Instructions for installing and using the WordFence plugin

Want to secure your WordPress website?

If you haven’t taken any security measures for your website yet, it’s time to act now.

When it comes to WordPress website security plugins, you have many options at hand.

You can secure WordPress with the iThemes Security plugin as I mentioned before.

But today I will mention another plugin?

It’s Wordfence .

In this article, you will know how to install and use the Wordfence plugin.

First of all, let’s find out what Wordfence plugin gives you.

What is WordFence?

Wordfence is a WordFence security plugin. And it is very popular plugin.

2 million installs speaks for itself.

So what good features does this plugin have?

As a security plugin, of course it will help protect your website against malicious threats, DDOS attacks or brute force attacks to steal passwords.

Here’s the feature worth:

It has a web application firewall (website applicaiton firewall – WAF). This firewall will filter incoming traffic to quickly detect and block malicious requests.

Besides, there is also the malware scanner feature. You can scan the entire source code of your website to find malicious code if any.

This gives you peace of mind that you will have a clean WordPress website.

So is this plugin free or paid?

It is a free plugin, but as you might have guessed it also has paid features.

If you need some advanced features like country blocking (block access from one country), firewall rule update in real time (free version updates only every 30 days), scan by shedule, then you can spend money to buy premium version.

That’s all you need to know about Wordfence.

Now how to install and use the plugin.

How to Install and Use the Wordfence plugin in WordPress

First you need to install and activate the Wordfence Security plugin.

How to install a WordPress plugin you see here.

Immediately after activating the plugin, you will be asked to enter the email address that receives security-related alerts.

You should enter your email address. That way you will quickly detect all the security issues of the website.

The first area you see is the Dashboard.

Here you will get an overview of which plugin features are enabled.

You also see how many attacks were prevented on Wordfence’s website and network.

Below you will see the top blocked IP addresses, the number of login attempts and the top countries from which your website was hacked.

Next you need to scan your website to find security issues, if any.

Scan websites using Wordfence

Go to Wordfence -> Scan and click on the ‘ Start a Wordfence Scan ‘ button.

The plugin will now scan your website for security issues including:

So what mechanism helps the plugin to detect changes in your WordPress website?

It turns out that Wordfence has a dedicated server that holds every version of WordPress as well as themes and plugins.

This way it only needs to compare the original file with the file on your server to detect anything that has changed from the original.

As soon as you click the ” Start a Wordfence Scan ” button, you will see the scan progress in the yellow box.

It’s just technical information. You don’t even need to pay attention.

Scanning time depends on the data size of your website.

Immediately after the scan is complete, you will receive WordFence’s result message:

You just follow the message and fix all the errors it lists.

You need to know that:

The free version will run an automatic scan every 24 hours. The paid version allows you to set up a running schedule.

Firewall optimization

In addition to the scanning feature above, Wordfence also has a firewall as I mentioned.

This is a PHP based application firewall.

This firewall has 2 levels of protection.

Basic level is enabled by default allowing the firewall to run as a WordPress plugin.

Simply put: the firewall will run when WordPress loads the plugins.

What if there was an attack before the theme and WordPress were loaded?

Of course the firewall won’t work.

This is when a second protection feature called extended protection comes into play.

This level of protection will run before both the WordPress core as well as themes and plugins.

This allows against advanced attack threats.

You may also have heard of Sucuri ‘s firewall . So how is it different from Wordfence’s firewall?

The Wordfence firewall is an application firewall. That is, it runs on your server.

While Sucuri’s firewall is a DNS level firewall.

Simply put, all your traffic will go to an intermediary proxy before reaching the website.

Thus, Sucuri’s firewall will be more effective against DDOS attacks.

You also reduce the load on your website.

It’s a bit wordy about the WordPress firewall.

As mentioned, WordFence’s firewall is enabled by default in basic mode.

Your task now: you need to optimize it or in other words turn on extended protection.

Go to Wordfence -> Firewall and click on the Optimize Firewall button.

Now Wordfence will check your server configuration and make a choice. If you find that Wordfence’s selection is not standard, you can change it again.

Click the Continue button to continue:

Next, WordPress will ask you to download the .htaccess file for backup. Because it needs to add code to the .htacess file to run before WordPress.

Click the ‘ Download .htacess ‘ button. Once done, click the Continue button .

Now you will see the protection level will be Extended Protection .

Do you have a question about the Learning mode of Firewall Status?

When you start installing Wordfence, it will try to understand how you and your users interact with the website. As such it will not block valid users.

So you should this mode like that. After a week it will automatically switch back to “ Enabled and Protecting ” mode.

Monitor website traffic and block suspicious IPs

WordFence will monitor traffic to your website.

You can see this information by going to Wordfence -> Live Traffic.

Here you can see the list of IPs accessing your website.

You can block individual P addresses or even entire network ranges.

If you want to block IP manually, you can go to Wordfence -> Blocking.

In addition, the plugin also has a Tool and Options section.

Some features are only available in the paid version. The options section is relatively long, you can explore more on your own.

With what I share is more than enough to make sure your website is safe from threats out there.

Epilogue

Wordfence is one of the essential WordPress plugins.

It should be on your list of plugins you should install as soon as you finish installing WordPress.

The plugin has a powerful malware scanner and firewall to make your website more secure.

What do you think about this plugin? Do share your views on the Wordfence plugin in the comments section below.

icon made by http://www.flaticon.com/authors/madebyoliver from ww.flaticon.com