Are you concerned about the security of your WordPress sites? Do you think that WordFence should be part of your WordPress stack?
I used to watch WordFence webinars during the pandemic and I really enjoyed learning security tips from them
They discover vulnerabilities inside some of the most used plugins by the WordPress community, so they definitely bring value to the community.
I suggest subscribing to WordFence newsletter so you keep yourself informed about the most recent vulnerabilities
These are my thoughts about the WordFence plugin.
Table of Contents
Business Tactics: WordFence
I think that WordFence is the king when it comes to security. Patchstack is probably the second best and Solid Security is in the third position right now.
We don’t hear much about Sucuri these days.
Web security plugins capitalize on the fear of WordPress users, especially those users whose knowledge about security can be summarized in installing a plugin and activate every single feature in them.
WordFence is no the exception. The more afraid WordPress users are, the more money they will make.
In a sense, it is not their fault. WordPress users read a weekly newsletter summarizing the top vulnerabilities and they are like, I better buy this security plugin because one of my site plugins might have a vulnerability.
If you don’t deactivate notifications, you will notified about every tiny action the plugin took and you will feel like all anonymous hackers are attacking your websites
WordFence cares about security but it is still a business like every other company out there.
WordFence is the Perfect Solution
WordFence and WordFence premium is the perfect solution for those users who don’t understand or who don’t understand the basics of WordPress security.
If you need to focus on other aspect of your business, you don’t want to understand what an SQL injection is, you probably need WordFence.
Before you Buy WordFence Premium
If you are thinking about buying WordFence Premium and you are using a cheap shared hosting provider, you are not that smart.
I suggest moving your site or sites to a reliable hosting provider like Cloudways and implement some of my security recommendation for Cloudways
Also remember that WordFence or WordFence Premium won’t save you from dumb decisions such as using nulled plugins or using the same password in all services you use.
WordFence: Brute Force Protection
I recommend using a super strong password, something that you won’t be able to memorize.
Something like this:
tHMn5wki@P2j5$OZBPp2zw$mbve4L6DhWWTngUv3&$f
If you use a password like that one, you won’t get hacked in this life or the next one
Complex passwords are difficult to crack.
WordFence has brute force protection for two main reasons:
- They assume you are dumb and you are probably using “admin” as password.
- They don’t want brute force attacks to stress the server.
If IP’s are blocked out after two to five attempts, you have nothing to worry about.
Five attempts are not enough to crack your password or bring the site down.
Also you can add Two Factor Authentication in case your password gets leaked on the internet.
Firewall Rules
WordFence is protecting you from all vulnerabilities they have discovered.
They keep adding new rules as new vulnerabilities come up.
This is a screenshot of some of the many WordFence rules.
Real-Time Live Traffic
Real Time Live Traffic is a nice feature to have but if you don’t control yourself and keep staring at the bots coming to your site, you are gonna spend hours trying to block these threats.
This live traffic will make you say “I am gonna buy WordFence Premium, all hackers are after me and my site”
What you can do with the help of Real-Time Live Traffic is to find patterns among the bots and attacks and create rules to block them
Keep in mind that WordFence has an intelligence team monitoring IP addresses linked to malicious attacks so they can block bots that you are not aware of.
Can’t Afford WordFence Premium?
These are some recommendation to keep you safe:
- Block access to PHP files. if you have an static or informational website, your visitors don’t need access to those files.
- Don’t use that many plugins, the more plugins you have, the more you have to worry about.
- Don’t use plugins or themes who have shown vulnerabilities in numerous occasions.
- If you use CloudFlare, create firewall rules to protect your site.
- Get a decent hosting provider.
- Don’t install nulled plugins.