Kadence Security Review: What Happened to Solid Security Pro (And Should You Still Use It?)

|
Plugins
Four names, one decade, and a rebrand that just doubled the price. Here's what actually changed when Solid Security Pro became Kadence Security, and whether it's still worth your money.
Kadence Security Review

If you’ve managed WordPress sites for a while, there’s a good chance you’ve used this plugin under one of its previous names without even realizing it. We’ve been deploying it across client sites for years, watching it evolve through no fewer than four identities. We wanted to put together an honest, practical review based on our own hands-on experience .

A Plugin With an Identity Crisis

Before we get into how it performs, it’s worth understanding where this plugin came from. Because the backstory actually explains a lot of the current frustration around it.

It started life as Better WP Security, a plugin built by Chris Wiegman that had racked up around 1.7 million downloads by that time. iThemes acquired it in 2014 and rebranded it as iThemes Security Pro. The plugin stayed under that name for nearly eight years, building a solid reputation. In 2022, Liquid Web acquired iThemes and renamed the plugin Solid Security Pro. Then, in 2026, Liquid Web consolidated its WordPress product line and folded the plugin into Kadence. A company best known as a website builder and theme developer, rebranding it once again as Kadence Security.

That’s four names for the same core plugin in just over a decade. And the most recent change is the one that’s caused real friction in the community: Kadence Security is no longer sold as a standalone product. It’s now bundled exclusively into the Kadence WordPress suite. If you just want a security plugin, you can’t buy one anymore, you have to buy the whole suite.

What this plugin actually is

Kadence security

Kadence Security:

If we had to sum it up in a few words, we’d say it’s a security plugin now under the Kadence name. It excels at protecting WordPress logins with features like two-factor authentication, magic links, passkey and biometric login, and session hijacking protection. It also includes a built-in backup system. Together, these features make it a strong all-in-one solution for the login and access side of WordPress security.

Quick to Install, Slow to Perfect

One thing we consistently appreciate is how painless the setup process is. Compared to a heavier competitor like Wordfence, getting this plugin configured is noticeably simpler. It matters a lot when we’re rolling it out across dozens of client sites and don’t have time for a steep learning curve on every install.

It keeps the initial setup relatively clean and guided. The plugin walks you through the essentials without burying you in options right from the start, which makes it genuinely accessible for non-technical users, something we always factor in when recommending tools to clients who may eventually manage things themselves. But it doesn’t mean “set it and forget it.” This is where we always step in for our clients, because the default configuration out of the box is not the same as a fully optimized one. Features like PatchStack virtual patching, country blocking, and certain firewall rules need deliberate attention and fine-tuning after the initial setup.

What We Actually Like About It

The login and authentication features are, hands down, the strongest part of this plugin. Two-factor authentication, magic links, and passkey-based login all work fast and reliably, with very few errors. If a legitimate user gets locked out by an IP-based restriction, the magic link recovery feature enables them to get back in without ever touching the server. It saves us a lot of support time.

The other standout addition in recent versions is Patchstack integration. This allows known vulnerabilities to be virtually patched before the plugin’s original developer even releases an official fix. It is a genuinely valuable layer of protection for paid users.

In terms of day-to-day stability, unexpected downtime is rare. When it happens, it’s almost always due to misconfiguration rather than the plugin itself. The firewall, in particular, is much lighter on server resources than competing firewalls, which means it’s far less likely to lock out other plugins or slow down the site.

Where It Falls Short

We see this plugin primarily as a vulnerability scanner, with malware scanning as a secondary feature. It’s excellent at handling brute force attacks, session hijacking, and credential-based attacks because that’s where its login protection focuses. It also helps against XML-RPC attacks and automated bot traffic by hiding the login URL. It also limits  HTTP access for unauthenticated requests. With PatchStack now in the mix, it adds another layer against attackers exploiting known vulnerabilities.

What it doesn’t do well is malware detection or strong firewall protection. The firewall is noticeably weaker, because protection only kicks in once traffic actually reaches the server. It can’t block threats at the DNS level the way a service like Cloudflare or MalCare can. For agencies, this means it should never be treated as a complete, standalone security solution. Pairing it with a proper firewall layer is essential.

The other recurring frustration is configuration. Patchstack’s virtual patching, arguably the single most valuable feature in the plugin, isn’t enabled by default and requires extra setup. Most regular users assume that simply activating the plugin means they’re fully protected. It leaves a real gap in protection unless someone with technical knowledge goes in and configures it properly. Country blocking is also powerful but can get aggressive if not configured carefully.

At a Glance: Where It Wins and Where It Doesn’t

Here’s a quick side-by-side comparison of what we found in our testing:

Strengths
Weak Spots

Two-factor authentication
Fast, reliable login checks

Light weight Malware detection
Does not perform full malware scanning and cleanup

Magic links
Recovers locked-out users

Firewall protection
Only activates at the server

Passkey and biometric login
Modern, passwordless acces

DNS-level blocking
Cannot stop threats pre-server

Session hijacking protection
Guards active user session

Default configuration
Patchstack needs manual setup



Managing Multiple Client Sites

For agencies running multiple client websites, this plugin holds up well. Because of the built-in backup functionality alongside the security. The dashboard makes it manageable to oversee a large number of sites, and we know agencies running this across hundreds of sites without issues. On a scale of one to ten for multi-site management, we’d give it at a six or seven – solid, but not best-in-class.

Kadence Pricing Details

The table below outlines Kadence’s pricing structure along with the features included in each plan.


Plan


Annual Price


Kadence Security


Features Included


Essentials
$99/year NoTheme, Blocks, Starter Templates
Pro$299/yearYesKadence Security, Backups, Shop Kit, Memberships, and other premium tools
Elite$799/yearYesEverything in Pro plus Kadence Central for agencies managing multiple sites

It’s worth noting that Kadence Security is only available starting from the Pro plan, with Elite offering the most complete package for agencies managing multiple sites.

Has Our Opinion Changed Over Time?

Honestly, yes and not entirely for the better. The plugin itself, on a technical level, hasn’t gotten worse. Features like Patchstack make it more capable than ever. But the repeated rebranding has done real damage to trust. Users on the WordPress.org repository have raised concerns about confusion and frustration over the name changes. Also, the fact that the plugin is now wrapped inside a website builder’s product suite doesn’t sit well with people who just want a focused security tool.

The pricing change makes this worse. Solid Security Pro was previously available as a standalone product starting at $99 per year. Today, its premium security features including Patchstack integration are bundled with Kadence Pro, which starts at $299 per year. That’s more than double the cost for users who only want the security functionality and have no interest in Kadence’s theme or builder products.

Our Verdict

This is still a genuinely capable plugin for login protection, session security, and vulnerability patching, and it remains easy to set up and manage across multiple sites. But we wouldn’t recommend it as your only line of defense. Pair it with a strong firewall like Cloudflare, since it doesn’t catch malware well and can’t block threats before they hit your server.

The bigger question for novice business owners and agencies alike is whether it makes sense to pay $299 for a full suite when you only need the security piece, versus investing that money in a dedicated, all-in-one security solution. For us, the answer depends on whether you were already planning to use Kadence’s theme and builder tools. If you weren’t, you may be better off looking elsewhere.

SHARE

Leave a
Comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

Articles

Related Insights.

Blogs and Resources on WordPress, WooCommerce, SEO and Marketing

Back to Top