Official logo for Solid Security (formerly iThemes Security)

Solid Security (formerly iThemes Security)

by SolidWP (StellarWP / Liquid Web)

Free Tier Available Open Source
4.1
WAFPlanet Rating

Comprehensive WordPress security plugin with Patchstack-powered firewall rules, virtual patching, two-factor authentication, and site scanning for proactive protection.

Visit Website Documentation View Pricing
Company: SolidWP (StellarWP / Liquid Web)
Pricing: Freemium (Free tier + annual Pro license)
Founded: 2008

Overview

Solid Security, formerly known as iThemes Security, is a well-established WordPress security plugin now part of the SolidWP family under StellarWP and Liquid Web. With over a decade of development, it has evolved from a basic hardening plugin into a full security suite with firewall capabilities powered by Patchstack's virtual patching engine.

The firewall in Solid Security Pro integrates Patchstack's vulnerability database, automatically applying virtual patches to protect against known plugin and theme vulnerabilities before developers release official fixes. This is particularly valuable for the WordPress ecosystem where third-party plugins are a major attack vector.

Beyond the firewall, Solid Security provides comprehensive hardening features including two-factor authentication, password requirements enforcement, file change detection, database backups, and a unified security dashboard. The Pro version adds passwordless login via passkeys, trusted devices management, and advanced user security features.

As part of the SolidWP ecosystem alongside Solid Backups and Solid Central, it offers an integrated WordPress management experience for agencies and site owners managing multiple WordPress installations.

Ratings Breakdown

Ease of Use 4.3/5
Value for Money 4.2/5
Customer Support 4.0/5
Features 4.0/5

Key Features

Patchstack Firewall

Virtual patching rules powered by Patchstack that protect against known plugin and theme vulnerabilities automatically.

Two-Factor Authentication

Multiple 2FA methods including authenticator apps, email codes, and backup codes for all user roles.

Passwordless Login

Login via passkeys and biometrics, eliminating password-based attacks entirely (Pro feature).

Site Scanner

Checks for known malware, vulnerabilities in plugins and themes, and blocklist status.

File Change Detection

Monitors WordPress core files and alerts when unexpected changes are detected.

Security Dashboard

Unified dashboard showing security status, recent events, and actionable recommendations.

Trusted Devices

Recognizes trusted devices and restricts admin access from unknown devices (Pro feature).

Pros & Cons

Pros

  • Patchstack integration

    Virtual patching powered by Patchstack''s vulnerability database provides automatic protection against known exploits.

  • Modern authentication

    Passwordless login via passkeys and trusted devices management provide cutting-edge login security.

  • Established track record

    Over 15 years of development as iThemes Security with millions of installations worldwide.

  • SolidWP ecosystem

    Integrates with Solid Backups and Solid Central for comprehensive WordPress site management.

  • Affordable Pro tier

    At $99/year for full features including Patchstack rules, it offers excellent value.

Cons

  • Firewall is newer

    The Patchstack-powered firewall is a more recent addition; firewall capabilities are less mature than Wordfence.

  • Brand confusion

    The rename from iThemes Security to Solid Security has created some confusion in the WordPress community.

  • Free tier is limited

    The free version lacks the Patchstack firewall rules, providing only basic hardening without active WAF protection.

  • Ownership changes

    Multiple ownership transitions (iThemes to Liquid Web/StellarWP) may concern some users about long-term direction.

Pricing

Pricing model: Freemium (Free tier + annual Pro license)

Free

$0

Basic security hardening and brute force protection

  • Basic security hardening
  • Brute force protection
  • File change detection
  • Strong password enforcement
  • Two-factor authentication

Pro (1 site)

$99/year (~$8.25/month)

Full firewall with Patchstack virtual patching and advanced security

  • Everything in Free
  • Patchstack firewall rules
  • Virtual patching for vulnerabilities
  • Passwordless login (passkeys)
  • Trusted devices management
  • Site scanner (malware + vulnerabilities)
  • Magic links

Pro (multi-site)

From $199/year

Pro features for multiple WordPress sites

  • Everything in Pro
  • Multi-site license
  • Solid Central management
  • Volume pricing available

Our Verdict

Solid Security has reinvented itself with the integration of Patchstack's virtual patching engine, addressing one of WordPress's biggest security challenges: vulnerable plugins. The automatic virtual patching means your site is protected against known exploits even before plugin developers release fixes.

The modern authentication features—passwordless login via passkeys and trusted devices—put Solid Security ahead of competitors in login security. Combined with its established hardening features and the broader SolidWP ecosystem, it provides a comprehensive security solution.

Our verdict: A strong choice for WordPress users who value automatic vulnerability patching and modern authentication. The Patchstack integration makes it particularly good at protecting against the plugin vulnerability epidemic in the WordPress ecosystem.

CVE Coverage

Solid Security (formerly iThemes Security) can detect and block attacks matching 63K+ known CVEs based on its supported rule sets.

8K+
Critical
9.2K+
High
31K+
Medium
378
Low

Coverage by Attack Type

Cross-Site Scripting (XSS) High
37K+ CVEs
SQL Injection High
15K+ CVEs
Improper Input Validation Medium
8.7K+ CVEs
Open Redirect Medium
1.4K+ CVEs
XML External Entity (XXE) High
1.2K+ CVEs

Latest Blockable CVEs

CVE Severity
CVE-2026-6600 LOW
CVE-2026-32963 UNKNOWN
CVE-2026-6595 HIGH
CVE-2026-6593 LOW
CVE-2026-6592 LOW
CVE-2026-6562 HIGH
CVE-2026-6559 MEDIUM
CVE-2026-0868 MEDIUM
CVE-2026-2986 MEDIUM
CVE-2026-2505 MEDIUM
Browse all CVEs →

Frequently Asked Questions

Is Solid Security the same as iThemes Security?

Yes, Solid Security is the rebranded version of iThemes Security. The plugin was renamed when iThemes became part of the SolidWP brand under StellarWP/Liquid Web. The core functionality remains the same with continued improvements and the addition of Patchstack firewall integration.

How does the Patchstack firewall work?

Patchstack maintains a database of WordPress plugin and theme vulnerabilities. When a vulnerability is discovered, Patchstack creates a virtual patch—a firewall rule that blocks exploit attempts for that specific vulnerability. Solid Security Pro automatically receives and applies these rules, protecting your site even before the plugin developer releases an official fix.

Can I use Solid Security alongside Wordfence?

Running two security plugins with firewall features simultaneously is not recommended as they can conflict. Choose one as your primary security plugin. If you prefer Wordfence's WAF but want Solid Security's 2FA or passkey features, you may be able to use a standalone 2FA plugin instead.

Ready to try Solid Security (formerly iThemes Security)?

Start with the free tier and upgrade as you grow.

Visit Website View Pricing