Hi,
I’m new to S2, just installing it. My site is protected by WordFence Premium. Is there any reason to also install S2 Badge? I’d be happy to, but am concerned about possible conflicts between the two?
Thanks!
Wordfence vs S2 Security Badge - do I need both?
The badge doesn’t actually add any security, so you certainly don’t need it.
I’d be much more wary of Wordfence, though. You need to check that you haven’t selected any of its options that will conflict with s2Member.
Thanks!
Which options would that be?
I’ve never had any issues with WordFence, in any context (not with Wishlist Member either, which I used prior to S2 Member)
I don’t use Wordfence (tried the free version and hated it: they seemed great at PR but poor at actually providing much security) and I have never tried the Pro version, so I can’t tell you what the problematic options are. But you should be able to find them by searching through this forum; there have been plenty of reports by others.
That’s actually part of my point. If there’s a security feature you need, it’s probably already included in s2Member, whereas that’s not true of many other membership plugins. So you don’t want to have the plugins duplicate the same functions.
Thanks for responding! Looking at my Wordfence Pro settings and functionality it far, far exceeds what is provided in S2 Pro. I will most definitely keep Wordfence and if I encounter issues I’ll take it from there. 
I’d love to know what you consider to be “far exceeds”. I haven’t used the Pro version.
But the supposed extra stuff in the free version (at least when I tried it) were either pure fluff or things you should do without a plugin.
It’s among other things firewall rules, malware signatures and malicious IP updates in real time. Forgive me but I really don’t have the time to go into details with all of the settings/options available with the Pro version. For someone like me (not a developer) Wordfence is just right. I hope it’s Okay I refer you to their website and blog for further details. And, we don’t have to agree of course.
Sorry, but their firewall is pretty much just window-dressing, especially on a membership site where most users will be logged-in. As for “malware signatures and malicious IP updates in real time,” whether that’s of much use depends on how fast they are to react.
In the recent cases of plugins in the WP repo being sold to unscrupulous buyers who inserted all sorts of malware, Wordfence was extremely slow and so provided no help at all. (They have written up some interesting posts after the fact about who seems to be behind those purchases, which is more great PR for them, but they did nothing in advance to prevent sites getting infected. Investigative journalism is not security.)
Indeed, the best-known case of such a plugin incorporating malware (Display Widgets) demonstrates why self-proclaimed security expertise should always be treated with skepticism. The person who first flagged the problem was David Law. But he had recently brought out a fork of the original Display Widgets plugin, and so he was seen as a biased competitor (does that sound familiar?) by many of the self-proclaimed “experts”. On the contrary, he was actually banned for a time from the WP repo because he persisted in pointing out the security issues! What did Wordfence do? Nothing.
As a user of the Display Widgets plugin myself, I am pleased to say that I took David Law seriously and so didn’t experience the problems that many others did. (Someone else on this forum paid similar attention and opened a thread about it.) Then White Fir got involved, and actually called for Wordfence to get involved on the grounds that the more who did, the more likely it would be for the WP repo mods to take notice! Eventually, the repo mods did take notice and removed the offending code. (No apologies, of course!) Then Wordfence did its investigation and wrote its posts. But that was very much after the horse had bolted.
It wouldn’t be so bad if Wordfence (and the repo mods, come to that) had since become more proactive, but they haven’t. So the very best of luck to you!
Apparently, you know so much more about all this than I do, so thank you.
As mentioned previously, I’m leaving it at that for now and will see how things unfold.
Thanks again.