Best security plugin for Bedrock


What is the best security plugin that is Bedrock compatible? Are there any?

Thank you in advance for your assistance.

I’ve seen one going around that isn’t a plugin but a command to do some hardening through settings and secure the site up front. I think it was this the idea that it doesn’t add dependencies that could themselves be exploited.

Security Plugins mitigate some security vulnerabilities, but also introduce new attack vectors. Security researchers show that WordPress Security Plugins are „failing entirely and even the most effective plugins failing to identify significant vulnerabilities“

I have found iThemes Better WP Security plugin works well. However with Bedrock you will have to remove the Config::define('DISALLOW_FILE_EDIT', true); line because on init iThemes will add that to your wp-config.php and cause a 500 error. It is also true that if you don’t do this, and it works, it could at some future point just happen and cause the error at random so I always make sure to comment that line out.

Maybe there is a better way to do that.

but iThemes allows you to do a lot of things easily above and beyond that hardening with configurations, like obscure the wp-admin log in, monitor file changes, require strong passwords, scan plugins for known vulns (from wpscan), I think the free plugin can also add 2fa, and more that I am probably missing.