WordPress is one fantastic piece of blogging platform, and one of it’s beauty is: We hold the responsibility to keep our blog fast, safe, secure and make changes according to our mood. It’s like a home for a blogger, and how can’t we add some security measures to ensure nothing goes wrong on our blog. Specially, when you are running a multi-author WordPress blog, your role to ensure security of your blog increases.
Today, I will be sharing one useful plugin call “WordFence Security“, which is a WordPress security plugin doing multiple task. Earlier, we talked about few WordPress security plugins to check hacked blog, and few plugins to protect our blog. Apart from plugins, you can follow these simple WordPress security tips to improve overall protection of WordPress blog. Now, lets look into WordFence plugin:
Features of WordFence Security plugin:
WordFence is a free plugin, and it also comes with upgraded paid options. A free version will get your work done without any issue. There are many features which are available for paid options like:
- Country blocking : This feature will let you block traffic originating from any particular country.
- Remote scan
- Scheduling scan
These are few of the features which you will miss in free version, and now lets look what all we are going to get in Free version:
- Set one click security level: With one click you can set what security level you wish to set for your site. One very useful feature here is: You can set your security level to critical, which is helpful for those WordPress blog owners, whose sites are under hacker attack.
- Email alerts: Here, you can set your notification options. I usually set it for few features like: alert on critical problem, alert on warnings, Alert when an admin user signs in.
- Live traffic view: Live traffic view is a useful option but I won’t recommend you to enable this feature on any busy site.
- Virus scanner: WordFence scanner will scan all your existing file for any malicious code. Also, it will enable the monitoring for any newly added file.
- Firewall rules: This is useful if wish to control the access of bots on your site.
- Login security features: If you use any login security plugin like Login lockdown, with Wordfence security plugin you can ditch the older one. Wordfence can be configured to send you notification for any user who logged into your WordPress dashboard, lock out from login after x login attempts. Another useful feature here is, it won’t reveal valid usersname in login error.
- Additional WordPress security options: There are few more options which you need to secure your blog, like : hiding WordPress version, scan comments for malicious URL’s, check password strength for your user.
- Avoid DdOS attack.
If you are worried about amount of memory this plugin will use, you can set maximum used memory by this plugin. If you are on shared hosting like Hostgator or Bluehost, you can set it to 256 without any issue.
When you first download, install, and activate WordFence security plugin from WordPress dashboard, at the same time you need to get an API key from their site. Don’t worry this is free, and you can get unlimited API keys for free account. Once you have got your WordFence API key, simply go to WordFence settings, add your Wordfence API key, set a security level and select the appropriate option to see the live traffic.
I also recommend you to check all the features offered by this plugin and set up according to your requirement. Once all done, click on save.
Now go to WordFence > Scan and click on start a WordFence scan. This will run your first security scan, and will check your existing blog for any vulnerabilities. Depending upon your site size, it may take hours to finish the first security scan.
Once scan is finished, you can see all errors on the scan page or depending upon your notification settings, you will receive Email notifications for all the errors.
I find WordFence security to be very useful for it’s features, as it not only scan your existing WordPress site for any vulnerabilities but also protect your site in real-time against hacker. Instead of using individual security plugin on your WordPress blog, I would recommend you to try WordFence security plugin.
Let me know which all security plugins for WordPress you are using on your blog, and how’s your experience with WordFence plugin so far?