Did you know that installing a security plugin on your WordPress blog or website is one approach to protect it? But, do you know which WordPress security plugin is the best?
Well, in this article, we’ll tell you about the Wordfence plugin, one of the most popular and well-rated security plugins in the WordPress repository. It currently has more than 2.4 million downloads (and continuously increasing) and a review ratio of 4.9 out of 5, almost nothing.
WHAT IS WORDFENCE (AND HOW DOES IT HELP IMPROVE WORDPRESS SECURITY)?
- It’s an antivirus with a scanning engine that, among other things, compares your WordPress files to the original files in the WordPress repository and, if there’s a mismatch, guides you through the process of fixing it.
- It is a PHP-based, application-level firewall that blocks all malicious traffic (those who break the rules, whether they are people or robots) before it even reaches your site. WordFence Firewall stops you from getting hacked.
- It also has a caching engine that can boost the loading speed of your website or blog by 30 to 50 times. We can’t attest to the latter, but it’s there.
WHAT EXACTLY DOES WORDFENCE DO TO SHIELD YOUR WORDPRESS SECURITY?
Wordfence continuously monitors and protects your website against brute force attacks by imposing strong passcodes, limiting login attempts, and other sign-up security protocols. Simply put, it defends the website from individuals who try to use “bad arts” against it. It lets you see who is visiting your website or blog, what they are doing on it, and who has been blocked, whether they are humans or robots. Wordfence is a gold standard when it comes to helping you protect your website or blog from malicious minds. Let’s see the menu that the Plugin presents us, step by step. Today’s idea is to explain a few of the sections of this Plugin thoroughly so that you understand how it works and has some basic notions about it.
- Performance Setup
- Blocked IPs
- Cellphone Sign-in
- Scan Schedule
- Whois Lookup
- Advanced blocking
Just like with most WordPress plugins, the installation process of WordFence is pretty straightforward.
Step 1: To install and configure WordFence on your site, go to the WP dashboard and select Plugins and Add New; search for WordFence in the plugin search bar and select it. Press the Install Now button and then click Activate.
Step 2: Once installed, you will see a screen asking to enter your email address to receive a security alert. Agree to their terms and click continue.
Step 3: WordFence will ask you to enter an API key in the next screen to complete the installation process. If you purchased a premium account, you could enter your premium key to activate the extra features. Otherwise, go ahead and click on the No Thanks option.
Step 4: Voila! WordFence is now installed, and your site is already better off! But now it’s a great time to get into the nitty-gritty.
Configuring the Firewall
Wordfence Web Application Firewall includes a robust set of protections that preserve our website against common attacks and threats like Malicious file uploads, SQL code injection, and others. According to predefined security rules, the Firewall inspects incoming, and outgoing traffics of Bots and humans and can block or allow access to them.
Basic Wordfence Firewall Configuration
- Access the Firewall option on the WordPress dashboard sidebar Wordfence > Firewall; there, we will select the “All Firewall Options” option.
- Here we will configure the primary Firewall option. This option defaults to Firewall Status: Enabled and Protected; it is a basic protection option. The best part is that we switch it to Learning Mode, which allows the Firewall to learn about your website and how to secure it. The Firewall will be automatically activated after a week.
- Save the changes. We have successfully made the basic configuration of the Firewall.
Configuring the Extended Firewall
The WordPress Extended Firewall gives us more security for our website. Because Wordfence is a plugin, some dangerous code may be processed by WordPress before it runs. As a result, the Extended Firewall will change the .htaccess file to ensure that all PHP requests are processed before they are executed.
- Go to the Firewall > All Firewall Options option to configure the extended Wordfence Firewall, and tap on Optimize the Wordfence Firewall.
- You will be presented with a tab on which you must conduct two operations. First, choose a server type (check with your hosting provider if you do not know). In any case, Wordfence will suggest a server for you. The second step is to obtain a backup of the .htaccess file, which you may simply incorporate using a file manager or FTP if something goes wrong.
- You will receive a success message if everything works smoothly.
- If you check the code of your .htaccess file, you will see the Wordfence Firewall configuration code.
- Done, you have finally activated the Extended Firewall Successfully.
Protection Against Brute Force Attacks
Always in the All Firewall Options section of the Wordfence> Firewall option, we will find a section called Brute Force Protection. Follow the steps below and protect your website from brute force attacks.
- Determines several failed logins to block access: Recommendation: 05 attempts.
- The number of failed password attempts to block access: Recommendation: 05 attempts.
- The time that the user will be blocked: Recommendation: 30 minutes.
- You can leave the other settings as default.
The Rate Limiting section allows you to limit access to bad bots that scan your website for vulnerabilities, make sure you have this option activated.
Go to Wordfence > All Options > Rate Limiting > How long is an IP address blocked when it breaks a rule. You can adjust it to whatever timeframe you’d like.
Configuring the Scanner
With Wordfence’s Scan function, we can analyze all files on our WordPress site, looking for malicious code and shells that hackers may have installed. To do so, go to your WordPress dashboard sidebar option Wordfence > Scan and click the Start New Scan button.
Now, the Wordfence scanner will begin its search for risks, and if any are discovered, it will provide us with a brief description of the issue in the results.
Two Factor Authentication
Two-Factor Authentication (2FA) adds an additional layer of protection/security to your WordPress website login page and its users. Go to WordPress Dashboard Sidebar option Wordfence > Login Security to enable two-factor authentication on your website.
In WordFence, visit the Login Security page. Scan the QR code from the Authentication app field, download the recovery code (put somewhere safe) and click activate. That’s it!
If you have any queries regarding the plugin or WordPress security, please ask them in the comment section below. Or, if you want to enhance your WP security, connect with us!