Been using Wordfence for WordPress security for about two years for my site and all my client’s websites. And I must say I cannot believe I managed to manage my site without before there was such an awesome plugin. It helps me secure and monitor all the sites under my supervision for security issues and potential hacks . There are some many reason I am grateful for their great and free service. Let me give you a couple of examples.
Indispensable Wordfence Newsletter
This might not be a point to start out with as it is not related to the plugin itself, but it motivated me to write this blog post and it saved me a lot of pain. I just updated several sites I maintain for customers. I update sites regularly, but not every day. Even though it is almost every day this is not always necessary. But when I get an email from Wordfence there is a security vulnerability that is used by my client I will asap of course. And that just happened my morning reading about an issue with EWWW Image Optimizer.
Just by subscribing to their newsletter or following their blog you get this news in your inbox whenever there is a critical issue. I read about the issue, went to my iThemes site manager Dashboard and updated all sites where the plugin was installed. So this simple newsletter by email saved my customers and me a lot of pain!
You can subscribe once you installed the plugin from your WordPress dashboard or by going to Wordfence’s homepage and subscribing to the newsletter in the footer:
Automatic Hack & Vulnerability Scan
You can install Wordfence and automatically scan for vulnerabilities and or hacks. You can also do these scans manually. These scans are done on a weekly basis and you get a report sent.
Scan Overview example:
Totally free of charge. Amazing is it not! Sure, you can get the premium version with things like country blocking, frontend scanning, better scheduled scanning, hardened authentication on top, but if you can live without all that for now you already have yourself an awesome security plugin
Wordfence Email Report Example:
When you configured it that way, you can be alerted when there are failed logins and or successful logins and see where they were made from. If you do check these alerts in time it can save you the hassle of someone and hacking into an account and doing serious damage! Alerts also include warnings when there is a new version for plugin x.
Example of an alert:
This is a relatively new feature and really neat as well. You can read about the Wordfence firewall in detail here, but in a nutshell this it what it protects your site against:
- MySQL Injections
- Cross Site Scripting (XSS)
- Malicious File Uploads
- Directory Traversal
- Local File Inclusion
- External Entity Expansion
And there is also the awesome learning mode I use for almost all my sites though configuring it to work well is not always ease for every server configuration. To quote Wordfence learning mode means:
When Learning Mode is active, Wordfence will “whitelist” actions that would normally be blocked, so that they will not be blocked in the future.
More information on the learning mode can be found here.
Cheap and Thorough Hack Repair Service
When you do get hacked and have the free or premium plugin you can get help getting things cleaned up. If you do not have the Pro version it will cost you $179. If you do have the Pro version it is just $120. And believe me, that is cheap. I have dealt with cleaning up websites and it can be quite a bit of work. Yes, I know the creme of the crop will do it quicker, but still. This is a sweet deal!