Wordfence – WordPress Security Plugin
The Wordfence Security Plugin for WordPress powered websites is a must have plugin. Online Casino Reviewer has been using Wordfence since we migrated the site over to WordPress back in 2013.
We actually subscribe and pay for the premium version of Wordfence, such is it’s versatility and what you are able to glean from the plugin.
If you are a seasoned wordpress webmaster that has come across this article, then you know full well as to why we speak so highly of this plugin.
It is in short a must have for any website that runs with WordPress. As WordPress is opensource code, ensuring your site is patched up and up to date is imperative. Every day, new exploits of the WordPress platform are being identified as a result.
Well with Wordfence, your wordpress installation can be configured so as the Wordfence plugin handles automatically all and any updates that are required, for your installed themes and plugins.
Below, we will cover the most popular and well used features of Wordfence and what it can do for your own site. Plus, we look at what you actually get for paying for the premium version and why in our view it is worth every single cent or pence spent.
Stopping your WordPress Site from being Hacked
We’ve all seen examples of defaced and hacked sites on the internet. Back in 2013 and this data is 5 years old at the time of writing this article, anti virus company Sophos reported that 30,000 sites get hacked every day. Every day!
This number is most likely to have increased considerably over the past five years, so the first thing webmasters need to ensure when launching a site, is to secure it. After all you don’t buy a house and leave the front door open.
With Wordfence it provides you with an easy to configure firewall, which is completely configurable from within your WordPress admin ‘Dashboard’.
The main feature of the Wordfence Firewall is the ability to stop brute force attacks on your WordPress admin account. You are thus able to configure this to block at ip level any visitor or ‘bot’ that unsuccessfully attempts to login to the admin dashboard of your site.
The plugin can also be configured to email you each and every time a brute force attack has been blocked and stopped. But you may want to setup a rule within your email client, so these get filtered to a dedicated folder. As you will be surprised how many email notifications you will receive, once this is enabled!
The Brute Force Protection alone is a must have for any webmaster using WordPress and once employed the results are staggering indeed. See the example for Online Casino Reviewer directly below.
This feature of Wordfence is available in the free version they have made accessible for all WordPress site owners and is arguably it’s most powerful and popular aspect of the plugin.
However, should you subscribe to the Premium version of Wordfence then more tools and utilities become available. For the price of $99 a year, which can also be paid monthly, Wordfence Premium should be a serious consideration for any site owner who values the security of their site or sites.
Wordfence Premium is a No Brainer for the Serious Webmaster
If like us at Online Casino Reviewer you run a site which provides you with a revenue stream, then you really have no argument to not subscribe for the Wordfence annual subscription in the form of Wordfence Premium.
At a cost of $99 annually, which can also be paid monthly, the premium version of Wordfence unlocks so many more features for you to use.
As well as all the utilities you get at your disposal with the free version, with the paid for version you have a whole host of features unlocked for you to use and employ at your leisure.
The old adage ‘You get what you Pay for’ certainly rings true with the Premium paid for version of Wordfence. Whilst the free version is good, the premium version is exceptional and below we showcase the features we really love and use.
Two Factor Authentication
The paid for version allows you to employ Two Factor Authentication for any or all of your author or admin accounts you have set up on your website. What this enables you to do, is configure any of your user accounts to have to use a random unique code when logging in, in addition to using their usual password.
This code is sent by way of SMS text message to their designated mobile phone handset, which you configure in the dashboard.
So for anyone trying to hack into the WordPress Dashboard, not only do they have to know your password ( Thanks to Brute Force Protection employed, brute force attacks do not work ), but they also need to be in possession of your mobile phone. Goodbye hackers!
Another neat feature for the stattos among you is the Live Traffic option, which allows you to view in real time who is on your site, how did they arrive there, what page they are currently viewing and where they originate from. The information provided also includes any and all bots that visit.
Be warned though, the Live Traffic option when enabled does increase the load on your server, so we would suggest you only use this, if your site sits on a dedicated or cloud based server.
Should for some reason you want to block visitors from a certain country or countries from accessing your site, then Wordfence Premium provides you with an easy to use utility to do so. We’ve tried lots of different plugins for this, but after lots of testing, Wordfence in our opinion is the best out there.
Now there may be a number of reasons why you would want to block access to a particular country. From our perspective, we use it to block those countries which do not yield any results and are known hosts for site scraping bots.
Having been on the receiving end of Negative SEO attacks, which have used our own copyrighted content against us, to try and get OCR penalised by the likes of Google. This feature is superb.
What’s more Wordfence even allows you to redirect said visitors from banned countries to a dedicated page. See below where we redirect them!
Not only can you employ this at a country level, you can also specify a stand alone unique IP address. Very handy indeed! Can you guess which countries are blocked from accessing Online Casino Reviewer from this screenshot above? Answers on a postcard!
Another area of interest and use are the bespoke scans which you can employ Wordfence to perform on your site. These include scans for Malware against all and any plugins you have installed.
Furthermore Wordfence Premum also enables you to check the ‘reputation’ of your site to see if it has been added to any spam blacklists for example.
Scans can be scheduled or actioned there and then, but there are also options configurable so as Wordfence does not overload your server when scanning your site.
You may have guessed that we are big fans of Wordfence. Seriously, it is in our considered view, the best security plugin for WordPress. If you run a WordPress site and do not have Wordfence installed, head on over to your Dashboard now and install it!
Whilst looking into WordPress vulnerabilities, I came across this concise article over on wpwhitesecurity.com. Whilst not related to Wordfence, it does cover how easy it is to hack the admin account of WordPress, if you have not secured your installation. Well worth a read.
- Editor Rating
- Rated 5 stars
- Reviewed by:
- Published on:
- Last modified: