Positive Reviews of WordPress Security Plugin Are Contradicted by Falling Install Count
In June of last year, the WordPress security plugin Solid Security had 1+ million active installations according to data on the WordPress website. Currently, the install count is down to 800,000+ installs. That is a pretty dramatic drop in the install count of the plugin in 15 months. If the bolded claim at the top of the plugin’s description on the WordPress Plugin Directory, “Reduce your WordPress website’s risk to nearly zero with Solid Security”, was true, that drop would be hard to believe. That claim isn’t true.
With the install count dropping so dramatically, you might reasonably expect that there to be plenty of negative reviews of the plugin as well. That isn’t the case. Here are 30 most recent reviews:
27 of them are 5-star reviews.
Looking at the 5-star reviews shows something we have long seen. That many positive reviews of security solutions are from people who have had problems and reached out to support. 18 of the 5-star reviews mention support in their title. Of the six most recent reviews, four mentioned it in the title and the other two mentioned it in the body.
If the plugin provided the protection claimed by the developer, then some issues with the plugin would be worth it. When the plugin doesn’t offer that protection, but it clearly introduces other issues based on how many people are having to reach out to support and then are spending time to leave a review.
While reviews are given a fairly prominent position on the WordPress Plugin Directory, the growth or decline of active installations isn’t shown. It used to be shown on an ancillary page, but then the head of WordPress Matt Mullenweg decided that the WordPress Community shouldn’t have access to that information (he and threfore his company, Automattic, still have have access).
For those looking for a better understanding of what security plugins deliver, we would recommend checking out how they score with our Plugin Security Scorecard and what protection they offer, if any, against vulnerabilities in WordPress plugins.