How to Secure a Wordpress Site with Wordfence

Implementing basic security measures on your WordPress site is essential to keeping your site up and running. Over time plugins get abandoned and new vulnerabilities get discovered making it important you have a good plugin to handle these things for you. Wordfence is one such plugin.

In this article, we’re going to go over how to secure a WordPress site using the Wordfence plugin.

Installing the Plugin

  1. First, click “Plugins” and then “Add New”

How to Secure WordPress using Wordfence

  1. Search for the “Wordfence” plugin then click “Install Now” and then “Activate”

How to Secure WordPress using Wordfence

  1. Enter Your Email Address and Agree to the Terms and Conditions

How to Secure WordPress using Wordfence

  1. Enter Your Premium License Key if You Have One

How to Secure WordPress using Wordfence

Initial Configuration

The Wordfence plugin is now installed. You should now see a new “Wordfence” option on the left hand side of the screen. Click on this to open the dashboard. You will see any important notices at the top of the screen. Since this is our first time in Wordfence, the firewall needs to be configured and auto updates turned on.

How to Secure WordPress using Wordfence

  1. Click “Yes, enable auto-update” and then “Click Here To Configure”

  2. To Optimize the WordPress Firewall First Select Your Web Server and Then Click “Download .HTACCESS”, Then Click “Continue”

How to Secure WordPress using Wordfence

  1. You Should Receive an Installation Successful Message

How to Secure WordPress using Wordfence

  1. Click “Firewall” on the Left and then “Manage Firewall”

How to Secure WordPress using Wordfence

On this screen, you can configure options such as brute force protection/login rules, password strength requirements, and block fake google bots.

Generally, the default options are fairly secure but you may wish to look at the Brute Force Protection area and tighten up the login security by reducing the number of allowed login attempts or setting up a longer lockout time.

How to Secure WordPress using Wordfence

Run Your First Scan

  1. Click “Scan” on the Left and Then Click “Start New Scan”

How to Secure WordPress using Wordfence

  1. You Can See the Results of the Scan Towards the Bottom of the Page

How to Secure WordPress using Wordfence

The security scan will detect malware, detect DNS changes, and look for abandoned plugins/plugins in need of updates in your WordPress installation. For more information on individual issues Wordfence detects, click “Details” next to each entry.

Setting up the Wordfence firewall and running a security scan is a great first step to securing your WordPress installation. Make sure run regular scans to verify all of your plugins are up to date and no new issues are detected. Finally, think about upgrading to Wordfence premium. WordPress premium adds functionality such as spam checks, site reputation checks, better malware scanning, and real-time IP filtering data.

If you're looking for WordPress hosting, here are some reviews of the best WordPress hosting services.

Check out these top 3 WordPress hosting services:

Was this article helpful?