If I built your WordPress website for you, chances are you have WordFence security software installed on it. WordFence has never let me down and does an amazing job securing your website from potential threats such as malware and hacking. At the time of this post, it has been downloaded almost 23 million times.
WordFence is a best-in-class security plugin that protects WordPress websites from security threats behind the scenes. It can make a website up to fifty times faster, with the Falcon Engine setting turned on, and infinitely more secure.
It’s open source software and 100% free to use, however, there is also a premium API that you can purchase for added features and support.
How WordFence protects your site.
Watch this short video to find out more about the WordFence software:
Does it really work?
In two words – you betcha!
Most of my clients never see the work it does, because they would be bombarded with notifications in their inbox letting them know that it has thwarted yet another hacking attempt.
I get many of these notifications daily for my clients’ sites. I know if clients were getting the notification sent to them, many would absolutely freak out, unnecessarily, on a regular basis.
The sad truth is, every WordPress website gets such attempts made on it – a lot! I have yet to find a website where this doesn’t happen – big or small. The fact that I receive notifications of these attempts tells me that WordFence is doing its job and stopping the bad guys.
And, with all the good it does protecting websites, every now and then I get a client that deactivates it and I have to ask myself why?
Perhaps it is because they don’t understand just what kind of work it does behind the scenes. So, let’s take a look at just a few of the many awesome features it offers.
Wordfence Security is a free enterprise class security and performance plugin that includes a very fast caching engine, firewall, anti-virus scanning, cellphone sign-in (two factor authentication), malicious URL scanning and live traffic including crawlers. Wordfence is the only WordPress security and performance plugin that can verify and repair your core, theme and plugin files, even if you don’t have backups.
Brute-Force login protection.
This is by far the area where I see WordFence working the hardest for my clients’ websites. Hackers are constantly trying to break into websites across the globe by trying thousands of passwords on each site.
You may think, that’s crazy, who has time for that! But, they aren’t sitting there doing it manually. They use automated scripts or a group of automated scripts to continually try to hack a site.
Once a hacker has gained access to your website they will sometimes leave malicious malware behind.
WordFence regularly scans your database, files, posts and comments for things such as backdoors, DNS changes, malicious code and files, and URLs listed as dangerous by Google.
It will alert you when updates are needed and it will detect when files have changed, which will give you the opportunity to remove any infected files or repair any unauthorized changes.
If you were to get WordFence notifications (and again, many of my clients don’t because the volume of them, and their sometimes “scary” messages, would be pretty unnerving to someone who wasn’t familiar with WordPress security) you would notice that many attacks come from specific countries or regions.
With WordFence we are able to block any country where attack attempts seem to be originating from aggressively.
Web application firewall.
WordFence also offers a firewall that recognizes known vulnerabilities with rule-sets and stops them immediately. Many time hackers will attack such known vulnerabilities, including zero-day ones, which means they are not yet publically known, as well as known ones. WordFence’s advanced and constantly updated algorithms help thwart these attempts.
Other benefits of WordFence.
On top of the already mentioned features of WordFence, it also offers things such as:
Rate-based throttling and blocking
Hacker recon protection
Check for spamvertising
Advance blocking techniques
Scans core files, themes, and plugins
Scans for the HeartBleed vulnerability
Detects and reports out of date plugins and themes
Limits the number of retry attempts on logins
Locks out IP addresses that are attempting brute force attacks
IP whitelisting and blocking
Email alerts of warnings and critical issues
Live traffic reporting (Use this with caution, as it can slow your site and jam your server. I keep it turned OFF by default.)
More information on these features can be found by visiting this WordFence infographic.
Some of these features are included in the free version and others are included in the premium version. But, even the free version gives your website some super-serious protections that make disabling it like gambling with your website’s security.
Why people want to hack your website.
Many people mistakenly think hackers would have no interest in their site because they are small or don’t have anything valuable like credit card information for hackers to find. But, more often than not, that is not the reason they are trying to gain access to your site.
Often times it’s not the website itself that they want, instead, they are trying to gain access to the web server it sits on. From there they are able to use the server to “mine” digital currencies or to mask their identities for other online actions they are doing and want to hide.
Sometimes they want access to use your server to send our a gazillion spam emails, making them hard to trace back to the original sender. Spam makes many people money, sadly, and the person who pays the price is the website owner when their servers get blacklisted as spam sources.
They will also use your server to insert links into your pages to sell things. Most of the time these links are not visible for people to click on and are injected simply to be visible to search engines to help the destination websites move up in rankings.
Read more about who is hacking your WordPress website.
WordFence has been called number one by many in the top three security plugins of all time. It is followed by iThemes Security, another very good security plugin which I have used on a couple of servers that did not play nice with WordFence for some reason or another, and Bulletproof Security.
Chances are your website is your livelihood. You can’t protect it personally 24/7, so you need to make sure you use all available avenues to keep it protected. Unless you are turning off WordFence in favor of a different security software I have to wonder why would you risk it?
Have you decided to not use WordFence for some reason? Has WordFence “saved your bacon” more than once? Feel free to share in the comments section below.