3,511 total views, 1 views today
If you’re a WordPress user then site security should be at the top of your priority list. As the most popular CMS on the planet, it has more than its fair share of hackers, bots, and bad actors with WordPress websites in their crosshairs. You don’t want malware to creep onto your site, nor do you want unwanted guests past your login screen. You can choose from many different solutions for keeping your site’s perimeter locked down, but in Cup O Code’s opinion Wordfence is one of the best options out there.
Like most WordPress security solutions, Wordfence is available as a free plugin on the WordPress.org plugin repository. You can always upgrade to the premium version for additional features and support, but the free version of Wordfence is powerful and for the average user, will handle the necessary security features you are looking for.
Install and activate it as you would any other plugin from Plugins – Add New in your WordPress dashboard. Once that step is complete, you will have a new Wordfence menu item in your left-hand sidebar.
The dashboard gives you a good overview of the current state of your site at the point of the last scan you took. The top row contains boxes with current percentages of protection (based on Wordfence features enabled). We want to note that you will very rarely see these at 100%. To gain 100% in any metric of protection, you will need to be a premium subscriber.
The most prominent advanced feature that WordFence offers is the WAF, or Web Application Firewall. You can find this feature, unsurprisingly, under the WordFence – Firewall menu option.
This is some of the real power of WordFence, especially for free users. The WAF lets you set how much of your site’s resources can be used by crawlers and other robots and scripts around the web. This means protection from scripts that are potentially installed before you can scan (from malware) or even some sites that target WordPress servers for brute for attacks.
You can also block entire IP ranges from accessing your site. As you can see in the image above, Wordfence can handle this automatically, as well. The plugin caught these IPs and blocked them on its own.
Overall, here at Cup O Code, we think that Wordfence definitely earns the popularity it has garnered. With one of the few completely free WAFs out there, site scanning, and built-in 2FA, there’s really no reason not to have Wordfence installed (unless you’re using a different security plugin or service, at which point you already have these bases covered, anyway). Premium users getting priority support for their tickets and real-time updates can be the difference in your site being compromised for an hour and compromised for a month. Review your needs, and then you can decide if the Wordfence premium upgrade is worth it. And if security is a concern at all (which it should be), Wordfence is a fantastic level of protection for any kind of WordPress site. We use Wordfence as a baseline protection on all of our custom built websites for clients.