Solid Security Pro v9.0.4

Solid Security Pro (formerly iThemes Security Pro) is one of the oldest, most reputable, and most powerful WordPress security plugins in the world. This plugin focuses on preventing cyberattacks, patching system vulnerabilities, and protecting user login credentials.

Key features

• Local & Network Brute Force Protection: Automatically blocks persistent IP addresses from attempting password brute force attacks. Solid Security’s cloud-connected intelligent information system helps prevent malicious IPs from being banned from other websites on the global network.
• Banned Users: Allows you to proactively and permanently block IP addresses, IP ranges, or user agents that attack or scan websites for vulnerabilities.
• Two-Factor Authentication (2FA): Supports forcing the setup of two-factor authentication via mobile apps (Google Authenticator, Authy), email linking, or backup codes.
• Passwordless Login: Allows users to log in extremely quickly and securely via fingerprint, facial recognition (FaceID), or device PIN (Windows Hello/Apple TouchID).
• Reject compromised passwords: Prevents users from setting weak passwords or passwords from being leaked online.
• Solid Security Site Scanner: Automatically scans the entire website source code, checking installed plugins and themes to detect any components with security vulnerabilities.
• Automatic Vulnerability Patching: (Pro version exclusive feature) Automatically updates plugins with detected security flaws immediately to protect your website before you even have a chance to read the alert email.
• File Change Detection: Monitors all files on the hosting. The system will detect and send alerts immediately if any files are modified by hackers or if files are not automatically added to the encrypted source code.
• Change login path: Allows changing the default admin page path (from /wp-admin or /wp-login.php to a different secret name) to mislead bots.
• Away Mode: Completely blocks access to the admin page during fixed periods of the day (e.g., Block access from 1 AM to 5 AM while you are sleeping).
• Block XML-RPC and REST API: Disables third-party service ports if not in use, allowing for additional hacking attempts.
• This allows you to divide accounts on your website into separate groups (such as Admin Group, Editor Group, Customer Group). From there, you can force the installation of a separate 2FA application or Passkey for each group without inconveniencing users in other groups.

Comparing the Free (Basic) and Pro versions

• Free (Solid Security Basic): Offers features such as Brute Force protection, login path changes, and WordPress Hardening. You can download it directly for free from the WordPress.org library.
• Pro: Unlocks features like Auto-Repair, Passkey Login, Advanced Malware Scanning, Away Mode, Password Rust Check, Detailed Activity Logs (Magic Links, Geolocation), and 24/7 technical support from the SolidWP team.