Everything You Need To Know About Wordfence Plugin

Summary:  Learn how to install, activate, set up, and use the Wordfence plugin against various security threats to protect your website

Introduction

 

Protect your WordPress website with Wordfence plugin from various hacking attempts. It comprises of malware scanner and firewall to safeguard your site from security threats including:

  • Hacking
  • Malware
  • Brute Force attacks &
  • DDOS

The firewall further filters visitors clicking into your website and obstructs doubtful requests. And the malware scanner scans everything:

  • Core Files
  • Plugins
  • Themes
  • Doubtful Codes
  • Folders uploaded for transformations etc

So don’t waste your time and safeguard your website with Wordfence security at once. Here I will show you how to install and do the setup.

 

How To Install The Wordfence

 

1. Install

 

wordfence

 

The first and foremost step is installing the Wordfence plugin. You can easily install the security plugin with the following easy steps:

 

Login into your WordPress site

 

Once you open your WordPress site you will get to see something as “example.com”. So in place of “example.com”, type your website and ENTER.

 

Your Website Opens

 

There you are. Your website opens up and you need to fill the form giving your details including:

 

  • Email ID or Username
  • Password

 

No sooner than you have entered the details your WordPress site opens.

 

Click On Plugins 

 

Signed into your WordPress account you can administer the website as you want. Open the WordPress Dashboard and click on “Plugins”.

 

Once you click on Plugins a Pop Up containing subdivisions opens up. From there, click on “Add New” and in the search bar type “Wordfence” with NO quotes.

 

Click On Install

 

Click on the option “Install Now” and within a few minutes, the security plugin gets installed on your website.

 

2. Activate

 

wordfence

 

The Wordfence plugin activation page gives you a complete overview of your site’s security settings. You can also get stats and notifications such as:

  • Blocking IP
  • Failed Login Efforts
  • Number of Blocked Attacks etc

To activate the Wordfence follow the steps mentioned below:

  • Sign-in into your WordPress Website
  • Click on Plugins
  • Click on Installed Plugins
  • Click on newly installed Wordfence
  • Click Activate

Once activated the plugin adds a new item in your menu “Wordfence” in the admin bar. Click on it to go to the plugin’s settings. You can follow the documentation for setup and configuration.

 

3. Setup the Wordfence Security Plugin

 

wordfence

 

As I have already discussed in the beginning it (Wordfence) comprises a firewall. The next step in the process of installing the Wordfence plugin is to set up the firewall.

PHP based firewall application delivers protection up to two layers including:

 

Basic Level

 

It is enabled as default letting the Wordfence security plugin to function as “WordPress Plugin”. This implies the firewall gets loaded with other WordPress plugins.

And it safeguards your WordPress site from different threats but misses the threats made to set off before the WordPress plugins and themes getting loaded. For Basic Setup follow the steps mentioned below:

  • Go to Wordfence
  • Click on Firewall
  • Click on the section “Basic Firewall Options”
  • Then “All Firewall Options”

By doing this you get three options which you can set up according to your needs. Have a look at them:

  • Enabled & Protecting – At this mode, the firewall blocks the requests matching with the known attacking patterns thereby safeguarding your website from hackers.
  • Learning Mode – Using the mode you can avert the fake positives on your website.
  • Disabled – As the name implies the function remains off and never runs or analyzes requests in either of the ways.

Choose one and then do the setup.

 

Extended Protection

 

This is the second protection level offered by the Wordfence firewall. It allows the security plugin to function before the WordPress Core, themes as well as plugins.

Extended Protection delivers better protection against complicated security threats to your website.  Here is the process to set up the extended protection level of the Wordfence security plugin:

  • Go to Wordfence
  • Click on Firewall
  • Click on the button “OPTIMIZE FIREWALL”

By doing this you set up the extended protection level of Wordfence. It runs a few tests on the background to sense the configuration of your server. If you feel that the configuration varies from what the Wordfence security plugin has chosen then you can opt for the other one.

Click on “Continue”.

Wordfence now asks you to download the present .htaccess file for backup. For this click on the button “Download .htaccess file”. Click on “Continue” after the backup file gets downloaded.

Now it updates your backup file which lets it run before the WordPress. And you are redirected to the page of “Firewall” where you can view the level of protection as Extended Protection.

Remember the settings for Wordfence are classified into variant sections. Default settings usually work for several WordPress websites. However, review them still and change if you feel the need.

To check this you can scan the Wordfence Page.

 

4. Scan

 

wordfence plugin

 

Open the Wordfence plugin and click on the option “Scan”. Then click on the button “START A WORDFENCE SCAN” below.

Wordfence begins its duty. It will begin scanning the files in WordPress. And then check for changes in sizes of these plugin files and WordPress Core. Of course, the scanning doesn’t end here as it takes into account other things including:

  • Checking doubtful codes
  • Malicious websites
  • Backdoors &
  • Recognized infection patterns

Usually, the scans require many server resources for operation. Wordfence security plugin runs scans as effectively as possible. The time required for scanning the whole varies on the accessible server resources and your amount of data.

On the page of the scan you can view the progress in yellow boxes and mostly it will contain technical information. Don’t panic as you can see the results in Wordfence when the scan completes.

Wordfence security plugin immediately notifies you for any:

  • Infections
  • Doubtful Codes
  • Malware or
  • Corrupted Files

Further, it recommends you take the necessary actions required to fix those problems. It automatically runs scans on your website once in 24 hours. With the premium version of the Wordfence plugin, you can set the scan schedules as you desire. Also, you get access to more advanced options like updated firewall rules and country blocking, etc.

 

Reference source

Thank to WordPress.org

Related articles

Learn about htaccess & 5 problems related to it

Most common Wp-admin problems & how to fix them

Leave a Comment