Over the past 17 years, I’ve found security can often be like a full squadron of obtrusive bouncers who make you want to leave before you get within 50 yards of the door.
Wouldn’t it be great to have a WordPress security plugin which was more like Dalton (Patrick Swayze) in RoadHouse who worked to have bouncers be as inconspicuous as possible; only coming out when needed, and only using what force was necessary to get the job done?
I didn’t think such a WordPress plugin existed until I found out about WordFence Security plugin on LinkedIn thanks to a post about it in the WordPress Helpdesk (without the b.s.) LinkedIn Group.
WordFence is a free (with premium options) WordPress security plugin that will scan your site for viruses, malware, trojans, malicious links on a regular basis throughout the day.
WordFence will also protect your site from scrapers, aggressive robots, fake Googlebots, along with brute force attacks.
You can start off with very easy to use, drop down and select, options where you provide an email address to receive alerts and what level of protection you desire…
To advanced options where you get a large amount of choices of how tight to watch the fence.
Wordfence scans your site for viruses, malware, trojans, malicious links, protects your site against scrapers, aggressive robots, fake Googlebots, protects against brute force attacks and much much more.
You can do a manual scan by going to WordFence Security, then click on Start a WordFence Scan. Plus WordFence Security will do its own scans throughout the day.
When WordFence finds issues, you have the choice to ignore the issue until the file changes (this could be due to an authorized party making an authorized change to the file), to tell WordFence you’ve fixed the issue (if that’s not the case, WordFence will alert you again on a future scan), or to have WordFence fix the file for you by restoring it from a cloud-based repository.
Now in the above case, it is a .htaccess file I placed in the directory; and I told WordFence to ignore the issue until the file changes.
WordFence protects you against user brute force login attempts; and will block IP’s that fail too many times (this is configurable by the user).
You can also tell WordFence to send you alerts when someone with administrative rights logs into WordPress.
Behind the scenes, WordFence is also watching out for fake googlebots and bad traffic; offending IP addresses are blocked.
You can configure how long offending IP addresses are blocked.
Part of the WordFence scan is to check for the core, themes, and plugins that are out of date. If WordFence finds something out of date, you will get a notification.
For those that like to watch real time traffic to their site, WordFence provides a view where you can watch all traffic, all human traffic, and so on.
Over the last several weeks of using WordFence, I’ve had various support issues ranging from questions to problems. Mark Maunder responded to all issues in a prompt manner.
The only problem I ran into was that after upgrading (it may not have been the upgrade, but a version change) from the free version to the premium version (there are several premium options, and the pricing is extremely reasonable), the WordFence security scans would not complete due to a memory issue. Mark worked on the problem over the course of a few days, politely asked for log files, respected privacy, and was able to resolve the issue with a version upgrade.
Mark and his team care about WordFence Security; and the plugin works as marketed.
WordFence is a key plugin if you want to increase your WordPress Security. If you are like me where you enjoy the K.I.S.S. principle of keep it simple and secure, then the WordFence Security plugin is for you.
Contact us if you are one of our managed hosting customers who desire help with WordFence.