SiteGround Recommends Against Using WordPress Security Plugins That Actually Protect Against Vulnerabilities

A short time ago, we looked at how a feature of SiteGround’s recently rebranded WordPress plugin, Security Optimizer, didn’t really provide the advanced protection against cross-site scripting (XSS) promised, or any protection for that matter. While looking in to their response to our findings, we ran across troubling advice that SiteGround is giving. In response to the question of if the plugin is compatible with Wordfence Security, they responded this way:

The Security Optimizer was created both with securing and performance in mind from the start. Running two security plugins will simply slow down your website.

If you look at the results of testing we have done of security plugins against vulnerabilities in other plugins, which includes their plugin under its previous name, SiteGround Security, you can see that their plugin has provided no protection in any of the tests. Wordfence Security and other plugins have provided protection. That includes tests against a widely exploited XSS vulnerability.

So it isn’t true that running two security plugins will simply slow down a website.

In response to the question if their plugin is compatible with the Jetpack plugin, they write this:

We do not recommend using multiple security plugins because duplication of functionality may cause issues.

Different security plugins can do different things, so using just one is not necessarily a good idea.

What is, in our view, good advice, is to not use an all-in-one security plugin and instead use plugins that only provide the functionality you need. That would rule out Security Optimizer and Wordfence Security.