The Wordfence Security plugin is considered one of the most popular and widespread WordPress plugins on the market. It provides you with important features for searching for malware, blocking suspicious activities, and protecting and monitoring your site. The plugin helps you protect against malicious attacks, attempts to hack your site, and protection from code injection.
In this article, we will provide you with a comprehensive review of the WordFence Security add-on, how to install it, the features it offers, and the difference between the free and paid version.
How to install WordFence Security plugin?
To install the (WordFence Security) plugin, from within the WordPress control panel, go to (Plugins << Add New) and in the search box, type the name of the plugin.
After installing the add-on, you must activate it by clicking Activate and it will be ready for use.
WordFence Security settings
The WordFence Security add-on contains many features and options related to the protection and security of your site .
1- Control panel
The WordPress Security control panel contains the final results of adding the plugin to your site. From it you get an overview of what is happening on your site, and it shows you the results and percentage of the firewall’s operation and the protection percentage of your site.
It also shows you the notifications provided by the extension to improve the security of your site. You can also access all of the add-on’s settings from the control panel and configure them.
You can also control the (Wordfence Central) option, which is managing Wordfence on multiple sites from one site.
The dashboard also displays a graph of the total number of attacks blocked on your site. It displays a summary of the firewall’s operation, blocked attacks, login attempts, and blocked IP addresses.
2- Firewall
One of the important features in Wordfence is the firewall to prevent and protect the site from threats, as the firewall will filter attacks before they reach your site.
In the free version of Wordfence, the firewall rules are updated every 30 days, while the paid version is updated in real time, and you will find the default mode of the firewall is learning mode, so that the add-on understands how your site works properly to understand how to protect and secure it.
According to Wordfence’s recommendations, it is best to leave the plugin in learning mode for a week and then move to enable and protecting mode.
Configure firewall settings
First, you must go to the (Manage Firewall) option.
After that, choose Learning Mode and choose the Protection Level.
We need to determine the level of protection, because in general WordPress is loaded before any other plugin is loaded and therefore there is a possibility that malicious or harmful software will be downloaded even before Wordfence is loaded, as a firewall in Wordfence is designed to be run before running any code that may lead to… To damage the site.
After that, before Wordfence makes some changes to your system files to modify the level of protection, you must download files such as (.htaccess and user.ini) as a backup copy, then click ( Continue ) .
After that, you will see a message that the firewall has been optimized.
Wordfence Firewall offers several important features and controllable settings:
- Advanced Firewall Options.
- Brute Force Protection.
- Rate Limiting.
- Allowlisted URLs.
A- Advanced Firewall Options
Here there are some advanced options that you should pay attention to, such as:
- The ability to delay loading the plugin, i.e. the ability to allow WordPress to load first.
- Determine what IP addresses are allowed to bypass the rules without any problem.
- Determine which services are allowed permanently and are not restricted.
- Instant blocking of specific IP addresses
- Secure IP addresses that can be ignored.
B- Brute Force Protection
Another option that Wordfence provides is Brute Force Protection, or what is known as a brute force attack .
This gives you the ability to control many options:
- Blocking or closing the IP address for a specific period of time after the user makes several failed login attempts, where you can specify the number of times you allow the user to attempt login.
- Number of attempts to forget your password
- Determine the time or time frame in which failures are calculated.
- The amount of time a user is blocked and prevented from trying again.
- Instantly block invalid usernames.
- Blocking an IP address based on specific usernames.
- Forcing the website owner to use strong passwords.
There are also many other options that you can select and take advantage of.
C- Rate Limiting
Through this option, you can determine and restrict the rate of people accessing your site based on the number of visits, for example, as well as control how search engines deal with it.
Through this setting, you can do the following things:
- Determine how to deal with Google’s crawlers
- Determine the limit or rate of allowed orders
- Limit visits generated by bots.
- Block IP addresses that scan your site for vulnerabilities.
- How long an IP address will be blocked when it violates firewall rules
D- Allowlisted URLs
Identify addresses that can be said to be safe, meaning they have not been tested by Wordfence even if they are considered suspicious.
These titles should be placed when Wordfence is in learning mode.
3- Scan
Another important feature of Wordfence is the scanning and site scanning feature. The extension will scan your site for potential security issues so you can address them.
Wordfence will search for malicious files, vulnerabilities, unknown files, template files, and plugin files. It will also search for pending updates, unsafe URLs, etc.
Once the search is finished, Wordfence will provide you with a report on what problems it found and the appropriate solutions.
To start the scan, you will need to click on (Start New Scan)
Wordfence will scan the server health, look for malware and file changes, as well as check password strength and scan site vulnerabilities.
You can also control what Wordfence will scan by going to (Manage Scan)
Here there are several options you can change, such as:
- Find orphaned files.
- Check comments, templates and plugins
- Search for suspicious users.
4- Tools
Wordfence contains many important tools and features that help you track everything that happens on your site, including the following:
Live Traffic
With this feature, you can see what is happening on your site in real time. Including user logins, hacking attempts, and requests blocked by the Wordfence firewall.
For example, you can show traffic that comes from crawlers like Google and Bing
Whois Lookup
Whois gives you a way to find who owns the IP address or domain name that visits your site or engages in malicious activity on your site.
Import/Export Options
From here, you can control the import and export options
Diagnostics
This page displays information that can be used to troubleshoot errors, configuration, or compatibility issues with plug-ins or themes.
Login Security
You can improve the security of accessing your site through the Two-Factor Authentication option.
What does the paid version (Wordfence Premium) offer?
The paid version of Wordfence comes at a price of $99, and contains many additional features to protect and scan your site, including:
- Create a blacklist to block addresses that constantly attack your site in real time.
- Firewall rule updates in real time.
- Identify and block malware in real time.
- Fast support.
- Doing bans a specific country or specific geographical area.
- Do frequent scans.
- Log in via mobile phone.
- Advanced options to filter spam comments.
In the end, Wordfence is considered one of the best plugins to protect your site and improve its performance. It takes a little time to learn to use the user interface and it offers you many, many advanced options and settings
Leave a Reply