How long ago have you realized your WordPress site?
When was the last time you monitored its level of security?
Your answer may be “a long time ago”, or even “never”…
Although few people do it regularly, making your site secure is extremely important.
WordPress is, in fact, an open-source platform (that is, the codes are publicly consulted by everyone, including hackers). Similarly, there are also the codes of all plugins. With this information, an experienced hacker might be able to identify any flaws and attack your website.
Today I will introduce a very useful tool.
It’s called “Wordfence Security” and it’s a plugin you can download for free.
It’s extremely popular (4.7 million downloads and 1+ million active installs) and, in addition to having several features to monitor the security status of your site, it also allows you to speed it up with the caching option.
Let’s see its features.
The first thing you should do when you install Wordfence Security is running a scan of your site.
Finished the scan, all the problems identified will be displayed at the bottom of the screen.
Here you can select various options.
In the screenshot below, the plugin has identified a new issue: a contributor of my blog is using an easy password.
In this case, I simply generated a strong password via “users” panel within my WP dashboard and notified the contributor.
I then marked “I have fixed the issue”, to find out, there are no more problems to fix.
In the section called “Live Traffic”, you can monitor real users and robots visiting your site.
On this page, there are several tabs:
- All Hits
- Registered Users
- Google Crawlers
- Pages Not found
- Logins and Logouts
- Top Consumers
- Top 404s
In the following image, you can see a real visitor from Absecon, United States, arrived from https://www.google.com/search who visited the blog post http://nopassiveincome.com/tools-blogging-social-media-marketing/
Important Note: at the top of this page, you’ll see an ON/OFF button (to activate or deactivate the Live Traffic).
This option is useful to avoid consuming too much of your server resources.
As mentioned in the introduction, in addition to monitoring the level of safety of WordPress sites, this plugin also allows you to improve performance by caching.
With the “Performance Setup” option, you can:
- Activate two types of caching: the basic and the Falcon (to speed up your site up to 40-50 times)
- Configure the cache so that it is emptied automatically when you publish a new post
- Empty the cache manually
- Exclude specific URLs from the cache
Obviously, this Wordfence Security feature would overlap with those of other cache plugins like WP Super Cache.
If you want to block access and/or the view of your site to a particular user, crawler or bot, you can do it here, by specifying the IP address to be blocked.
If you block the view of your site at a particular IP, when the user tries to open a page you will see a message that indicates that you entered a block.
If you want, you can also block specific IP addresses from the Dashboard WordPress, but without limiting to them viewing the site.
Would you like more information about a particular domain or IP address?
Simply, paste it in this section and click “Lookup IP or domain”.
The publicly available information will appear on screen.
If you want to block a particular bot, a range of IP addresses or even visitors coming from a specific URL, do it from this page.
Finally, in the section called “Options”, you can find some basic functionalities of the plugin to work with in order to optimize their use.
There are two sections (Basic and Advanced Options).
Among the advanced options available, you may want to:
- Configure the frequency and content of notifications
- Set the Traffic Live feature so that you do not consider the visits of admin
- Configure the scan of the website
- Set some features to limit the number and frequency of login to the Dashboard
And many other features.
Being a plugin with many options, the configuration of which it will probably take up to a few hours of work, Wordfence Security also lets you export and then import your preferences, in the event that may be lost due to some error.
Wordfence Security Premium
Some features are available to premium account Wordfence users, like “Password Audit”, “Cellphone Sign-in” and “Scan Schedule” options.
The cost of a single API for 1 year is of $ 39. This price will decrease if you order a higher number of API or subscribe to the service for a longer period.
Wordfence Security is a great plugin. The many available features allow you to monitor the traffic on your pages, to block any suspicious users and also to improve the performance of your site.
Of course, some functionalities will keep using a bit of resources of your server; for this, you may want to disable specific features, so to avoid any issues if you are on a shared server (I’m on a dedicated one with HostGator).
Overall, if you want to pay special attention to the security of your WordPress blog, this is a plugin that I definitely recommend you to install.
Have you ever used Wordfence Security plugin?
Was it a positive experience?
Do you suggest any alternatives?
Please leave your comment below, and let’s start a discussion.
And don’t forget to share the post, if you enjoyed the content, thanks!