This topic contains 21 replies, has 1 voice, and was last updated by Peter Wootton .
Does installing a security plugin cause your website to slow down?
Depends on the plugin. Some are bloatware and should be avoided, no matter how good the sales pitch.
I’m using a economy / starter plan of SiteGround.. I installed Sucuri security plugin and felt that the site got slow.. this time it’s deactivated at my website.. what do you say about Sucuri ?
Could very well be the reason yes. In general, the more plugins you add, the slower the website gets. Which security plugin are we talking about here?
That’s a light one, I doubt that is the reason. Try to remove unnecessary / unused plugins, minify css/js, clear out junk files
Yea I’m already using a minification and cache plugin.. Can you recommend me any other security plugin or should i go with the same ? Currently I have this deactivated
See how iThemes security (free or fee) or WebARX (fee) works for you. Both are excellent… as is Sucuri, of course, but maybe one of the other two will work better for your set-up.
Try “all in one wp security”. That said, if you developed the website well and have all security measures taken into account when developing, you don’t really need a security plugin. Especially if you’re always maintaining the website.
I am using a #PaidTheme and hosting is from #SiteGround… is that fine? I am not much into coding just using WordPress GUI…
Yes both are great. I know siteground is considered up there for hosting wp websites.
That said, do you know if you’re on a shared hosting plan, what CPU, RAM, bandwidth you have?
I am having the starter plan…
Depending on the size of the website and the amount of resources it uses, the hosting plan could be a factor in speed too.
Feel free to PM me the website so I can take a look at what it could be
Try Malcare, they sync your site to their server, and therefore their scan won’t affect your site’s performance. Great product!
Low cost hosting plans usually do not have the resources to allow file scans to run without a performance hit.
Disable any file scanning or file change detection and see if the site speeds up.
First of all, why do you need the security plugin? If you need it because you can’t keep up with the updates, try something that helps you automate this. If you’re having issues with bruteforce attacks and bot traffic, you should look for WAF instead. If you’re a having bunch of websites you need to keep protected, look for security monitoring.
There are few types of products you could choose:
1) Just a plugin which helps you harden the wordpress installation, it often does the same things that you could already do from WP installation and they can get your site fairly slow depending on the traffic you have. The main reason is high number of .htaccess rules etc.
2) CDN based WAF (like Sucuri, Cloudflare, StackPath etc.) which will direct all traffic from your domain to their servers and serve cached version of your site (to increase speed). With CDNs, there is often an issue that the site can also be accessed directly via IP and therefore the whole Firewall capability can be bypassed.
3) Onsite WAF, which means that the firewall will be executed on the site itself. Similar to mod_security, fail2ban etc. modules which can be installed to the server, but you can run similar capabilities also as an integration to application. This means that the firewall will be built within your application and you don’t have to rely on third party service downtimes etc.
4) Managed Hosting, I will also mention this here, because many of those service providers have actually included security on the server level and try to do everything they can to make it as easy and intuitive as possible to keep all the plugins etc. updated on your sites (outdated plugins are biggest security issue with WP sites).
Obviously, I’m slightly biased. We are building WebARX as a website security platform, but not just for WordPress but also for any PHP application. We are a mix of 1) 3) and 4). While we have a WordPress plugin which allows you to enable 2FA, Recaptcha, and even change the /wp-admin/ location etc, our main strength is the on-site WAF which can be installed on any PHP application (WordPress plugin is automatically installing it) and it’s protecting you from OWASP top10 web application vulnerabilities and is getting daily updates to keep the site safe depending on the software (plugins) your site has installed. WebARX also allows you to up-time monitor, do domain reputation checks and update software on your site directly via WebARX dashboard. We are building it mainly for digital agencies to keep their client portfolio safe and monitored, but you could try it out since it has a free trial.
TLDR; Figure out why exactly do you need a security product for your WordPress site and choose accordingly.
thank you sir
It depends, it could.
Most plugins use your website server resources. But if you are looking for a security plugin specifically that works outside the box, you can try MalCare. MalCare uses its own server for all security functions, so there is no load on your site from its side. It includes automatic and easy scanning, cleaning, firewall, hardening and login protection. You can check it out at https://www.malcare.com/
Not as much as malware and DDOS attacks… Configured properly of course.
You must be logged in to reply to this topic.