This is a post with main information and instructions about Wordfence, its features and installation instructions. It is used mainly for own use – is not an own article but is info taken from different websites around the web information about this WordPress plugin
- Web Application Firewall identifies and blocks malicious traffic. Built and maintained by a large team focused 100% on WordPress security.
- Protects your site at the endpoint, enabling deep integration with WordPress. Unlike cloud alternatives does not break encryption, cannot be bypassed and cannot leak data.
- Integrated malware scanner blocks requests that include malicious code or content.
- Protection from brute force attacks by limiting login attempts.
- Malware scanner checks core files, themes, and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections.
- Compares your core files, themes, and plugins with what is in the WordPress.org repository, checking their integrity and reporting any changes to you.
- Repair files that have changed by overwriting them with a pristine, original version. Delete any files that don’t belong easily within the Wordfence interface.
- Checks your site for known security vulnerabilities and alerts you to any issues. Also alerts you to potential security issues when a plugin has been closed or abandoned.
- Checks your content safety by scanning file contents, posts and comments for dangerous URLs and suspicious content.
- Two-factor authentication (2FA), one of the most secure forms of remote system authentication available via any TOTP-based authenticator app or service.
- Wordfence Central is a powerful and efficient way to manage the security for multiple sites in one place. – for more info click or download free version here or premium here.
On the following link, there is a nice comparison between Wordfence Free Version and Wordfence Premium
Setting Wordfence options
Once you’ve installed and activated Wordfence, head on over to the Options page by choosing Wordfence > All Options from the left-hand menu in the WordPress admin. Most of the options are set to pretty good defaults, so you don’t need to touch them. However, there are a few options in this page that you’ll definitely want to make sure you’ve set:
- Scan Options > Scan Scheduling > Schedule Wordfence Scans: This should be set by default (with the ENABLED button highlighted). It makes Wordfence scan your site for hacks and malware once per day
- Wordfence Global Options > General Wordfence Options > Update Wordfence automatically when a new version is released?: This setting automatically updates the Wordfence plugin every time a new version becomes available. It’s a good idea to check this checkbox to keep your site as secure as possible. If it causes any problems, uncheck it again and remember to update your Wordfence regularly!
- Wordfence Global Options > General Wordfence Options > Where to email alerts: Make sure you enter your email address here, so that Wordfence can email you if it finds that your site’s been hacked.
Once you’ve checked through these options, click the SAVE CHANGES button at the top of the page to save your settings:
Running your first scan
The next thing you’ll want to do is run a Wordfence scan to check if your site’s been hacked. To do this:
- Choose Wordfence > Scan from the left-hand menu in the WordPress admin
- Click the START NEW SCAN button on the left side of the page
Depending on the size of your site, the scan takes anywhere from a few seconds to several minutes to complete. While it’s scanning, you’ll see a progress bar appear, along with a status message showing you what Wordfence is currently scanning. Eventually, you’ll see the text Scan Complete appear in the status line. Now scroll down the page until you see the Results Found tab.
- Choose Wordfence > Firewall from the left-hand menu in the WordPress admin.
- Click the MANAGE FIREWALL button near the top of the page
- On the Firewall Options page that appears, click the OPTIMIZE THE WORDFENCE FIREWALL button
- An “Optimize Wordfence Firewall” popup appears. There’s a lot of techie text here, but don’t worry about it unless you have more than one WordPress running on your site, or you know your server configuration is different to the one shown. Just click the DOWNLOAD.HTACCESS button — this downloads a backup file containing your current
.htaccessserver configuration file, in case anything goes wrong when Wordfence changes it. Then click the CONTINUE button to optimize the firewall.
For more info go on the Wordfence Help page.