PCI Compliant Web Hosting and Managed Service Provider
Hosting Solutions since 1995

WordFence Security – K.I.S.S. approach to WordPress Security

Author: ; Published: Jun 4, 2012; Category: Managed Hosting, Security, WordPress; Tags: , ; 9 Comments

Be nice... until it's tiome to not be nice.

Over the past 17 years, I’ve found security can often be like a full squadron of obtrusive bouncers who make you want to leave before you get within 50 yards of the door.

Wouldn’t it be great to have a WordPress security plugin which was more like Dalton (Patrick Swayze) in RoadHouse who worked to have bouncers be as inconspicuous as possible; only coming out when needed, and only using what force was necessary to get the job done?

I didn’t think such a WordPress plugin existed until I found out about WordFence Security plugin on LinkedIn thanks to a post about it in the WordPress Helpdesk (without the b.s.) LinkedIn Group.

WordFence is a free (with premium options) WordPress security plugin that will scan your site for viruses, malware, trojans, malicious links on a regular basis throughout the day.

WordFence will also protect your site from scrapers, aggressive robots, fake Googlebots, along with brute force attacks.

You can start off with very easy to use, drop down and select, options where you provide an email address to receive alerts and what level of protection you desire…

WordFence Security Options

WordFence Security Options

 

To advanced options where you get a large amount of choices of how tight to watch the fence.

WordFence Security - Advanced Options

WordFence Security - Advanced Options

Wordfence scans your site for viruses, malware, trojans, malicious links, protects your site against scrapers, aggressive robots, fake Googlebots, protects against brute force attacks and much much more.

You can do a manual scan by going to WordFence Security, then click on Start a WordFence Scan.  Plus WordFence Security will do its own scans throughout the day.

WordFence Security scan

WordFence Security scan

 

When WordFence finds issues, you have the choice to ignore the issue until the file changes (this could be due to an authorized party making an authorized change to the file), to tell WordFence you’ve fixed the issue (if that’s not the case, WordFence will alert you again on a future scan), or to have WordFence fix the file for you by restoring it from a cloud-based repository.

WordFence Security - Unrecognized File in WordPress Core

WordFence Security - Unrecognized File in WordPress Core

Now in the above case, it is a .htaccess file I placed in the directory; and I told WordFence to ignore the issue until the file changes.

WordFence protects you against user brute force login attempts; and will block IP’s that fail too many times (this is configurable by the user).

WordFence Alert IP address locked out - brute force protection

WordFence Alert IP address locked out - brute force protection

You can also tell WordFence to send you alerts when someone with administrative rights logs into WordPress.

WordFence Security alert administrator logged in

WordFence Security alert administrator logged in

Behind the scenes, WordFence is also watching out for fake googlebots and bad traffic; offending IP addresses are blocked.

WordFence Security - Blocked IP Addresses

WordFence Security - Blocked IP Addresses

You can configure how long offending IP addresses are blocked.

Part of the WordFence scan is to check for the core, themes, and plugins that are out of date. If WordFence finds something out of date, you will get a notification.

WordFence Security - upgrade alert

WordFence Security - upgrade alert

For those that like to watch real time traffic to their site, WordFence provides a view where you can watch all traffic, all human traffic, and so on.

WordFence Security - Live Traffic, Human Tab

WordFence Security - Live Traffic, Human Tab

Over the last several weeks of using WordFence, I’ve had various support issues ranging from questions to problems.  Mark Maunder responded to all issues in a prompt manner. 

The only problem I ran into was that after upgrading (it may not have been the upgrade, but a version change) from the free version to the premium version (there are several premium options, and the pricing is extremely reasonable), the WordFence security scans would not complete due to a memory issue.  Mark worked on the problem over the course of a few days, politely asked for log files, respected privacy, and was able to resolve the issue with a version upgrade.

Mark and his team care about WordFence Security; and the plugin works as marketed.

WordFence is a key plugin if you want to increase your WordPress Security.  If you are like me where you enjoy the K.I.S.S. principle of keep it simple and secure, then the WordFence Security plugin is for you.

Contact us if you are one of our managed hosting customers who desire help with WordFence.

Peter Abraham
Former CEO of Dynamic Net, Inc. Will be transitioning to a new career in the near future.
Peter Abraham

@

Peter Abraham

9 Responses to “WordFence Security – K.I.S.S. approach to WordPress Security”

  1. Anders Vinther says:

    Hi Peter,

    Great post about WordFence… I will be reviewing this plugin soon myself, so thanks for the details you have provided here…

    I recently had some security problems with my WordPress sites, and ended up doing a lot of research into securing WordPress sites…

    I have written up my experiences in a comprehensive WordPress Security Checklist which can be downloaded for free on http://www.wpsecuritychecklist.com.

    My checklist has a few more items and detailed steps for how to get the job done.

  2. Andrews, thank you for your comment and encouragement.

    http://www.wpsecuritychecklist.com/ is an excellent project; well done.

  3. Please note WordFence as of version 2.1.4 is not yet compatible with the recently released WordPress 3.4.

    I’m sure Mark and his development team are working hard to get this resolved.

  4. WordFence now works with WordPress 3.4.

    Thank you Mark and team!

  5. Don says:

    My blog was crashed and hacked by hackers and i did not get any time to backup my site before it occurs, but lucky that upon stumbling on this page from google i manage to earn more about wordfence and have just install it the blog.

    The hack was redirecting my google pagerank 1 to the hacker website. They are SEO hackers and from 1000+ unique traffic i received to 100 per day . it was a lesson that i learned , ALways backup and always update

  6. Tony Perez says:

    Hi Peter

    Thanks for stopping by earlier to talk about my WordFence review. Reading through yours I think we both focus on different aspects. Your focus appears to be more on the attacks and crawlers which is important in it of itself, while mine focuses specifically on its detection capability.

    My thoughts on its effectiveness: http://perezbox.com/2012/06/review-wordfence-plugin-effective-not/

    Nice post though. I do like the user experience and specifically the Live Traffic feature.

  7. Thank you very much for taking my phone call concerning a potential client.

    I agree with you; and I appreciate your taking the time to share a different side of WordFence.

    Hopefully Mark and his team will see your points; and, take measures to update the product to cover those points.

  8. Rod says:

    Thanks for the review, Peter. I certainly like the sound of this plugin; my only concern is how much of a load it places on the web server? I’m quite sensitive about this since having a site suspended in the past for “excessive resource consumption” (not that my host is prepared to define exactly what they mean by that :-/ )

  9. Hi Rob:

    Mark has been optimizing the WordFence Security code, so you might still want to give it a go.

    See http://www.dynamicnet.net/2012/04/cheap-hosting-limits-growth-site/ for what else being on a host with a heavy throttling hand might be costing you.

    See http://www.dynamicnet.net/2012/06/reflections/ for examples of what happens when there is no throttling.

    Thank you.

Leave a Comment


six + = 12