Better WP Security is a WordPress plugin that claims to apply the “best WordPress security features and techniques” with one-click activation. The plugin has gained a lot of praise from the WordPress community, but what does it offer it's users?
Security-related plugins should always be inspected thoroughly because they often require extensive access to your site in order to be effective. Security plugins are also notorious for being a weak facade for paranoia-based marketing ploys. Put simply, be skeptical.
Usability and Functionality (B+)
The usability of Better WP Security is a non-factor because it's appeal is combining all the best security practices and applying them for you. There is a simple configuration for plugin options, but beyond that the plugin handles itself very well and leaves a very light footprint on your installation.
The simple configuration is not a detriment to the plugin's usability, but instead a testament to it's effectiveness through simple techniques (changing the name of the admin user, removing information that malicious bots can detect, changing of default WordPress URLs).
In addition to the numerous easy fixes, WP Better Security also provides a few flashier security-related features:
- Detect and ban malicious bots
- The option to force SSL in admin area or on a specific post/page
- Scan your installation for vulnerabilities and fix them automatically
Most web development agencies will have internal procedures already set in place that accomplish most of this plugin's functionality, but this plugin has the potential to be extremely helpful for WordPress users with less resources and/or less of a technical background.
Maintenance and Support (B-)
This plugin is pretty new on the WordPress scene. WP Better Security's usage has nearly doubled 2x since the beginning of 2012. That being said the plugin's developer, Bit51, has done a good job of actively developing the plugin during it's “rise to fame”.
Bit51 seems to be active in the plugin's support forums (not the general WordPress.org forums). There is a post in which they recommend using the development version of his plugins if they encounter bugs. While this may provide a solution to some users I can never recommend using a development release of a plugin in a production environment. It has the potential to fix specific issues, and at the same time the potential for infinite more problems.
WP Better Security seems to be a plugin on the rise, but despite it's many endorsements there are a few red flags for users to be aware of.
- The plugin is very young, and has yet to stand the test of time
- There is no support other than WordPress.org. This is a non-issue as long as Bit51 stays active in the forums hosted on WordPress.org, and some may benefit from all the support being organized in a single location. However, it doesn't give you many options if you do run into an issue that needs specialized support.
- WP Better Security's developer, Bit51, seems to be a one-man shop. To say this a red flag is not a characterization of him, but simply acknowledging that the project currently relies on one man (however talented he is).
Documentation (B)
Other than a few posts on Bit51.com, there is no official documentation outside of what is hosted in the WordPress.org Plugin Directory. However this is not a huge factor, because WP Better Security is a somewhat “automatic” plugin that requires little from the user-end.
That being said, additional technically-detailed documentation would be welcomed, but for now users will have to lurk support forums.
Alternate Plugins
WP Better Security needs no better proof of its effectiveness other than it's dramatic increase in popularity since the start of 2012. However, if you are looking for a sleeker, more-proven, premium alternative; I suggest you check out VaultPress by Automattic. At $15 per site for just their basic plan, this option will likely be too costly for most users.