Pardeep Goyal

Author Archives: Pardeep Goyal


Best WordPress Membership Plugins of 2017

I have researched a lot about top Wordpress membership plugins because I wanted to create a private community, online courses and a website with exclusive content for my readers. 

Actually, I wanted to monetise my website like and I was looking for the combination of WordPress + Membership Plugin. 

The common issues before finalising a WordPress membership are - 

  • question-circle
    Should I take a paid or a free version
  • question-circle
    Should I take the recurring one or the fixed price one
  • question-circle
    What are the options with the minimum cost

So, here’s what I did - I actually went through 50+ articles on WordPress paid subscription plugins, made an excel sheet and researched every single one of them.

Yep, that’s right. I am going to share the Pros and Cons of each plugin based on my research. 

By the way, membership plugins can be used in many different ways. 

  • check
    Restrict certain content – your blog articles, or reports, or an ebook, or a cheat sheet
  • check
    Give access only to some selected readers/subscribers on your blog
  • check
    Make one time or recurring payments
  • check
    Allow selected content to download
  • check
    Drip content over time through emails
  • check
    Create one or multiple products
  • check
    Offer discount coupons

In fact, one of the most profitable monetization strategies for your blog is to create membership programs.

For Example

One time or Recurring membership (subscription) plugin

This is an important consideration while deciding on your plugin. Here’s how you can think through it

  • If your offering 1 or 2 products, you might purchase a plugin with a onetime cost.
  • Buy recurring membership plugin, If you have multiple products, hundreds of customers, complex customisation, many pricing and checkout pages.

What to look for in a WordPress membership plugin

Some of the key factors to consider when choosing a membership plugin

  • Payment gateway support
  • Recurring payment support
  • Ability to drip and protect content
  • Send email notifications to subscribers
  • Creating membership levels
  • Support provided
  • Ease of use

List of Features you get with a membership plugin

  • Automated membership system
  • Content protection
  • Easy member management
  • Download protection
  • Payment gateways integration (E.g. PayPal)
  • Autoresponder integration (E.g. Mailchimp, Drip, Aweber)
  • Set up and design

6 Best Paid WordPress Membership Plugins

Although there are many free plugins that can do the job for you as discussed above, there are some premium plugins that are worth the price tag attached to them.

As your business needs change you might want to consider using these premium membership plugins to access more functionalities and gain more control over your content.

#1. MemberPress Membership Plugin Review

This is hands down the most powerful among the paid plugins out there.

Memberpress membership plugin review

You need to have only three pages on your website – login page, account page and thank you page. The makers have made it as easy for you and give you the option to create those pages with a touch of a button.

Apart from integrating with regular gateways like PayPal, Stripe,, it also gives you the ability to work with offline payments which are managed by site admin.

Also, you get many types of notification like

  1. Welcome email for new members
  2. Failed transaction notice
  3. Payment receipt notice
  4. Credit card expiring notice

MemberPress can easily be integrated with popular email marketing providers.

Here is the link to get MemberPress


  • Affiliate program and tracking
  • Drip content
  • Easy to set up
  • Access rules are defined by you
  • Simple payment gateway integration
  • Create dynamic pricing pages
  • Dashboard reports and stats


  • Supports only 3 payment gateways - Stripe, PayPal, and

#2. Restrict Content Pro WordPress Membership 

Restrict Content Pro is developed by the master WordPress plugin developer Pippin Williamson. That means you'll get the best documentation and the support for the product.

Restrict Content Pro

This is one plugin which is quick to set up and doesn’t come up with the fancy bells and whistles you don’t necessarily need.

You can..

  • Create magazine website
  • Option to make your content private or public

It's easy to manage members and create reports.

You can create unlimited membership levels, tiered memberships, upgrades, downgrades, renewals, add a signup fee (if you need) and discount coupons.

A perfect fit for your if your requirements are

  • Restrict past content
  • Restrict timeout
  • Create group accounts

Here is the link to  purchase Restrict Content Pro

In terms of pricing, you have 4 options to choose from

  1. Ultimate ($499 one time)
  2. Professional ($249 per year)
  3. Plus ($149 per year)
  4. Personal ($99 per year)


  • Easy Setup and Navigation
  • Great Support
  • Integration with Stripe and Mailchimp
  • Good Reporting Tools
  • Unlimited Subscription Levels
  • Fixed and Variable Discounts
  • Ability to send customised Emails


  • No way to add multiple restriction on pages and posts
  • Some features are accessible only through add ons
  • No Drip Content

#3. MemberMouse WordPress Membership Plugin

The primary focus of this plugin is membership management, so you get options like - managing documents, conduct member polls, online surveys, collect donations, fees, customize accounting, allow discounts to premium members.

Member mouse plugin review


  • One click upsells and downsells

  • Customer management

  • Automated customer support

  • Content protection

  • Completely customizable checkout process

  • Time released drip content

  • Employee accounts

  • International currencies

  • Gifting options

  • Custom user fields

  • Scalability with unlimited members and reporting


  • No integrations for CRMs like Ontraport, ActiveCampaign, etc.

  • No shipping option in case you’re selling physical products

  • No file protection

  • No GPL so you can’t customize the source code

  • One purchase is for one site use only

Here is the link to obtain the license of Member Mouse.

In terms of pricing, you have 3 options to choose from

  1. Starter (for 1000 members, $19.95/ month)

  2. Advanced (50000 members, $99/ month)

  3. Premium (100,000 members $299/month)

#4. WooCommerce WordPress Membership Plugin

WooCommerce allows you to turn your WordPress site into an e-commerce store extremely easily to sell anything from digital to physical products.

woocommere memberships

WooCommerce is the is the right option for you if you have an e-commerce store selling multiple products. 


  • Ability to create membership plans

  • Content restriction

  • Drip feed

  • Ability to restrict other products

  • Discounts for selected members only

  • Create coupons

  • Show related products

  • Link to different membership plans

  • One time signup fee and recurring payments option

  • Upgrade and Downgrade

  • Allow members to pause their accounts

  • Synchronize payments on a certain day


  • No ability to add members to an email list

  • You can’t redirect members to a specific page

  • No option to set a recurring payment

  • Limited integration for advanced email marketing providers like ConvertKit and ActiveCampaign

Here is the link to review and purchase Woo Commerce plugin

If you’re offering a lot of products and you want only your exclusive members to buy, this is a great option.

As far as pricing goes, it comes in 3 options

  1. Single site ($149)

  2. 5 sites ($199)

  3. 25 sites ($249)

#5. Wishlist WordPress Membership Plugin

Wishlist gives you great control like how your membership site will function, how your content is protected, or how access is granted to your customers.

Wishlist membership plugin

One of its key features is Sequential Upgrade, which allows you to automatically move members to various levels.


  • Unlimited membership levels and members
  • Free, trial or paid membership
  • Also supports Pay per Post option
  • Sneak peek content
  • Create secure RSS feed
  • Members can be part of multiple memberships at once
  • Drip content
  • Different error pages for non-members
  • Wrong membership levels and cancellations
  • Email broadcast
  • Content protection
  • Drip feed
  • Payment integrations


  • Does not allow you to generate coupon codes
  • No ability to schedule emails automatically for renewal, expiry, etc.
  • Ease of use is slightly difficult compared to other membership plugins since there are a lot of settings involved and configured
  • Sequential Upgrade can be confusing to people who are used to drip feeding
  • Does not create a separate account page where members can manage their own account

Here is the link to purchase Wishlist

In terms of pricing, you have 2 options to choose from

  • $197 for single site
  • $297 for multi-site

#6. Magic Members WordPress Membership Plugin

One of the main concerns with a membership site is content protection and Magic Members does a great job in addressing this in a variety of ways.

Magic members plugin

It's easy to maintain a large content section, while keeping complete privacy for the member’s area.


  • Pay per post or a page
  • Simple forums integration
  • Drip feed / RSS feed
  • Coupon codes creation super easy
  • Multiple memberships
  • Integration with Mailchimp and Infusionsoft
  • Flexible membership options
  • Control membership length
  • Payment integrations with PayPal, 2Checkout, Clickbank, and more
  • Import and Export users
  • Full blog protection


  • User interface isn’t impressive as compared to others
  • No built in affiliate management system
  • Although integration with email marketing providers is supported, there is no built in autoresponder system

Link to get Magic Members plugin

In terms of pricing, it is available in 3 options

  1. Single site ($97 one time)
  2. Three sites ($197 one time)
  3. Unlimited site ($207 one time)

Final thoughts - Which Membership Plugin is best for your WordPress website

Like I mentioned above, there are almost 40+ membership plugins available. There is no one-size-fits-all when you have plenty of options. I have narrowed it down to the best ones in this article.

Which one should you select will largely matter on what is your criteria.

That means it will depend on what you use your site for.

  • Are you selling multiple online courses? Or just want to protect certain portion of your website content then GO for MemberPress without any doubt. 
  • Is it an e-commerce store selling physical products? WooCommerce would be the best option for you

I will update the article after a few weeks after hearing your thoughts in the comments. Let me know if you need any more clarification about the membership plugins.


10 Best WordPress Security Plugin – Review 2017

I never worried about the security of my website in the initial days of my blogging business.

No one hacked my website, neither I had any virus or malware attacks.

But that does not mean that I did the right thing. I escaped from the hackers because of my luck but that's not how online businesses are run. 

I was very careless about maintaining my website.

Often a times my website became slow or unresponsive because I hosted my website with a cheap web hosting company (GoDaddy). The issues got resolved after I moved my website to a high performance web host (SiteGround).  

A good hosting solves most of the performance issues and the basic security comes by default with SiteGround hosting plans. 

Chances are still there that we can get into the trouble if we don’t keep our website safe. After all our business (revenue) comes from our website. Loss of every minute of website uptime means revenue loss. 

And we can't afford the data loss at all. Right?

Let’s understand what we need to do to keep our website safe & secure.

Who can hack your website

There can be security threats on your website from two sources. 

#1. Hackers (Humans)

If you are not popular then hackers will not target your website. 

Hackers target big brands, government websites and people who are earning well from their websites.

However, If your website is hosted on your self-managed servers (dedicated hosting, AWS) then bitcoin miners may hack your machine and use for bitcoin mining. 

#2. Bots (Softwares)

The moment you launch your website, lots of automated software tools will start attempting to break your security.

You will start receiving continuous login attempts to your website, spam comments, article submissions and various other un-identified things.

You can install security plugins to keep your website secure.

Tips to Keep Your Website Secure

You must go through the manual health check of your website

#1. Strong Password

Not to mention that you must set a strong password for your website. It should contain Alphabets, Numbers and Special Characters. Never ever use English grammar words or easily identifiable works like your own name or website name as your password. If possible, use non-English words with combination of special characters.

Good password examples - Ud7@Par!nd@, Gl0b@lW@rm!ng

Bad passwords examples - PluginHackers@123, password1234

#2. Change default username ‘admin’

By default wordpress installation will give you admin as the username of administrator. All the bots will try to break the password of default ‘admin’ username, better not to user ‘admin’ as username.

You should either change the default admin username at the time of installation or create a new user as administrator and delete the default ‘admin’ user.

#3. Change default login URLs

By default anyone can see the login page at URL

For the safety purpose, you should change the default URL to something else. 

What to look for in the best security plugin for your WordPress website

There are different plugins to perform different type of security tasks. If you know your requirements then it becomes easy for you to pick the right plugin for securing your wordpress website. Otherwise you can pick the generic plugin that can perform most of the tasks.

Don’t install all the plugins mentioned in this article as installing unnecessary plugins will slow down the performance of your wordpress website.

For the comparison purpose, we will look at the following things apart from the main features of the plugins.

  • check
    Number of Downloads
  • check
    When the plugin was updated recently
  • check
    Positive & Negative Reviews
  • check
    Level of support
  • check

Best Free & Paid WordPress Security Plugins

sucuri wordpress security plugin review

Sucuri is the most popular and full featured security plugin for wordpress. It prevents the website from brute force attacks, scan the entire file system for malware infection and keeps monitoring for any ongoing malicious activities.

The plugin will ask you to get the API code and registration with their website. It’s just a single click process. 

After the registration and API access - the plugin will test the website for any malicious activity.

I fell in love with their interface and clean report.


They provide many other options to secure your website

  1. Scheduled Tasks
  2. WordPress Integrity Diff Utility
  3. Ignore Files And Folders During The Scans
  4. Website Firewall Protection
  5. Block PHP Files Upload in particular directories
  6. Default Admin Account
  7. Plugin and Theme Editor
  8. Updating security keys
  9. Setting up alerts

All in all, the plugin has a beautiful interface and easy to understand settings for a layman.

Look at their hardening options.

Sucuri Hardening Options

You can enable and disable security options with a single click.

However, when I tried to enable the Firewall Protection, I got this message, “SUCURI: The firewall is a premium service that you need purchase at - Sucuri Firewall”

I think that’s justifiable. The sucuri is still giving a lot of options to use as free and high level security options are available in the premium version of the plugin.

Their premium plan starts at $16.66/month and that includes SSL certificate from LetsEncrypt.

I bought the SSL certificate for my website at $80 per year, so my effective price becomes half for the premium version of Sucuri after adjusting the cost of SSL certificate.

The complete website protection package includes

  • Comprehensive Website Security Monitoring/Scans
  • Incident Response Team Security Operations Support
  • Website Firewall (WAF) Coverage

Here is the link to get the premium version of Sucuri ($16.66/month)

You can also get just the Sucuri Firewall Website Application Firewall (WAF) / Intrusion Prevention System (IPS) at $9 per month.

Click here to buy Sucuri Firewall ($9/month)

Update Secret Keys Option

Interestingly, they have option to update all the security keys in case your website is compromised for any reason. The hackers won’t be able to access your website with the old security keys.

wordfence security plugin review for wordpress

This is one of the most popular security plugin for wordpress websites - with more than 1,000,000 installs till date.

The plugin will check if your site is infected with any malware or suspicious code. You will get peace of mind after installing Wordfence security plugin as it protects your website from brute force attacks and malware infections.

After installing WordFence, you will see the dashboard showing the status of features, monthly stats and number of threats counts. 

wordfence security dashboard

And they have additional security measures for the premium users.

“As a free Wordfence user, you are currently using the Community version of the Threat Defense Feed. Premium users are protected by an additional 199 firewall rules and malware signatures.”

Wordfence security plugin did not find any threats on my website.

[Sep 07 07:17:52] Preparing a new scan. Done.

[Sep 07 07:17:52] Scanning for old themes, plugins and core files Secure.

[Sep 07 07:17:52] Scan complete. Congratulations, no new problems found. Scan Complete.

The additional benefits of WordFence plugin

  • Web application Firewall (Premium)
  • Brute Force Protection
  • Login Attempt Limit
  • Blocking IPs
  • Live traffic with IP, hostname, browser of the users
  • Password Audit (Premium)
  • Whois lookup

They offer pretty good options in the free version but the interface is not user friendly. No doubt the plugin is popular but it’s most appropriate for the developers rather than a regular user like me & you.

Single license key with 1 year validity costs you $99.

Here is the link to obtain the license of Wordfence

Personal Biased Opinion : If I have to choose between Sucuri and Wordfence then I will pick Sucuri.

iThemes Security Plugin Review for WordPress

iThemes security will help you change the default admin user name and block the IP address of known hacker website servers.

You will also be secured from brute force attacks. The plugin will send you notifications whenever there is any unauthorised change in your file system.

iThemes offers a lot of options in their free version.

This is how their dashboard looks.

iThemes DashBoard

I went through the security check option and enabled brute force protection.

Security check results are below for my website.

  • Your site is now using Network Brute Force Protection.
  • Changed the REST API setting in WordPress Tweaks to "Restricted Access".
  • Banned Users is enabled as recommended.
  • Database Backups is enabled as recommended.
  • Local Brute Force Protection is enabled as recommended.
  • Strong Password Enforcement is enabled as recommended.
  • WordPress Tweaks is enabled as recommended.

They clearly shows you what options are available in the free version and what would you get in their premium version.

The premium version starts at $80 per year, valid for 2 websites.

Link to get premium version

ITheme Security Paid Version Options

bulletproof security wordpress plugin review

You will be secured against most of the bots attack that try to exploit the vulnerabilities of wordpress, free themes and loopholes of hosting servers.

Bulletproof security will protect your website from running malicious scripts, SQL injections and brute force attacks.

I installed it on PluginHackers and the setup wizard gave me following report. 

bulletproof security setup wizard

It gives this notification after the running the Setup Wizard.

BPS Setup Verification & Error Checks

If you see all Green font messages displayed below, the Setup Wizard setup completed successfully.

If you see any Red font or Blue font messages displayed below, click the Read Me help button above and read the "Notes" help section.”

I saw all messages in Green so I assume the website is secure as per BulletProof plugin.

They give a lot of other options and everything is free.

  1. htaccess File Security Modes ~ RBM, WBM, HPF, MBM & BBM BulletProof Modes
  2. htaccess File Editor ~ Check or edit BPS htaccess files/code manually/directly for testing
  3. Login Security & Monitoring (LSM)
  4. Log All Account Logins or Log Only Account Lockouts
  5. Brute Force Login Protection
  6. Idle Session Logout (ISL) ~ Automatically Logout Idle/Inactive User Accounts Auth
  7. Cookie Expiration (ACE) ~ Change the WordPress Authentication Cookie Expiration Time
  8. DB Backup ~ Full & Partial DB Backups, Manual & Scheduled DB Backups, Email Zip Backups, Automatically Delete Old Backups
  9. Security Log ~ Logs Blocked Hackers & Spammers ~ HTTP 400, 403, 404, 405 & 410 Logging

Most of the options are beyond the understanding capacity of a normal user.

I am also not a security expert. Tested the security plugin as a regular user like you.

All in One WP Security and Firewall

The plugin will offer most of the features that are required by a first time user. Your website will be secured from the brute force attacks and malicious codes that try to steal your website information.

You will see this simple dashboard after installing the plugin

All in One Security DashBoard

The settings are difficult to understand for the novice user however they have provided a lot of options in the free version

  • Taking Backup of .htaccess file
  • Default user admin name and password protection
  • Limiting login attempts
  • Database security and backup
  • Filesystem security
  • Blacklisting IPs
  • Firewall protection
  • Protection against brute force
  • Spam protection

Their malware scanner option is paid but the rest of the features are free.

That makes them stand out from other plugins which offers the basic features under their paid plan.

But the negative point is that the plugin will not provide you continuous monitoring & prevention from threats.

Overall, it’s a good choice for people who don’t have any budget to spend on security plugins.  

security ninja wordpress plugin review

The plugin will automatically check brute force attacks and the strength of your password. You will be able to hide the version of your wordpress from the eyes of hackers.

Free version of Security Ninja plugin will run 48 security tests on your website.

Here is the list

  1. Check if active plugins have been updated in the last 12 months.
  2. Check if active plugins are compatible with your version of WP.
  3. Check if themes are up to date.
  4. Check if there are any deactivated themes.
  5. Check if full WordPress version info is revealed in page's meta data.
  6. Check if readme.html file is accessible via HTTP on the default location.
  7. Check the PHP version.
  8. Check the MySQL version.
  9. Check if server response headers contain detailed PHP version info.
  10. Check if expose_php PHP directive is turned off.
  11. Check if user with username "admin" and administrator privileges exists.
  12. Check if "anyone can register" option is enabled.
  13. Check user's password strength with a brute-force attack.
  14. Check for display of unnecessary information on failed login attempts.
  15. Check if database table prefix is the default one (wp_).
  16. Check if security keys and salts have proper values.
  17. Check the age of security keys and salts.
  18. Test the strength of WordPress database password.
  19. Check if general debug mode is enabled.
  20. Check if database debug mode is enabled.
  21. Check if JavaScript debug mode is enabled.
  22. Check if display_errors PHP directive is turned off.
  23. Check if WordPress installation address is the same as the site address.
  24. Check if wp-config.php file has the right permissions (chmod) set.
  25. Check if install.php file is accessible via HTTP on the default location.
  26. Check if upgrade.php file is accessible via HTTP on the default location.
  27. Check if register_globals PHP directive is turned off.
  28. Check if PHP safe mode is disabled.
  29. Check if allow_url_include PHP directive is turned off.
  30. Check if plugins/themes file editor is enabled.
  31. Check if uploads folder is browsable by browsers.
  32. Test if user with ID "1" and administrator role exists.
  33. Check if Windows Live Writer link is present in pages' header data.
  34. Check if wp-config.php is present on the default location.
  35. Check if MySQL server is connectable from outside with the WP user.
  36. Check if EditURI link is present in pages' header data.
  37. Check if Timthumb script is used in the active theme.
  38. Check if the server is vulnerable to the Shellshock bug #6271.
  39. Check if WordPress core is up to date.
  40. Check if automatic WordPress core updates are enabled.
  41. Check if plugins are up to date.
  42. Check if there are deactivated plugins.
  43. Check if the server is vulnerable to the Shellshock bug #7169.
  44. Check if admin interface is delivered via SSL
  45. Check if MySQL account used by WordPress has too many permissions
  46. See who logged in, from where & what they did
  47. Verify integrity of all core files
  48. Scan the database, plugin & theme files for malware

And the results of my website when I run the security tests.

security ninja test report

My website failed at 18 security tests.

On clicking details, tips and help button, the plugin shows the solution that can be applied manually.

Some of the solutions may not possible on the shared web hosting but I have not tried to fix all the issues reported by the Security Ninja.

The plugin has 5 other option tabs

  1. Core Scanner
  2. Auto Fixer
  3. Malware Scanner
  4. Event Logger
  5. Scheduled Scanner

But all the options are available in Pro version.

The free version will just show you the issues and a recommended solution. But if you really want to fix the issues automatically and protect your website from future threats then a paid version will solve your problem.

However, it’s worth trying the free version of Security Ninja, just to see how many errors are pointed out by the plugins.

And what can you fix manually. 

Acunetix WP Security Review

Acunetix will perform the basic security checks and help you secure your website against brute force attacks. You can change the permissions on files and change the default messages that user see on wrong password attempts.

I read the good reviews when I was researching about the best wordpress security plugins.

But I did not felt like installing the plugin on my website when I saw that the plugin has not been updated for past 2 years.

Yet, Acunetix WP Security offers the basic level of protection for the websites.

The plugin checks for security vulnerabilities and suggests corrective actions

  1. Passwords
  2. File permissions
  3. Database security
  4. Version hiding
  5. WordPress admin protection/security
  6. Removes WP Generator META tag from core code

I included the plugin in the list so that you know that Acunetix was referred as one of the best plugin by WordPress experts and it does it’s work (happy users are saying that). 

wp antivirus protection security plugin

The plugin is totally focused on protecting your website from any virus or malware attacks. It’s useful for people who are running their websites on windows server as most of the viruses attach windows.

You may need protection from malwares, adwares, hidden links, redirection, spywares and other bad code that may be hidden in plugins & themes that we install from any random developers. 

google authenticator

This plugin solves a single problem of unauthorised access to your website by any hacker.

The user will be enforced for double authentication after installing this plugin on your wordpress website. The first step would be using correct username/password and the second step would be authentication through a text/voice or mobile app.

vaultpress security plugin

VaultPress is a combination of backup and firewall protection for your website. You can get those as a combo or separate package depending on your requirement.

The plugin will scan your files and keep you protected against the threats from malwares. 


No matter at which business level are you - A security plugin is must for your wordpress website.

Almost all the plugins provide Protection against brute force attacks (DDos attacks) and basic website health monitoring. All In One Security Plugin will do all the work that is expected from a free plugin.

But if you have an annual budget of $100 to spend on the security of your website - then Go with Sucuri Security (Two options - Securi Firewall $9/month and Complete Protection $16.66/month)

If your requirement is purely Virus & Malware protection then you should pick WP Antivirus Site Protection.

I will update the article after a few weeks after hearing your thoughts in the comments. Let me know if you need any more clarification about the security plugins.