WordFence Is My WordPress Security Plugin Of Choice

I’ve been conscious about keeping my website secure since I returned to WordPress recently.

There are so many security plugins available now that it’s a bit of a lottery.

I’ve tried many of them but I keep coming back to WordFence.

There are a number of things the plugin can do, including scanning for viruses, malware, trojans and malicious links.

It protects against scrapers, aggressive robots, fake Googlebots and it also protects against brute force attacks. I particularly like that it has a firewall

I also like the security updates I receive by email directly from the Mark Maunder, the creator of WordFence.

If you haven’t heard of it, then let me tell you a little more about it.

Scan

The free version of the plugin scans your WordPress set up once a day against a whole host of things.

  • Scan core, theme and plugin files against the WordPress repository versions for changes
  • Scan for signatures of known malicious files
  • Scan file contents for backdoors,and suspicious code
  • Scan posts and comments for known dangerous URLs and suspicious content
  • Scan for out of date plugins, themes and WordPress versions
  • Check the strength of passwords
  • Scan options table
  • Scan for unauthorized DNS changes

On top of that it also constantly scans your posts, pages, comments and plugins for anything untoward.

Firewall

WordFence can be set up to immediately block fake Google crawlers whilst allowing the genuine article through the Firewall.

Not only that but you can set Firewall options which will either temporarily block or fully block requests to your blog if they exceed a limit which you can also set.

You can also set the length of time that the block is in place for anyone or anything that breaks the rules and manually block IP address from accessing your site.

Login Security Options

If someone tries to log in to your WordPress dashboard, these security options will come in handy.

You can set a limit to the number of log in attempts and forgotten password attempts, along with the length of time anyone is locked out if they exceed this limit.

You can also immediately lock out invalid usernames and stop WordPress from revealing valid user names in any error reports.

I used to use the Limit Login Attempts plugin to set the number of log in attempts but because WordFence offers many more security options, I decided to switch to it.

Live Traffic View

Enabling the Live Traffic View option shows you all your traffic in real-time, giving you a detailed breakdown of every visit to your site.

It gives you an indication of the current state of play with your security situation so you can make informed decisions.

It’s also able to separate human and crawler traffic and report on these through the Live Traffic View option.

This option does use more resources and may slow your site down a little. I don’t have this option enabled by default but check it every now and again.

Your Site Performance

The plugin also offers performance enhancements for your site in the form of basic caching or using their Falcon Engine.

With the basic caching feature, your site will see a 2 to 3 times speed increase.

If you enable the Falcon Engine however, you may see a speed increase of between 30 and 50 times.

You may already have a caching solution in place but it’s worth giving the Falcon Engine a try to see if that’s a better option for your site.

It may mean that you can remove another plugin from your site.

Additional Features

WordFence can also do the following to keep your site safe:

  • Hide WordPress Version
  • Hold anonymous comments using member emails for moderation
  • Check your password strength on profile update

If a hacker does manage to get through to your site then the plugin can also help by repairing your core, theme and plugin files. It can also show you what has changed in your infected files.

WordFence Paid Option

All of the above features are part of the free version but the paid version also allows you to:

  • Scan as often and when you like using the scan scheduling feature;
  • Make use of the advanced comment spam filter;
  • Check if your site domain name is being used as a link in spam emails and if your website IP address is listed as a known source of spam emails;
  • Use the commercial country to IP database to block malicious traffic. This database has a 99.5% accuracy rate and is often updated. It’s useful in the event of an emergency where a hacker based in a specific country is targeting your site;
  • Include remote site scans which originate from WordFence’s Seattle data centre. Their servers connect to your site on every scan and look at your HTML, Javascript, CSS and other code for vulnerabilities and intrusions;
  • Use mobile phone sign in which uses “Two Factor Authentication” for additional security;
  • Have access to new premium features as they are released and;
  • Get priority email support.

And finally, over to you…

What plugins or services do you use to keep your blog safe? Have you tried out WordFence before? What do you think?

  • Hi

    How can I set up WordFence to block crawlers? Not all crawlers are bad are they? If not, will it block the “good” ones if I set it up to block crawlers?

    I’ve been using it for a few weeks but I’m still a newbie, trying to understand all the terminology, etc.

    Thank you in advance.

  • Tim Bonner

    Hi Jenny

    Wordfence give some advice about blocking or limiting crawlers in their docs:

    https://docs.wordfence.com/en/Wordfence_options#Rate_Limiting_Rules

    I use the recommended settings under each of those rate limiting rules.

    Not all crawlers are bad and I wouldn’t advise blocking any of Google’s crawlers otherwise your site won’t appear in their search listings.

    Are you seeing a particularly high instance of crawler activity?

You may also like

Follow Me!