WordPress security is a very important issue, as you can never know when you will be attacked and in what way.
WordPress is under constant threat from cybercriminals. 34.5% of all websites on the Internet run on WordPress, it is worth noting that WordPress is the CMS that accounts for more than 90% of all cyber-attack attempts.
Some of the reasons that have led to cyber-attacks are due to vulnerabilities in themes and plugins, problems generated from misconfiguration and a lack of maintenance by webmasters, who often forget to update their CMS, themes and plugins.
But you may wonder…
What can I do to keep my WordPress website secure?
Today we will tell you about a very popular plugin that will help you with WordPress security in a simple and easy to use way, this plugin is called Wordfence.
What is Wordfence?
Wordfence is a top-tier WordPress security plugin that will help protect the site from a wide range of malicious threats such as malware, intrusions, Denial of Service Attack (DoS/DDoS) and brute force attacks.
Wordfence offers a free and premium version. The premium version has more additional features including country blocking, scheduled scanning and real-time firewall rule updates, among others.
Wordfence has a variety of features to help us protect our website
It is a very easy to use dashboard where we can view reports and statistics about the security of the website. We will also be able to see the Wordfence notifications, which can tell us for example if we have a theme or a plugin that is not updated.
In this section we will be able to execute a scanner to our web.
This scanner will help us examine our WordPress files for security issues, spam urls, backdoors, known vulnerabilities and known virus patterns.
The basic level firewall is enabled by default, and essentially runs as a WordPress firewall.
Basically, this allows the Wordfence firewall to load with the rest of the plugins installed on your site, effectively protecting you from a wide variety of threats.
Protects against common attacks such as:
- SQL code injection
- Cross Site Scripting XSS
- Malicious file upload
- Directory traversal
- Inclusion of local files
- External XML entities
Brute force protection
In this tab, you can configure all the options for people trying to use brute force attacks on your site.
This protection applies, among other security measures, session attempt limits that block an IP when an erroneous password is attempted to be entered multiple times.
Wordfence Country Blocking
With the Premium version of Wordfence we can also directly block the countries from which we receive attacks to our website.
In addition, it provides us with the following options:
- Block countries, even if they are connected to your site.
- Hide access to the login form.
- Block access to the rest of the pages of your website.
In addition to firewalls and malicious visitor blocking, Wordfence offers a wide variety of additional tools for your site including:
Here you can see a complete list of IPs requesting various pages and files on your website, and you can block individual IPs and even entire networks.
Wordfence also uses a color-coded system to show the type of traffic listed: human, bot, warning, blocked.
You can filter the traffic with the following dropdowns:
- All accesses
- Registered users
- Google Trackers
- Pages not found
- Login and logout
- Blocked by firewall
Two-factor authentication (2FA)
Wordfence Security uses two-factor authentication which is one of the most secure forms of remote system authentication used by banks, government and military agencies worldwide. It is recommended to enable it for all administrator level users.
WordPress security is something you should always keep in mind, because no matter how good this platform is, it is not 100% secure.
But if the right measures are taken, through a good Wordfence configuration you will be ahead of all attacks and vulnerabilities that may exist at the time.
For more information about Wordfence you can visit their website. Wordfence.com
Want to learn more about WordPress security? visit our article
Protecting WordPress from cybercriminals