Why Go Pro?

SOLID SECURITY PRO VS. BASIC

Why go pro?

Upgrade from Solid Security to the most powerful security
plugin for WordPress:

Number of sites

  • 1
  • 5
  • 10
  • 25
  • 26+
1
$99 per year
Get Solid Security Pro
In partnership with:

Stay protected with the leading WordPress security plugin

Gain peace of mind with security tools that never sleep.

  • Custom, targeted protection from vulnerabilities that can actually pose a threat to your website.
  • Identify and mitigate vulnerabilities with Patchstack 24/7 monitoringeven when your attention is elsewhere.
  • Fast threat detection.Patchstack works out of the box to begin identifying threats from day one.
  • Real-time security widget.Customize security dashboards and reports.

Depend on best-in-class brute force protection.

  • Passkeys.Enable biometrics like Face ID, Touch ID, Windows Hello, WebAuthn, and more.
  • Two-factor authentication.Increase user account security with added layers of authentication.
  • Magic links for passwordless login.Bypass session lockouts with magic login links.
  • reCAPTCHA.Verify human identity and protect your site from bots.

Secure every path into your site to keep bad actors out.

  • Scan for inactive user accounts.Close security gaps by auditing inactive accounts.
  • Manage user roles and permissions.Adjust the access levels and privileges for every user on your site.
  • Privilege escalation.Grant temporary site access for a limited period of time to contractors and other outside users.

Keep hackers from stealing session IDs and compromising your site.

  • Trusted devices with geolocation tools.Improve security by connecting to an external location or mapping API.
  • Protection against one of the most common attack vectors for WordPress.
Go Pro Now

What’s Included?

Free

Pro

Login Security

Biometric logins (like Face ID, Touch ID, and Windows Hello) and passkey technology supported by all major browsers, including Chrome, Firefox, and Safari, to use with your WordPress login. Website admins and end users can have secure logins without the inconvenience of additional two-factor apps, password managers, or complex password requirements. Learn More about login security >

Protect Login, Registration, and Password Reset from Bots

  • Real users can potentially get locked out if a brute force attack occurs with their username.
  • Magic links allow users to bypass lockouts of their username by the iThemes Security Brute Force Protection Network.
  • Eliminates the need for a website admin to release a user’s lockout before they can login.
  • Adds more brute force protection by bypassing the normal WordPress login method.
  • Allows users to login to your website either with state-of-the-art passkeys or directly from a link sent securely to their email address.
  • Helps reduce login friction by removing the need for complicated passwords or two-factor codes while maintaining a high level of security.
  • Learn More about Magic Links and Passwordless Login >

Password Expiration

Refuse Compromised Passwords

  • Allow admin users to approve the devices they frequently use to log in to the site.
  • Blocks admin user logins from unrecognized devices by restricting admin capabilities.
  • Sends email notifications if a user logs in from an unrecognized device.
  • Learn More about trused devices >

Two-Factor Authentication

Strong Password Enforcement

  • Host Lockout Messages: This is the message that an IP address will see if they’re locked out of the site.
  • User Lockout Message: This is the message a user will see if their specific username is locked out.
  • Community Lockout Message: The message to display to a user when their IP has been flagged as bad by the Solid Security network.
  • Learn More about customizable lockout messages >
Firewall

Along with hacked user accounts, vulnerable plugins are the most common threat vector criminals use to break into WordPress sites. As vulnerabilities emerge, software vendors release security updates or “patches” that fix the vulnerabilities in their code. Vigilant site owners, administrators, and agencies managing sites for their clients will quickly apply security patches. However, they might not be fast enough to block every attack. Learn More about patchstack>

Real-time WordPress security dashboard widget

Settings Import & Export

Local & Network Brute Force Protection

Custom Firewall Rules

Users

User Activity Logging

Restrict user capabilities on unrecognized devices

Require Two-Factor for vulnerable users

Session hijacking is a type of cyberattack that WordPress site owners need to know about. Also known as TCP session hijacking, session hijacking makes attackers look like properly logged-in users. The attacker takes over a user session by obtaining their session ID without the valid user’s knowledge or permission. Learn More about session hijacking protection >

Half of all internet traffic isn’t human activity — it’s bots. Spambots, search bots, Twitterbots, and DDoS bots are just a few common types of web robots. They’re everywhere in the online world, and not all of them are bad. But some of them are bad, and bad bots can be more than a nuisance. They can disrupt your WordPress site’s functionality, slow down your workflow, and drive away your users or customers. Learn More about banning bots and bad users >

Half of all internet traffic isn’t human activity — it’s bots. Spambots, search bots, Twitterbots, and DDoS bots are just a few common types of web robots. They’re everywhere in the online world, and not all of them are bad. But some of them are bad, and bad bots can be more than a nuisance. They can disrupt your WordPress site’s functionality, slow down your workflow, and drive away your users or customers. Learn More about login blocking IP and user agents >

Half of all internet traffic isn’t human activity — it’s bots. Spambots, search bots, Twitterbots, and DDoS bots are just a few common types of web robots. They’re everywhere in the online world, and not all of them are bad. But some of them are bad, and bad bots can be more than a nuisance. They can disrupt your WordPress site’s functionality, slow down your workflow, and drive away your users or customers. Learn More about banning bad bots and users from your site >

Manage and configure email notifications sent by Solid Security related to various settings modules. Learn More about email notification >

Site Check

When you are seeking support or after hiring an independent contractor. You need a safe, secure way to add temporary admin access to your website. Learn More about privilage escalation >

Site Scanner

The faster you discover the breach, the quicker you can stop any further damage from being done, and the faster you can get your website and business back online. Learn More about file change detection>

File Permission Check

Utilities

Reduce Spam Comments

Version Management is a great tool that makes managing updates of WordPress core, themes, and plugins a breeze. Applying security updates as soon as possible, if not automatically, is an essential security feature for every WordPress site. Used alongside other Solid Security Pro features, like firewall and virtual patching, Version Management will reduce your security risks nearly to zero. Learn More about version management >

Your success with Solid Security, Solid Backups, and Solid Central is our highest priority. Whether you need help fine-tuning your security setup, managing your backup system, or configuring your central hub for sites, our support team is here for you. Learn More about support >

Any type of website log file is full of event entries that tell the history of your site. A WordPress security log shows you the story of your website’s security. Has your site been attacked, were the attacks stopped, or has your site been infected with malware? The answers to these questions and more can be found in your WordPress security logs. Learn More about real-time WP security dashboard >

One of the best ways to protect yourself from an attack is to have access to a database backup of your site. If something goes wrong, you can get your site back by restoring the database from a backup and replacing the files with fresh ones. Learn More about database backup >

Restore to Production

Manage multiple sites with ease and speed. Learn More about dSolid Central >

Stop attacks
in their tracks…
Go Pro

Get Solid Security Pro Get Solid Suite

Number of sites

  • 1
  • 5
  • 10
  • 25
  • 26+
1
$16.58 Per month paid every 14 months20 GB Included storage40 GB Included storage
Get Solid Suite
In partnership with: