Which security plugin(s) do you recommend?
Security plugins for WordPress are exactly like anti-virus programs for a computer: if you manage your system properly, there is truly NO need for such applications whatsoever. Many of our clients are rather taken aback at first when we recommend them to remove their security plugins; many of them (WordFence, Sucuri, etc) have some slick marketing and strong fan bases and make WordPress webmasters feel smarter and safer for having them installed. In reality, such plugins drastically hurt website performance, and honestly do not necessarily improve security at all depending on what other issues your server or WordPress installation might have. In short, LittleBizzy sets up Nginx servers with top notch speed/security rules, and along with our CloudFlare partnership, your website is already extremely secure from hackers, malware, and so forth. If you REALLY care about your WordPress security, its more important to focus on strong user passwords and regularly updating your plugins/theme (or deleting very old/outdated plugins) rather than running very bulky security plugins. In general, such plugins are more of a “reminder-ware” than anything else: they remind you to update software, remind you to create strong passwords, and (if you have time to regularly scan) they sometimes have the ability to “find” malware on your site. But if you are using strong passwords and updating well-maintained plugins to begin with, this clearly doesn’t have much value. The other major feature such plugins usually have is “monitoring” user traffic to your domain and allowing you to block bad visitors, multiple login attempts, and so forth. Again, CloudFlare takes care of all this automatically, and keeps it off your server to keep from dragging down your RAM, CPU, and overall website performance. In conclusion, CloudFlare + Nginx rules and just basic common sense are much more valuable in maintaining a secure WordPress site than installing a plethora of security plugins.
Related questions: