One effective solution to bolster WordPress website security is the Wordfence Security WordPress plugin. This article will explore how this powerful tool can protect your website from potential risks and ensure a safe online environment. Whether you are new to the world of SEO or an experienced website owner seeking enhanced security, this article aims to guide you through the critical aspects of this plugin.
Contents
Why Choose Wordfence Security WordPress plugin?
Wordfence Security is a comprehensive WordPress plugin designed to safeguard your website from various cyber threats proactively. Its robust firewall is a virtual barrier, blocking malicious traffic and potential hacking attempts.
Wordfence regularly scans your website files, themes, and plugins, identifying and neutralizing any malware, viruses, or suspicious code that could jeopardize your site’s integrity.
With Wordfence Security, you can enforce strong password policies and enable two-factor authentication, making it significantly harder for unauthorized parties to access your admin area.
The plugin allows you to limit the number of login attempts, deterring brute-force attacks and ensuring that only authorized users can log in.
Wordfence Security constantly updates its firewall rules and malware signatures through a real-time threat defense feed, providing your website with the latest protection against emerging threats.
By manually blocking suspicious IP addresses or IP ranges, you can further fortify your website’s defenses and protect it from known malicious entities.
Installing Wordfence Security WordPress Plugin
You can install the plugin using our WordPress Plugin Installation Guide article of our Complete SEO Guide Box.
Search for: Wordfence Security – Firewall, Malware Scan, and Login Security By Wordfence.
Registering
Login to your WordPress Dashboard.
On the left side menu bar, click on [Wordfence].
If you just installed the plugin, a popup window will show. Click [RESUME INSTALLATION].
Another window will pop up asking to register with Wordfence. Click [GET YOUR WORDFENCE LICENSE].
A new browser window will open. On the left, you will see the free plan. Click on [Get a Free License].
Another popup will jump up, asking if you want the free option. Click [I’m OK waiting 30 days for protection from new threats].
Note: The free version is delayed in protecting your site from new threats, viruses, and attacks. It would be best to consider buying the full version plan when your site will get more visitors.
In the “Get Wordfence Free” window, input the email we registered for your site.
“Would you like WordPress security and vulnerability alerts sent to you via email?” click [Yes].
Agree to the terms and click [Register].
The survey window will open. You can click the “X” button in the top right corner if you don’t want to fill it.
Go to your email box in the same browser that the WordPress Dashboard is opened. Find the registration email from Wordfence, then click inside this email on [Install My License Automatically].
This will open the license installation windows of Wordfence.
If you want to install it manually, copy the license key from the email, return to the WordPress windows, and click “Install the existing license.”
Input the email and the key.
Click [Yes] to receive email alerts.
Agree to the terms and click [INSTAL LLICENSE].
You will see a congratulatory popup. Click [GO TO DASHBOARD].
Setting Up Wordfence Security WordPress Plugin
When navigating the Dashboard page for the first time after registration, you will see the top WordPress message about optimizing Wordfence. Click [CLICK HERE TO CONFIGURE].
Wordfence will ask you for a server-side configuration in the new popup window. If you’re unsure, leave the settings as is and [DOWNLOAD .HTACCESS] file to your site’s backup folder with today’s date.
If you have multiple sites on the same server, read the instructions carefully.
If you don’t, click [CONTINUE].
[Close] the successful installation window.
Another WordPress message will be on top of the page asking if you want Wordfence to auto-update. Click “No thanks.” We want to back up our site before any WordPress or plugin updates.
Note: After the installation, the plugin will be in Learning Mode.
Note: You can click the question mark on any feature to see what it does.
On the left menu panel, hover with the mouse cursor over [Wordfence], then click on [All Settings].
Expand “View Customization”.
Make sure these options are enabled:
[V] Display “All Options” menu item
[V] Display “Blocking” menu item
[V] Display “Live Traffic” menu item
This will add more options in the menu under Wordfence on the left menu panel, making it more convenient.
“General Wordfence Options”
[V] Hide WordPress version
If you’re not using Clearfy Cache or our settings for it, make sure you enable this feature. If you do, leave it disabled.
[V] Disable Code Execution for the Uploads directory
“Live Traffic Options”
Traffic logging mode: [SECURITY ONLY]
This is the default option, meaning Wordfence will log into the database only for security-related traffic. It would help if you did not use the [ALL TRAFFIC] options since Wordfence will log ALL the traffic to the database and get big quickly. You don’t want that. Also, we will be using Plausible analytics for logging regular traffic.
Amount of Live Traffic data to store (number of rows): 20
Maximum days to keep Live Traffic data (1-30 days): 1
There was not one time that we used the Live Traffic feature. These settings will reduce the number of entries in the database, making it more responsive and less bloated by the Wordfence plugin.
Click [Save Changes] on the top menu panel.
You may also want to check on the left menu panel the [Wordfence] => [Login Security] settings.
You can enable their 2-factor Authentication and reCAPTCHA for the admin login page.
The default settings for Wordfence should be fine for most users.
If you’re a more advanced user, review the settings and see what you want to edit.
Note: Wordfence scans the site for potential threats or malware regularly. You may check the scanning options and add or remove some options or scheduling.
Wordfence Usage
Use the Wordfence Dashboard occasionally to check for any threats or alerts.
When you see a number in a yellow circle against [Wordfence] in the left menu bar, it means that there are new alerts in [Wordfence] => [Dashboard]. Check the “Notifications” section. When you read the notification, you may apply a fix (if there is any) and close them after that.
On the bottom of the [Dashboard], you will see the number of blocked attacks in the Wordfence Network.
In [Wordfence] => [Scan], you can [START NEW SCAN] at any time.
If any problems are found, you may click on [Details] against that issue to try and fix it.
Make site backups each time you need to apply any of the repairs.
[Wordfence] => [Live Traffic]
There are several tabs in this option on the top of the page. The default tab is [Live Traffic]. Here, you will see all the security-related traffic to your site.
On [Whois Lookup], you can do lookups for domains and IPs without using any external resources.
The [Diagnostics] tab shows you the health of the plugin and some WordPress parts, which you should check occasionally.
[Wordfence] => [Blocking]
You may add custom blocking rules for IPs, User Agents, and more on this page.
If you find any mistakes or have ideas for improvement, please follow the email on the Contact page.