Richard Munter and Jessica Westermann lead the unique partnership of Munter Westermann Arts & Media.  A cross-functional team, Munter Westermann has developed communication materials for leading environmental, arts, and service organizations.  We have expertise and extensive experience across multiple disciplines allowing us to design for and deliver optimally across different media.

Richard works on all stages of production including concept development, execution, and delivery on web, video, design, and performance projects. Learn more about Richard.

Jessica’s background lies in performing arts and administration.  She has a particular focus on instruction, design, and planning. Learn more about Jessica.

Richard Munter

Richard Munter

Jessica Westermann

Jessica Westermann

 

iThemes Security vs. WordFence

24119
iThemes Security vs. WordFence

I’ve been using the WordPress plugin, iThemes Security, to protect my WordPress powered websites for some time now.  This plugin delivers some great features like checking for modified files, changing the default WordPress login page, banning suspicious users (e.g. with multiple failed login attempts or multiple 404s), and much more. 

Recently, I evaluated the plugin WordFence.  This plugin has many of the same features as iThemes Security plus the ability to compare your site’s files with those stored at WordPress.org.  It can check for modifications in core, plugins, and themes found in the WordPress repository.  Very cool.  iThemes Security can compare WordPress core files but doesn’t compare any others.  WordFence also scans site files for malware.

Both plugins share information about globally banned IPs and about attacks in progress and so can ban those attacking IPs.  Both plugins also have very full featured free tiers and additional features at a paid tier.  Both iThemes Security and WordFence are actively developed and have large user communities which suggest they will be around for some time and will be updated to address new threats.

I like that both plugins do a good job of educating the user.  Instead of just presenting a bunch of options (or worse, no options), explanations accompany most options so that the site administrator can better understand what he or she is doing.

So, which is better?  Both plugins are excellent tools.  I’m a big fan of iThemes since I started using their BackupBuddy plugin for WordPress and iThemes Security seems to add less additional load on the server so my inclination is towards iThemes Security.

Like with anti-virus and firewall on your computer, no one solution is best or all encompassing.  Sometimes you need a variety of tools. Install iThemes Security AND a few other plugins which you can activate and use as needed.  Once finished with them, just deactivate them so that they don’t use additional system resources.  Try:

Security has become an ongoing concern for web developers which requires regular attention.  How are you securing your site?

 



14 Comments
  • sbsea
    October 7, 2016 at 12:24 am

    You should try LCS Security – works really well. My site was under a barrage of failed login attempts and some adware content got injected somehow. This plugin looks like a newcomer, but it really got rid of most hacking attempts and content injection within just a few days after installation. And it’s completely free, no pro version up-sell.

    • Richard Munter
      October 18, 2016 at 11:24 pm

      Thanks for introducing me to this plugin. Unfortunately, it’s way too new and with way too few users for me to trust it with my sites or my clients’ sites. And I don’t think a pro version is a bad thing actually. It means that the plugin developers are more likely to be around in the future and more committed in updating their plugin. And features from the pro version tend to make it into the free version.

  • Richard Munter
    April 12, 2016 at 4:57 pm

    Hey Paul,

    Thanks telling me about your plugin. WordPress.org reviews look good as do the features. I will check it out!

    cheers,

    Richard

  • Paul G.
    April 11, 2016 at 7:27 am

    Hi Richard!

    Since you’re doing these review/comparisons, I’d love it if you’d take a little look into our security plugin, The Shield.

    We’re getting great traction at the moment and great reviews… but with your in-depth experience, I’d love to see how we stack up against your favourites and perhaps areas you might like to suggest for improvement.

    Our plugin on WordPress.org: https://wordpress.org/plugins/wp-simple-firewall/

    Feel free of course to hit me up by email to discuss ideas and thoughts you have.

    Thanks for your time!
    Paul.

    • John
      May 18, 2016 at 4:52 am

      I was using wordpress shield plugin but i’m now looking for alternatives due to finding it was the cause of my dashboard responding sluggishly. When i deactivated the plugin and installed another security plugin, my dashboard was responsive as it should be. Not so when your plugin was installed unfortunately.

  • Richard Munter
    February 10, 2016 at 5:39 pm

    Hey Sacha,

    I’m re-evaluating WordFence currently and I’m impressed by the site speed increases offered by the caching engine. I did run it on a site that I knew had malicious files on it, and it didn’t detect them. Neither did iThemes Security either though. I’ve had good experience with both plugins but my biggest concern now is Kay’s comment about performance so I’m checking that.

    cheers,

    Richard

  • Sacha Howard
    February 10, 2016 at 4:10 am

    I prefer WordFence because it is much simpler to use. I’ve had some bad experiences with iThemes and the iThemes Security plugin.

  • Richard Munter
    January 20, 2016 at 5:54 pm

    Hi Kay and Vishwajeet,

    Thanks for your input and experience with these plugins. I’m taking a hard look at them again and will do some more formal benchmarking. My experience with iThemes Security has been good but I’m typically adding caching plugins as well. Now, Wordfence has that built in. I wonder if any/all of you are enabling that setting in Wordfence? If so, then the test should really be Wordfence vs iThemes (+caching plugin).

    Regardless, I will take another look.

    Thanks,

    Richard

  • Vishwajeet Kumar
    January 17, 2016 at 6:40 am

    I am a big fan of Wordfence. But recently I have also tried ithmeme Security and found that it uses lots of CPU usages and slow down my WordPress site. but I am on Wordfence again and it works like charm.

  • Dave Matthews
    October 29, 2015 at 4:29 pm

    Hi,

    I am in the process of comparing the two plugins.

    I used iThemes at first for the last few days, and I like it. I wish I could ban more usernames because I’m getting people trying to login as root, but admin is obviously the main one.

    I’m giving Wordfence a run now and happy about it as well and for the money I’m thinking of going straight into a premium package.

    I’ll wait and see…

    Cheers,

    Dave

  • Alan
    August 31, 2015 at 5:38 am

    I’ve been using iThemes (better wp security) for years and have recently moved to using both. I am considering only using wordfence as I found iThemes has too many theme and plugin conflicts. Wordfence can be slow if you use live traffic, turn it off when not needed.

    Wordfence will leave the tables behind if you choose that option, so if you reinstall later you have history.

    There is an option “Delete Wordfence tables and data on deactivation?” in the options section. I’ll admit it isn’t very obvious but it is there. A quick google will bring up plenty of wordpress forum questions with the same question. If it’s really that big a deal, DROP…

    As an aside, if you are using shared hosting one of the best ways to speed up a site is to add this to your wp-config.php file:
    /** Increase the default memory limit for wordpress*/
    define(‘WP_MEMORY_LIMIT’, ’96M’);

    By default WordPress will only use up to 40M, even if the PHP limit is higher. Adding this to your wp-config.php will tell wordpress it can use more, in this case 96, but you could make it 128 or 256. Best check the server limit before making a change though, again plenty of plugins available.

    Pingdom is useful for uptime and user response times but for a complete breakdown of where issues are use google pagespeed or gt metrix, they even have plugins:
    https://wordpress.org/plugins/google-pagespeed-insights/
    https://wordpress.org/plugins/gtmetrix-for-wordpress/

    Best,
    Alan.

  • Motivator
    July 30, 2015 at 9:21 am

    Hi Guys,

    I came across your article when searching for a safe way to delete iThemes Security plugin from my website. My site Health Fitness Gym has been reduced to a crawl and I have done a few upgrades to fix it with only a little success.

    Recently I discovered the P3 – Plugin Performance Profiler and ran a test on my system to see what else might be the cause of the slow down, I was shocked to say the least at the results.

    I found that Wordfence free version (which I previously used as my main security plugin) and hadn’t removed used 6% of my server resources, and iThemes Security Pro (which was now my main security plugin for the last 3 or 4 months) was using a whopping 58% of my servers resources and had brought my site to its knees was the culprit all along.

    Needless to say this bloatware has cost me a lot of time and money in changing WordPress themes and server upgrades that I didn’t need, as well as lost traffic and therefore sales which after all pays for the hosting of the site.

    The plugin does its job very well if you’re lucky to be on VPS or dedicated hosting probably but not if you are starting out on a shared hosting package. I hope this short report helps others trying to decide if they should buy one or the other security plugin, my answer if on shared hosting go with WordFence.

    Regards,
    Motivator.

    • Richard Munter
      August 4, 2015 at 1:14 pm

      Hi Motivator,

      Thanks for your feedback. I haven’t seen this performance hit on my many sites running iThemes Security. I’ve been using offsite speed tests like those at Pingdom but I’ll try some website profiling for a more in-depth look.

      One side effect I didn’t like with WordFence was the number of tables it added to the database. These stick around when the plugin is disabled, adding to bloat on the site.

      Cheers,

      Richard

      • kay
        December 1, 2015 at 12:03 am

        Hi Richard,

        A few extra tables with an option to delete on uninstall is not a big deal at all. Memory usage is way more important.

        I just ran P3 and ithemes security is taking 86% of runtime. That’s horrible for a plugin. Really considering removing it.