Wordfence is one of the best WordPress security plugin known to me. When first time I listen about this plugin, I was not confident about it but after using it on my one of the site for a few months now I can say it is really a very good security plugin.
It has a lot of features and functionalities to protect the sites. Even its free version has a lot for the protection of the site.
As a blogger, I have many responsibilities but one that is more important is the security of the site. I have a good hosting service provider but my role to protect my website never ends. I have to take care of it as much as possible.
WordPress is a very well-developed and most popular Content Management System worldwide. But it is also the fact that WordPress sites are common targets for attackers and hackers.
If you are not protecting your WordPress site properly then it may be your big mistake. Your site may be at risk if there is any security issue. First of all you should always choose a good hosting company which follows the best security practices.
Second you should not be fully dependent on your hosting company and you may add a good third-party security plugin. However, it is completely up to you which plugin you choose to protect your site.
If you want to know WordPress security tips then You can go through : WordPress Security: 16 Steps to Secure Your WordPress Site
This blog is all about the Wordfence plugin. I hope this may be helpful for you. So let’s begin with its dashboard introduction.
It has a nice dashboard. Basically, its dashboard shows a brief overview of your website. You can see the firewall and scan protection level of your Wordfence plugin from the dashboard. You can see the firewall summary for a site.
I can notice that there are following options on the dashboard:
- Firewall level
- Scan level
- Firewall Summary: Attacks blocked for a particular site
- Total Attacks Blocked: Wordfence Network
- Global Options
- Wordfence Central
- Upgrade to Premium option
Apart from a good dashboard, it has a menu option in the left sidebar, where you will have the option following options:
- Scan Tools
- Login Security
- All Options
You can easily navigate the options of this plugin and set up the security option which you want.
This WordPress security plugin includes a Web Application Firewall (WAF). The firewall stops malicious attacks and protects the site. Free user gets community version of the plugin. However, premium users have additional firewall rules and malware signatures.
Firewall protect site from SQL injection, Cross-site scripting, Malicious file upload, and in many other ways.
This is the important feature of this plugin. When you will click on Wordfence on the left sidebar, you will see a scan option. After clicking on it you will see the scan page. Here you can see the scan is enabled or not.
Scanner plays a major role because identification of the malware, dangerous URLs, and other spam is very important.
Wordfence plugin scan and identify your files, compare them with what is in the WordPress repository, and report to you if there are any changes. it also checks your WordPress site for unknown security issues, Malware, bad URLs, backdoors, SEO spam, malicious Redirects, Code injection, etc.
You can see on scan page that this security plugin have following checks:
- Server State
- File Changes
- Malware Scan
- Content Safety
- Public Files
- Password Strength
- Vulnerability Scan
- User and Option Audit
- Spamvertising Checks (Premium version)
- Spam Checks (Premium version)
- Blocklist Checks (Premium Version)
You can run a scan to check about the security issues by clicking on the Start New Scan button. After scanning the site it will show you the result. You can see if there is any vulnerability or other security issue.
Brute Force Protection
I think you should always protect your site from the Brute Force attacks. Wordfence plugin has the option of Brute force protection. You can enable this feature in this plugin. You can also enable the following options to keep more and more security layers:
- Lockout after how many login failures.
- Lockout after how many forgot password attempts.
- Count failure over what time period.
- Amount of time a user is locked out.
- Immediately locked out invalid username.
- Prevent the use of passwords leaked in data breaches.
- Enable Strong passwords.
- Don’t let WordPress reveal valid user in login errors.
- Disable WordPress application passwords.
Many other options are also available to stop brute force attacks. You can setups the available option as per your convenience and requirements.
Wordfence also provides you option to set up and email alerts. You can set up and get email alerts on a Daily, Weekly, or Monthly basis. You are free to choose any one of these. You will get an activity report in your email box as you set your choice.
There are many scenarios for which you can set email alerts. Some of the preferences are as following for which you can set email alerts in the Wordfence plugin:
- Email me when Wordfence is deactivated.
- Email me if the Wordfence Web Application Firewall is turned off.
- Alert me with scan results of this severity level or greater – Low, Medium, High or Critical.
- Alert When IP address is blocked.
There are many other options also for which you can set up and get email alerts. This is very useful.
Two Factor Authentication
Wordfence plugin also has the feature of Two Factor Authentication. Yes, it is. You can enable this feature in this plugin and protect your site. There is no need to install and activate another extra plugin to enable Two-factor Authentication.
You can set up it from the login security option which you can see on the left sidebar. You can also configure to send you notifications for any user who logs your site’s dashboard.
Wordfence WordPress security plugin has a Free and Premium version. Its free version also has a lot of features and functions to protect your site. if you want some advanced feature then you can upgrade it to the premium version of it.
Premium version has following advance features:
- Real-Time IP Blocking
- Real-Time Firewall Rule Updates
- Real-Time Malware Signature Updates
- Reputation Checks
- Country Blocking
Currently, you can purchase one license for $99. For more details, you can go through this table.
|Number of Licenses||Discount%||Price Per License|
|2 – 4||10%||$89.10|
|5 – 9||15%||$84.15|
|10 – 14||20%||$79.20|
First of we have to understand that identification of security issues is the key. If we don’t know what kind of risk may be there then how we can protect the site. So it’s important that you identify the risk areas and take the necessary steps to protect your site.
Wordfence is a very popular WordPress security plugins. It has 4+ million active installations. It clearly shows it has a huge popularity. I have tried my best to explain to you about this plugin.
However, this is the only general overview. You can go through the main site of the plugin to understand more details.