds of websites.

However, if you want the more advanced features, then you’ll need to upgrade to a premium Solid Security plan.

Unlike some other WordPress security plugins, you’ll get the same features no matter what license you buy. This means you can secure your login page, protect against brute force attacks, patch vulnerabilities automatically, set up passwordless logins, and much more.

However, the price will vary depending on the number of sites where you want to use the Solid Security plugin.

Do you need to secure a single WordPress website? Then a license will cost $99 per year.

Do you own a few different sites, such as multiple blogs in an affiliate marketing network? Then you can install Solid Security on 5 websites for $199 annually.

Meanwhile, if you run a WordPress development agency or manage lots of client websites, then you can install Solid Security on up to 50 sites for $499 per year.

Solid Security Review: Is It the Right Security Plugin for You?

After looking at the features, support, and pricing plans, we’re confident that Solid Security is a great security plugin.

It protects your site’s login page by enforcing strong passwords, and offering alternative login methods such as two-factor authentication and passwordless login. At the same time, it scans your site for vulnerabilities in your WordPress plugins, themes, and WordPress core.

If you only want to secure a single blog or website, then you can buy a yearly license for $99.

However, the price rises based on the number of websites where you use Solid Security. For example, if you need to install Solid Security on 10 websites, then you can expect to pay $299 per year.

We hope this Solid Security review helped you decide whether it’s the right security plugin for you. You can also check out our guide on how to increase your blog traffic, or see our expert pick of the best analytics solutions for WordPress users.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.