Basic Pro

Built by WordPress security experts

Formerly iThemes Security, Solid Security is the only WordPress security plugin you need.

1 Site
$59.40 first year only
$99Save $39.60
Buy 1 Site Now

In partnership with:

Free

Forever!

Get Solid Security Basic

Your secure foundation built by WordPress security experts since 2014

Stop brute force attacks in their tracks

  • Secure and protect the most commonly attacked part of your WordPress website — user login authentication
  • Automatically lock out bad users identified by our Brute Force Protection Network and your own blacklist

Increase user login security

  • Automatically require users to create strong passwords
  • Log in with Two-Factor Authentication, or, even better, passkeys

Scan for vulnerable plugins and themes

  • Scan your site for vulnerabilities reported by our partners at Patchstack
  • Run a WordPress Security Scan to identify vulnerable software
  • Automatically update vulnerable software when a patch is available
Get Solid Security

Stop attacks in their tracks

  • Firewall powered by Patchstack
  • Two-factor authentication
  • Biometric login compatible

The only WordPress security plugin you need — period

Looking for a secure and easy way to log into your WordPress site? Look no further than passkeys. Skip the hassle of two-factor authentication apps, password managers, and complicated password requirements.

  • Biometric login compatible with Face ID, Touch ID, and Windows Hello
  • Passkey technology compatible with Chrome, Firefox, Safari, and other browsers
  • Hassle-free authentication
  • Secure logins for website admins and users

Solid Security offers local and network brute force protection. Local protection bans IP addresses and login attempts based on the lockout rules you specify. Network protection goes further by banning IPs seen trying to break into other sites.

  • Stop local and network brute force attacks
  • Customize failed login attempts threshold
  • Customize lockout rules to ban IP addresses
  • Ban IP addresses flagged as threats by the 1M+ Solid Security community of sites

Every day, lots of activity is happening on your site that you don’t see. Our WordPress Security Plugin monitors all activity related to your site’s security and draws your attention to threats. You decide what it reports to you and other users by email.

  • Customize security dashboard for different users, like clients
  • Monitor security-related events on your site 24 hours a day, 7 days a week
Get Solid Suite Get Solid Security
Get started with Solid Security Basic — free

Added protections with NEW
Patchstack integration

You can’t be everywhere, all the time, but bad actors who want to hack your site, steal your data, and cripple your business are a 24/7/365 threat. 

Solid Security Pro protects your WordPress website even when your attention is elsewhere thanks to our unique Patchstack integration. 

When Patchstack is enabled, vulnerabilities are automatically patched, before you even get a chance to take action. No more worrying about the potential impact of not responding to a vulnerability fast enough. Solid Security Pro with Patchstack took care of it for you. 

What about all those times when a fix has not yet been issued by a plugin developer or vendor? We’ve got you covered there too. 

With Solid Security Pro, you can reduce your WordPress website’s risk to nearly zero. Go Pro today.


Get Solid Suite Get Solid Security

Try Solid Suite — risk free

We are seriously committed to offering a superior product. If for any reason our products aren’t living up to your expectations, we offer a zero risk 30-day money back guarantee.

Get Solid Suite Contact us

30,000 websites are hacked every day

20-40%

Of WordPress sites have vulnerable code right now

50%

Nearly half of all targeted cyberattacks prey on small- to medium-sized businesses

20%

Of businesses nearly faced bankruptcy after a cyberattack (2022)

2.98M

The average cost of a data breach for businesses with fewer than 500 employees was $2.98 million in 2021

Customer trust, business stability, and brand reputation are lost when your site is breached

1,779

Vulnerabilities disclosed in WordPress-related plugins, themes, and the core WordPress platform in 2022

57%

The United States saw a 57% jump in cyberattacks as hackers exploit vulnerable websites with unhardened security practices

Let’s make sure your website isn’t one of them

Trusted by thousands of businesses all over the world

“I was using one of Solid Security’s competitors and we still got hacked! Since I’ve been using Solid Security our site has been rock solid! Love the products and the team.”

Erica Eide —
Founder, small business

“The Solid Suite of products helps me help my clients get more visible online and help them make more money with their website. Highly recommended!”

Paul Taubman —
Chief Online Strategist

“Using SolidWP products helps me make a difference in the success of others. I know I can count on them to deliver the results I want for my clients.”

Sue Spencer —
Founder, web design

FAQ

Contact us

Logging in without a password! This can be done with passkeys assigned to your phone or laptop that are passed from your device to WordPress through your browser. Your device must support the WebAuthn standard for passkeys to work.

SolidWP Security lets you log into your WordPress sites using Apple Face ID, Apple Touch ID, Windows Hello, and passkey technology (WebAuthn) supported by all major browsers, including Chrome, Firefox, and Safari.

Security works with any Time-Based One-Time password Provider (TOTP). Any two-factor authentication app that supports the TOTP standard will work with the Solid Security plugin. The most popular two-factor code generator apps for iOS and Android devices are the Authy, Google Authenticator, FreeOTP Authenticator, and Toopher apps. Additionally, you can use a YubiKey or other Trusted Platform Module (TPM) devices.

Cloudflare’s Turnstile, Google’s reCAPTCHA (all versions), and Intuition Machines’ hCaptcha.

Yes.

One of the best security practices for a WordPress site owner is keeping software up to date. Because of this, we only test this plugin on the latest stable version of WordPress and will only guarantee it works in the latest version.

No. Solid Security is designed to help improve the security of your WordPress installation from many common attack methods, but it cannot prevent every possible attack. Nothing replaces diligence and good practice. This plugin makes it a little easier for you to apply both.

Many of the changes made by this plugin are complex and can break existing sites. While Solid Security can be installed on either a new or existing site, we strongly recommend making a complete backup of your existing site before applying any features included in this plugin.

Solid Security requires Apache or LiteSpeed and mod_rewrite or NGINX to work.

Solid Security makes significant changes to your database and other site files, which can be problematic for existing WordPress sites. Again, we strongly recommend making a complete backup of your site before using this plugin. While problems are rare, most support requests involve the failure to make a proper backup before installation. DISCLAIMER: Under no circumstances do we release this plugin with any warranty, implied or otherwise. We cannot be held responsible for any damage that might arise from the use of this plugin.

Looking for iThemes?

A trusted WordPress plugin brand since 2008, was rebranded as SolidWP to focus on its strongest and longest-supported products, including BackupBuddy, which is now Solid Backups. Solid Backups integrates with Solid Central and Solid Security to form Solid Suite: three integrated layers in a solid foundation for any WordPress website.

The same people behind iThemes are still making, marketing, and supporting SolidWP products.

Learn more about the iThemes rebrand

Solid Suite

1 Site
A seriously solid foundation for WordPress websites — 
Solid Security, Solid Backups, and Solid Central
$119.40 first year only
$199Save $79.60
Buy 1 Site Now