How long ago have you realized your WordPress site?
When was the last time you monitored its level of security?
Your answer may be “a long time ago”, or even “never”…
Although few people do it regularly, making your site secure is extremely important.
WordPress is, in fact, an open-source platform (that is, the codes are publicly consulted by everyone, including hackers). Similarly, there are also the codes of all plugins. With this information, an experienced hacker might be able to identify any flaws and attack your website.
Today I will introduce a very useful tool.
It’s called “Wordfence Security” and it’s a plugin you can download for free.
It’s extremely popular (4.7 million downloads and 1+ million active installs) and, in addition to having several features to monitor the security status of your site, it also allows you to speed it up with the caching option.
Let’s see its features.
Scan
The first thing you should do when you install Wordfence Security is running a scan of your site.
Finished the scan, all the problems identified will be displayed at the bottom of the screen.
Here you can select various options.
In the screenshot below, the plugin has identified a new issue: a contributor of my blog is using an easy password.
In this case, I simply generated a strong password via “users” panel within my WP dashboard and notified the contributor.
I then marked “I have fixed the issue”, to find out, there are no more problems to fix.
Live Traffic
In the section called “Live Traffic”, you can monitor real users and robots visiting your site.
On this page, there are several tabs:
- All Hits
- Humans
- Registered Users
- Crawlers
- Google Crawlers
- Pages Not found
- Logins and Logouts
- Top Consumers
- Top 404s
In the following image, you can see a real visitor from Absecon, United States, arrived from https://www.google.com/search who visited the blog post http://nopassiveincome.com/tools-blogging-social-media-marketing/
Important Note: at the top of this page, you’ll see an ON/OFF button (to activate or deactivate the Live Traffic).
This option is useful to avoid consuming too much of your server resources.
Performance Setup
As mentioned in the introduction, in addition to monitoring the level of safety of WordPress sites, this plugin also allows you to improve performance by caching.
With the “Performance Setup” option, you can:
- Activate two types of caching: the basic and the Falcon (to speed up your site up to 40-50 times)
- Configure the cache so that it is emptied automatically when you publish a new post
- Empty the cache manually
- Exclude specific URLs from the cache
Obviously, this Wordfence Security feature would overlap with those of other cache plugins like WP Super Cache.
Blocked IP
If you want to block access and/or the view of your site to a particular user, crawler or bot, you can do it here, by specifying the IP address to be blocked.
If you block the view of your site at a particular IP, when the user tries to open a page you will see a message that indicates that you entered a block.
If you want, you can also block specific IP addresses from the Dashboard WordPress, but without limiting to them viewing the site.
Whois Lookup
Would you like more information about a particular domain or IP address?
Simply, paste it in this section and click “Lookup IP or domain”.
The publicly available information will appear on screen.
Advanced Blocking
If you want to block a particular bot, a range of IP addresses or even visitors coming from a specific URL, do it from this page.
Options
Finally, in the section called “Options”, you can find some basic functionalities of the plugin to work with in order to optimize their use.
There are two sections (Basic and Advanced Options).
Among the advanced options available, you may want to:
- Configure the frequency and content of notifications
- Set the Traffic Live feature so that you do not consider the visits of admin
- Configure the scan of the website
- Set some features to limit the number and frequency of login to the Dashboard
And many other features.
Being a plugin with many options, the configuration of which it will probably take up to a few hours of work, Wordfence Security also lets you export and then import your preferences, in the event that may be lost due to some error.
Wordfence Security Premium
Some features are available to premium account Wordfence users, like “Password Audit”, “Cellphone Sign-in” and “Scan Schedule” options.
The cost of a single API for 1 year is of $ 39. This price will decrease if you order a higher number of API or subscribe to the service for a longer period.
Conclusion
Wordfence Security is a great plugin. The many available features allow you to monitor the traffic on your pages, to block any suspicious users and also to improve the performance of your site.
Of course, some functionalities will keep using a bit of resources of your server; for this, you may want to disable specific features, so to avoid any issues if you are on a shared server (I’m on a dedicated one with HostGator).
Overall, if you want to pay special attention to the security of your WordPress blog, this is a plugin that I definitely recommend you to install.
Have you ever used Wordfence Security plugin?
Was it a positive experience?
Do you suggest any alternatives?
Please leave your comment below, and let’s start a discussion.
And don’t forget to share the post, if you enjoyed the content, thanks!
Hi Erik,
Great post mate! You are right that some bloggers will never ever check their blog security untill once their blog hacked by hackers. Every one should use security plugins for their blog so that it will not be hack from any one. The way you have explained each and every features showes that it will be really great plugin. Wordfence security provide awesome features in free. I will try this plugin for my blogs hope it will be easy to use.
Thanks for sharing great insight π
Hi Anant,
glad you confirm the importance of secure our WordPress websites.
I hope this plugin is going to help you.
Thanks for taking the time to check my post and leaving your comment.
Hey Erik,
I have used Wordfence Security plugin but unfortunately at the time I got my site was hacked and I bugs readily seized my root directory in WordPress.
However, the plugin has features that gave better protection and updates than what I experienced with other plugins.
I still use Wordfence Security plugin even after resolving the hack attack – I did not blame the capability of this plugin after the attack because I was alerted daily about illegal admin login.
I am planning to upgrade to premium version in due course!
I left the above comment in kingged.com
Hi Sunday,
it’s great to hear your feedback on Wordfence Security plugin, and sorry to hear your site got hacked at that time.
I hope you solved everything!
Thanks for sharing your experience with us, and for checking/commenting at my post.
Have a good day!
Hi Erik
Web security is something I take seriously.
Wordfence is a great plugin and I use it in some sites. However I also use Itheme security because it has some features like setting a custom login which is not present in Wordfence.
Thanks for sharing, Take Care
Hi Ikechi,
thanks for introducing another great plugin, IThemes security.
I’m going to check it out right now.
Appreciate your visiti and comment.
Great plugin you shared Erik.
I’m going to test it now. Thanks.
Hi Amit,
let me know if you need any help!
Isn’t the plugin taking too many resources?
Well, Rajesh.
As I mentioned, if you are on shared server, you should in any case limit the number of the plugins you are using.
I’m on a dedicated server, and yes, I need to take care of loading speed of my blog pages, but I can use more resources than a standard user on a shared server.
Great advice, Erik!
I also recommend Wordfence. I use it with all my sites and also my clients sites.
I am a WordPress user for almost 10 years now. And I can tell you one thing: During the first few years updating WP was pure terror! You would never know if it would work or not. So yes, creating backups was not at all optional! Also I had a couple of instances where my site was hacked (sucks!).
But that is all in the past! I did not have any problems since I use wordfence.
Hey Dani,
good to see you here!
Wow, you are an expert WordPress user, 10 years are many! π
Thanks for sharing your feedback with us, I appreciate your suggestions.
Web security is essential for every WordPress site.
Currently I’m using limit login attempt plugin.
But In Wordfence plugin I see some extra feature that I miss in limit login attempt plugin.
Going to change my security plugin with WordFence security plugin,
Thanks for sharing this post.
Regards,
Hamim
Hi Hamim,
“limit login attempt” plugin is very useful, but Wordfence gives many more features.
Glad you are going to test it on your blog.
Hi Erik,
Thanks for nice tutorial, with Wordfence can i change the login url of my blog to hide it from hackers ?
Hi Smachizo,
I just checked.
There are many other “Login Security Options”, but not that one.
You may still want to test it.
Hi Erik Emanuelli,
I’m wordfence security plugin user π It’s a great wordpress security plugin.I think everyone should download & install this awesome plugin.you can track your visitor activity easily using this plugin also this plugin can detect harmful bot.thanks for your useful post.I would love to read more post like this one
Hi Noman,
good to hear you are already a Wordfence Security plugin user.
Thanks for sharing your feedback, keep reading!
Hello Erik,
How to set cpu limit on wondfence?
Wordfence is the #1 Security WordPress plugin. I like it
Hello Erik. It’s been a while that I no longer use Wordfrence, just because I find its interface complex. I am on securePress, what do you think? And also for the security of a WordPress password, what do you think about redoing the WordPress login page to WordPress.com with Jetpack? I also wrote an article about it (in French: you can translate with Google translation). https://mastertuto.com/comment-securiser-identifiants-wordpress/