Implementing basic security measures on your WordPress site is essential to keeping your site up and running. Over time plugins get abandoned and new vulnerabilities get discovered making it important you have a good plugin to handle these things for you. Wordfence is one such plugin.
In this article, we’re going to go over how to secure a WordPress site using the Wordfence plugin.
Installing the Plugin
First, click “Plugins” and then “Add New”
Search for the “Wordfence” plugin then click “Install Now” and then “Activate”
Enter Your Email Address and Agree to the Terms and Conditions
Enter Your Premium License Key if You Have One
The Wordfence plugin is now installed. You should now see a new “Wordfence” option on the left hand side of the screen. Click on this to open the dashboard. You will see any important notices at the top of the screen. Since this is our first time in Wordfence, the firewall needs to be configured and auto updates turned on.
Click “Yes, enable auto-update” and then “Click Here To Configure”
To Optimize the WordPress Firewall First Select Your Web Server and Then Click “Download .HTACCESS”, Then Click “Continue”
You Should Receive an Installation Successful Message
Click “Firewall” on the Left and then “Manage Firewall”
On this screen, you can configure options such as brute force protection/login rules, password strength requirements, and block fake google bots.
Generally, the default options are fairly secure but you may wish to look at the Brute Force Protection area and tighten up the login security by reducing the number of allowed login attempts or setting up a longer lockout time.
Run Your First Scan
Click “Scan” on the Left and Then Click “Start New Scan”
You Can See the Results of the Scan Towards the Bottom of the Page
The security scan will detect malware, detect DNS changes, and look for abandoned plugins/plugins in need of updates in your WordPress installation. For more information on individual issues Wordfence detects, click “Details” next to each entry.
Setting up the Wordfence firewall and running a security scan is a great first step to securing your WordPress installation. Make sure run regular scans to verify all of your plugins are up to date and no new issues are detected. Finally, think about upgrading to Wordfence premium. WordPress premium adds functionality such as spam checks, site reputation checks, better malware scanning, and real-time IP filtering data.
If you're looking for WordPress hosting, here are some reviews of the best WordPress hosting services.