WordPress Designer News – Wordfence Security 5.1.8 Plugin
Wordfence starts by checking if your site is already infected.
Wordfence will then do a deep server-side scan of your source code, comparing it to the Official WordPress repository for core, themes and plugins.
Wordfence will then secure your website and make it up to 50 times faster.
Wordfence Security is completely free.
Wordfence also offer a Premium API key that gives you access to their premium support ticketing system at support.wordfence.com, along with two factor authentication via SMS, country blocking and the ability to schedule scans for specific times.
Wordfence Security is multi site compatible, it includes the ability to log in using your mobile phone, doing so permanently secures your website from brute force hacks.
- Wordfence also includes Falcon Engine, reputed to be the fastest WordPress caching engine available today – Falcon is faster because it reduces your web server disk and database activity to a minimum
- Wordfence includes quite a lot of support for other major plugins and themes, such as WooCommerce
- Real time blocking of known attackers – If another site that uses Wordfence is attacked and blocks an attacker, your site is automatically protected
- Sign in using your password and mobile to hugely improve your login security – This is called ‘Two Factor Authentication’ it is used by banks, government agencies and military world wide enabling the highest security authentication available
- Wordfence also scans for the HeartBleed vulnerability – This is included for all users
- Wordfence includes two caching modes for compatibility – It also has cache management features such as the ability to clear the cache and monitor cache usage
- Enforces strong passwords among your administrators, publishers and users – This improves login security
- Wordforce scans the core files, themes and plugins against WordPress.org repository versions to check their integrity
- Includes a firewall to block common security threats like fake Googlebots, malicious scans from hackers and botnets
- Block entire malicious networks -This includes advantages like advanced IP and Domain WHOIS to report malicious IP’s or networks, allowing the blocking of entire networks using the firewall
- Reports security threats to the network owner.
- View how files have change – You have the option to repair any changed file that are a security threat
- Wordfence scans for the signatures of over 44,000 known malware variants that are known security threats
- Wordfence scans for known backdoors that create security holes, these include C99, R57, RootShell, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx and many more
- Wordfence continuously scans for malware and phishing URL’s, including all URL’s on the Google Safe Browsing List in all your comments, posts and files that are security threats
- Also scans for heuristics of backdoors, trojans, suspicious code and other security issues
- Wordfence also checks the strength of all the user and admin passwords to enhance your login security
- Monitor your DNS security for unauthorised DNS changes
- Rate, limit or block security threats like aggressive crawlers, scrapers and bots doing security scans for vulnerabilities in your site
- You can choose if you want to block or throttle users and robots who break your security rules
- Includes login security to lock out brute force hacks and to stop WordPress from revealing info that will compromise security
- See all of your traffic in real time – This includes robots, humans, 404 errors, logins and logouts and who is consuming most of your content – Enhances your awareness of which security threats your site is facing
- Real time traffic includes reverse DNS and city level geolocation – Find out which geographic area your security threats originate from
- Monitor your disk space, this is related to security because many DDoS attacks attempt to consume all your disk space to create a denial of service
- Wordfence Security for multi site also scans all posts and comments across all blogs from one easy to use admin panel
Premium users can also block countries and schedule scans for specific times and a higher frequency.
Wordfence Security is a fully featured plugin, constantly updated by our team to incorporate the latest security features and to hunt for the newest security threats to your WordPress website.
To Install Wordfence Security and start protecting your WordPress website:
- Install Wordfence Security automatically or by uploading the ZIP file
- Activate the security plugin through the ‘Plugins’ menu in WordPress
- Wordfence Security is now activated
- Go to the scan menu and start your first security scan – Scheduled security scanning will also be enabled
- Once your first scan has completed a list of security threats will appear
- Go through them one by one to secure your site
- Visit the Wordfence Security options page to enter your email address so that you can receive email security alerts
- Optionally change your security level or adjust the advanced options to set individual security scanning and protection options for your site
- Click the ‘Live Traffic’ menu option to watch your site activity in real time
- Situational awareness is an important part of website security
To Install Wordfence Security on a WordPress multi site installations:
- Install Wordfence Security via the plugin directory or by uploading the ZIP file
- Network Activate Wordfence Security
- This step is important because until you network activate it, your sites will see the plugin option on their plugins menu
- Once activated that option disappears
- Now that Wordfence is network activated, it will appear on your Network Admin menu
- Wordfence Security will not appear on any individual site’s menu
- Go to the ‘Scan’ menu and start your first security scan
- Wordfence Security will do a security scan of all files in your WordPress installation including those in the blogs.dir directory of your individual sites
- Live Traffic will appear for ALL sites in your network
- If you have a heavily trafficked system you may want to disable live traffic which will stop logging to the DB.
- Firewall rules and login rules apply to the WHOLE system.
- If you fail a login on site1.example.com and site2.example.com it counts as 2 failures.
- Crawler traffic is counted between blogs, so if you hit three sites in the network, all the hits are totalled and that counts as the rate you’re accessing the system.
Try it, you might like it.