Do I really need security plugin for WordPress?
- This topic is empty.
-
AuthorPosts
-
Margaret
GuestI believe SlickStack has some security features although not sure what is the complete list. And if security plugin is still recommended for WordPress?
Ann
GuestFor example Wordfence or Sucuri? not sure if there are other good security plugin also?
Arthur
GuestNO. Most likely you don’t need any bloated security plugin if you are using SlickStack.
Even without SlickStack their usefulness is questionable. They don’t really stop malware infections per se if you’re using bad code.
Isabella
GuestSlickStack has rate limiting built in already for wp-login.php and also blocks access to xmlrpc.php which protects you from DDOS and brute force login attacks.
Helen
Guestso what security stuff does SlickStack NOT take care of???
Betty
GuestFirstly define what you mean by “security plugin” because there are many plugins that improve security, not just Wordfence.
The reason SlickStack doesn’t support Wordfence is because it hacks too many core files and doesn’t play nice with other software layers. For example it provides PHP-level rate limiting of wp-login.php but Nginx is much better for doing that.
There are other lightweight security plugins that SlickStack does support and are perhaps a good idea to use, like Disable REST API, etc.
Alexis
Guestso what security stuff does SlickStack NOT take care of???
SlickStack uses Nginx to do things like deny requests to certain risky URLs or rate-limit login attempts, but it doesn’t do much PHP-level security inside of WordPress like blocking certain types of malicious requests.
So a good quality and lightweight security plugin you might use with SlickStack is Jeff’s BBQ firewall plugin maybe:
It doesn’t require hacking .htaccess, database, or wp-config.php (some of the reasons why Wordfence is blacklisted by SlickStack).
-
AuthorPosts
