WordFence Review: Love it or Leave it

Updated on:

Are you concerned about the security of your WordPress sites? Do you think that WordFence should be part of your stack?

I used to watch WordFence webinar during the pandemic and I can tell that they are very knowledgeable people.

They discover vulnerabilities inside some of the most used plugins by the Wordpress community.

I suggest subscribing to its newsletter so you keep yourself informed about the most recent vulnerabilities

These are my thoughts about the WordFence plugin.

Business Tactics: WordFence

I think that WordFence is the king when it comes to security. Patchstack is probably the second best.

We don’t hear much about Sucuri these days.

Web security plugins capitalize on the fear of WordPress users, especially those users whose knowledge about security can be summarized in installing a plugin and activate every single feature they have.

Wordfence is no exception to this. The more afraid WordPress users are, the more money they will make.

In a sense, it is not their fault. Wordpress users read a weekly newsletter summarizing the top vulnerabilities and they are like, I better buy this security plugin because one of my site plugins is next.

If you don’t deactivate notifications, you will notified about every tiny action the plugin took and you will feel like all anonymous hackers are attacking you.

WordFence care but it is still a business like every other company out there.

WordFence is the Perfect Solution

WordFence and WordFence premium is the perfect solution for those users who don’t understand or who don’t understand the basic of WordPress security.

If you need to focus on other aspect of your business, you don’t want to understand what an SQL injection is.

If you are one of those types of users, WordFence can protect you better than everyone else.

Before you Buy WordFence Premium

If you are thinking about buying WordFence Premium and you are using a cheap shared hosting provider, you are not that smart.

I suggest moving your site or sites to a reliable hosting provider like Cloudways.

[sc name=”cw” ][/sc]

Also remember that WordFence or WordFence Premium won’t save you from dumb decisions such as using nulled plugins or using the same password in all services you use.

WordFence: Brute Force Protection

I recommend using a super strong password, something that you won’t be able to memorize.

Something like this:

tHMn[email protected]$OZBPp2zw$mbve4L6DhWWTngUv3&$f

If you use a password like that one, you won’t get hacked in this life or the next.

Complex passwords are difficult to crack.

Strong Password

WordFence has brute force protection for two main reasons:

  • They assume you are dumb and you are probably using “admin” as password.
  • They don’t brute force attacks to stress the server.

If IP’s are blocked out after two to five attempts, you have nothing to worry about.

Five attempts are not enough to crack your password or bring the site down.

Also you can add Two Factor Authentication and Recaptcha.

Firewall Rules

Wordfence is protecting you from all vulnerabilities they have discovered.

They keep adding new rules as new vulnerabilities come up.

This is a screenshot of some of the many WordFence rules.

Firewall Rules

Real-Time Live Traffic

Real Time Live Traffic is a nice feature to have but if you don’t control yourself and keep staring at the bots coming to your site, you are gonna spend hours trying to block these threats.

This live traffic will make you say “I am gonna buy WordFence Premium, all hackers are after me and my site”

What you can do with the help of Real-Time Live Traffic is to find patterns among the bots and attacks and create rules.

The Ultimate Managed Hosting Platform

Keep in mind that WordFence has an intelligence team monitoring IPS linked to malicious attacks so they can block bots that you are not aware of.

Can’t Afford WordFence Premium?

The Ultimate Managed Hosting Platform

These are some recommendation to keep you safe:

  • Block access to PHP files. if you have an static or informational website, your visitors don’t need access to those files.
  • Don’t use that many plugins, the more plugins you have, the more you have to worry about.
The Ultimate Managed Hosting Platform
  • Don’t use plugins or themes who have shown vulnerabilities in numerous occasions.
  • If you use CloudFlare, create firewall rules to protect your site.

More about WordPress Security

The Ultimate Managed Hosting Platform

I hope that you have found this WordFence review useful

These are some posts about WordPress security that you might like:

  1. Hacking Attacks will Never Stop
  2. BBQ Firewall Pro Review
  3. Patchstack Professional Plan Review
  4. Protect your WordPress Site with CloudFlare Firewall Rules
  5. SG Security: SiteGround Security Plugin
  6. WordPress Security without Plugins
JM

Sobre Jose Manuel

I am José Manuel. I am writing about things I know and things that I am learning about WordPress. I hope you find this blog useful.