Wordfence Security is one of the most popular and widespread WordPress plugins in the market. It provides you with important features to scan for malware, block suspicious activities, protect and monitor your site, and helps you protect against malicious attacks, hacking attempts and code injection.
In this article, we will give you a comprehensive review of the WordFence Security add-on, how to install it, the features it offers, and the difference between the free and paid versions.
How to install WordFence Security add-on?
To install the (WordFence Security) plugin, from within the WordPress control panel, go to (Plugins << Add New) and in the search box we write the name of the plugin.
After installing the add-on, it must be activated by pressing Activate and it is ready to be used.
WordFence Security Settings
WordFence Security includes many features and options related to the protection and security of your site .
1- control panel
The WordFence Security dashboard contains the final results of the extension work on your site. From it, you get an overview of what’s happening on your site, showing you the results, the percentage of firewall work, and the percentage of protection for your site.
It also shows you the notifications the extension provides to improve the security of your site. You can also access from the control panel all the settings for the addition and configure it.
You can also control the option (Wordfence Central), which is to manage Wordfence on multiple sites from one site.
The dashboard also displays a graph of the total number of attacks that have been blocked on your site. It displays a summary of firewall operation, blocked attacks, login attempts, and blocked IP addresses.
2- firewall
An important feature of Wordfence, is the firewall to prevent and protect the site from threats, as the firewall will filter attacks before they reach your site.
The free version of Wordfence, the firewall rules are updated every 30 days, while the paid version is updated in real time, and you will find the default mode of the firewall is learning mode, in order for the extension to understand how your site works properly to understand how to protect and secure it.
According to Wordfence’s recommendations, it is best to leave the extension in learning mode for a week and then switch to Enabled and protecting mode.
Configure firewall settings
First, you must go to the “Manage Firewall” option.
Then choose the Learning Mode and the Protection Level.
We need to specify the level of protection, because in general WordPress is loaded before any other plugin is loaded and therefore there is a possibility that malicious or malicious software will be loaded even before Wordfence is loaded, as a firewall in Wordfence is designed to run before any code that might lead to damage to the site.
After that and before Wordfence makes some changes to your system files to modify the level of protection, you have to download files such as (.htaccess and user.ini) as your backup copy, and then click on ( Continue )
Then you will see a message that the firewall is optimized.
Wordfence firewall provides several important features and settings that can be controlled:
- Advanced Firewall Options.
- Blind force protection.
- Rate Limiting.
- Allowed URLs (Allowlisted URLs).
A- Advanced Firewall Options
Here are some advanced options that you should pay attention to, such as
- The possibility of delaying the loading of the plugin, i.e. the possibility of allowing WordPress to load first.
- Determine what ip addresses are allowed to bypass rules without any problem.
- Determine permanently permitted and unrestricted services.
- Instant blocking of specific IP addresses
- Secure IP addresses that can be ignored.
b- Brute Force Protection
Another option that Wordfence provides is Brute Force Protection or a blind force attack .
This gives you the ability to control a lot of options:
- Block or lock an IP address for a specified period of time after a user has made several failed login attempts, where you can specify the number of times the user is allowed to try to login.
- Number of attempts to forget the password
- Specify the time or time frame in which failures are calculated.
- The amount of time the user is banned and prevented from trying again.
- Immediate blocking of invalid usernames.
- IP address blocking based on specific usernames.
- Force the site owner to use strong passwords.
There are also many other options that you can select and take advantage of.
C- Rate Limiting
With this option, you can limit and limit the rate of people coming to your site based on the number of visits, for example, as well as control how search engines are dealt with.
With this setting, you can do the following:
- Determine how to deal with Google’s crawlers
- Determining the limit or rate of allowed requests
- Limit visits generated by bots.
- Block IP addresses that scan your site for vulnerabilities.
- Duration of an IP address ban when it violates firewall rules
D- Allowed URLs
Identify addresses that can be said to be secure addresses, that is, they have not been tested by Wordfence even if they are considered suspicious.
These addresses should be placed when Wordfence is in learning mode.
3- scan – scan
Another important feature of Wordfence is the scanning and site inspection feature. The extension will scan your site for potential security issues so that you can address them.
Wordfence will search for malicious files and vulnerabilities as well as unknown files, template files, and extension files. It will also search for pending updates, unsecured URLs, and more.
Once the research is done, Wordfence will report back to you what problems it found and the appropriate solutions.
To start the scan, you will need to click on (Start New Scan)
Wordfence will scan server status, look for malware and file changes, as well as check password strength and site vulnerabilities.
You can also control what Wordfence will scan, by going to (Manage Scan)
Here there are several options that you can change, such as:
- Find orphaned files.
- Check comments, templates, and plugins
- Search for suspicious users.
4- Tools
Wordfence contains many important tools and features that help you keep track of everything that happens on your site, including the following:
Live Traffic
With this feature, you can see what is happening on your site in real time. Including user logins, hack attempts, and requests blocked by the Wordfence firewall.
For example, you can show traffic that comes from crawlers like Google and Bing
Whois Lookup
Whois gives you a way to find out who owns an IP address or domain name visiting your site or engaging in malicious activity on your site.
Import/Export Options
From here, you can control the import and export options
Diagnostics
This page displays information that can be used to troubleshoot problems, configuration, or compatibility issues with plug-ins or themes.
Login Security
Where you can improve the security of access to your site through the option (Two-Factor Authentication)
What does the paid version (Wordfence Premium) offer?
The paid version of Wordfence comes at $99 and has many additional features to protect and scan your site, including:
- Create a blacklist to block addresses that constantly attack your site in real time.
- Firewall rule updates in real time.
- Real-time identification and blocking of malware.
- fast support.
- Do prohibits a specific country or geographic area.
- Do frequent scans.
- Mobile login.
- Advanced options for filtering spam comments.
In the end, Wordfence is one of the best plugins to protect your site and improve its performance, you need a little time to learn to use the user interface and it offers you lots and lots of advanced options and settings.
Professional WordPress as he likes our site to be specialized in WordPress to make a professional site
