Over the past 17 years, I’ve found security can often be like a full squadron of obtrusive bouncers who make you want to leave before you get within 50 yards of the door.
Wouldn’t it be great to have a WordPress security plugin which was more like Dalton (Patrick Swayze) in RoadHouse who worked to have bouncers be as inconspicuous as possible; only coming out when needed, and only using what force was necessary to get the job done?
I didn’t think such a WordPress plugin existed until I found out about WordFence Security plugin on LinkedIn thanks to a post about it in the WordPress Helpdesk (without the b.s.) LinkedIn Group.
WordFence is a free (with premium options) WordPress security plugin that will scan your site for viruses, malware, trojans, malicious links on a regular basis throughout the day.
WordFence will also protect your site from scrapers, aggressive robots, fake Googlebots, along with brute force attacks.
You can start off with very easy to use, drop down and select, options where you provide an email address to receive alerts and what level of protection you desire…
WordFence Security Options
To advanced options where you get a large amount of choices of how tight to watch the fence.
WordFence Security - Advanced Options
Wordfence scans your site for viruses, malware, trojans, malicious links, protects your site against scrapers, aggressive robots, fake Googlebots, protects against brute force attacks and much much more.
You can do a manual scan by going to WordFence Security, then click on Start a WordFence Scan. Plus WordFence Security will do its own scans throughout the day.
WordFence Security scan
When WordFence finds issues, you have the choice to ignore the issue until the file changes (this could be due to an authorized party making an authorized change to the file), to tell WordFence you’ve fixed the issue (if that’s not the case, WordFence will alert you again on a future scan), or to have WordFence fix the file for you by restoring it from a cloud-based repository.
WordFence Security - Unrecognized File in WordPress Core
Now in the above case, it is a .htaccess file I placed in the directory; and I told WordFence to ignore the issue until the file changes.
WordFence protects you against user brute force login attempts; and will block IP’s that fail too many times (this is configurable by the user).
WordFence Alert IP address locked out - brute force protection
You can also tell WordFence to send you alerts when someone with administrative rights logs into WordPress.
WordFence Security alert administrator logged in
Behind the scenes, WordFence is also watching out for fake googlebots and bad traffic; offending IP addresses are blocked.
WordFence Security - Blocked IP Addresses
You can configure how long offending IP addresses are blocked.
Part of the WordFence scan is to check for the core, themes, and plugins that are out of date. If WordFence finds something out of date, you will get a notification.
WordFence Security - upgrade alert
For those that like to watch real time traffic to their site, WordFence provides a view where you can watch all traffic, all human traffic, and so on.
WordFence Security - Live Traffic, Human Tab
Over the last several weeks of using WordFence, I’ve had various support issues ranging from questions to problems. Mark Maunder responded to all issues in a prompt manner.
The only problem I ran into was that after upgrading (it may not have been the upgrade, but a version change) from the free version to the premium version (there are several premium options, and the pricing is extremely reasonable), the WordFence security scans would not complete due to a memory issue. Mark worked on the problem over the course of a few days, politely asked for log files, respected privacy, and was able to resolve the issue with a version upgrade.
Mark and his team care about WordFence Security; and the plugin works as marketed.
WordFence is a key plugin if you want to increase your WordPress Security. If you are like me where you enjoy the K.I.S.S. principle of keep it simple and secure, then the WordFence Security plugin is for you.
Contact us if you are one of our managed hosting customers who desire help with WordFence.