Now that you have installed Wordfence using our quick-start guide, I’d like to share a little more detail on how to improve the security of your WordPress site. First I’ll introduce myself: I’m Mark Maunder, creator of Wordfence and the founder and CEO of Feedjit Inc.
Once you’ve activated Wordfence it has two functions. The first is to continually monitor your site and to protect it from humans and robots who are trying to harm your site in any way. The second is to scan your site approximately every hour. I’m going to chat about each mode of operation separately, first I’ll cover the continuous protection that Wordfence provides.
Continuous traffic monitoring
WordPress is an amazing publishing platform, there’s simply no getting away from that fact. One of the things that makes WordPress amazing is the number of themes and plugins available for it. Last year my personal blog was hacked using a security hole in a WordPress theme. I worked with the author and with the WordPress team to fix this vulnerability and then created Wordfence to make sure this never happened to me or anyone else ever again.
Wordfence knows that themes and plugins may contain vulnerabilities so it monitors how remote humans and automated bots access your website. If it detects that someone is scanning for a hole in one of your themes or plugins, it automatically blocks that IP address from accessing your site. This paragraph describes only one of the kinds of continuous monitoring that Wordfence does to secure your WordPress site. Here are a few more:
- Wordfence blocks fake Google crawlers. These are often robots that are either stealing your content or scanning your site for security holes.
- Wordfence blocks anyone that accesses your site too quickly. Very fast scanning is a common heuristic that attack bots share.
- We block anyone who is generating page not found errors too quickly. If someone scans your site for security holes, they almost always generate a large number of page not found errors in rapid succession.
There are many more traffic related options available in the “Firewall Rules” section of the Wordfence configuration and you can decide what you would like to do with someone (or something) that breaks one of your rules. You can either block them or “throttle” them which temporarily limits their access.
Continuous login monitoring
To further enhance your WordPress site’s security, Wordfence monitors login activity.
[TIP: You can view login activity on your site in real-time in the Live Traffic section of Wordfence.]
Looking at the live login activity on your site, you’ll quickly realize how many failed login attempts you receive. Wordfence monitors these and will lock out any attempts to brute force guess your WordPress password or WordPress usernames. Wordfence enhances your WordPress login security by:
- Locking out users after too many login failures.
- Locking out users after using the forgot password form too many times.
- Optionally locking out anyone who uses an invalid username.
- Preventing WordPress from giving hackers information about what usernames may exist on your system.
There are several other mechanisms we’ve built into Wordfence to protect you in real-time. Wordfence checks passwords to make sure they’re strong enough as soon as they’re changed. It also scans WordPress comments as they arrive to make sure they don’t contain any malware or phishing URL’s. If you are participating in the WordFence security network, Wordfence will also block any IP addresses that our network is reporting as behaving maliciously.
Hourly scanning for maximum WordPress security
The strongest security that Wordfence provides is through it’s regular scanning of your site which happens approximately every hour.
Core files, themes and plugin scans
Wordfence is no ordinary WordPress security plugin. We maintain a cluster of high performance servers in our data center just outside Seattle to assist with scanning your website. On these servers we keep a full copy of every version of WordPress ever made, every plugin and every theme in the WordPress repositories. When Wordfence scans your site, it compares your core files, themes and plugins with what is in our repository and reports any changes to you. (Theme and plugin scanning requires a premium API key)
You can then compare the files on your site with the original versions in our archive to see what has changed. You can even repair any changed files that a hacker may have damaged. Wordfence is the only plugin in existence that gives you this level of diagnostic information and control.
Scanning for malicious files and malicious code in your entire WordPress base directory
Once Wordfence has checked your core, theme and plugin files, it checks if you have any known malicious files on your WordPress installation by examining their hash signatures. Then Wordfence does a deep scan of every file in your entire WordPress base directory. This scan checks for data that is associated with malicious activity like encoded backdoors and vulnerabilities.
Scanning WordPress posts and comments for malicious URL’s
One of the worst things that can happen to your site is that it gets listed on the Google malware list. This usually happens because you link to a known dangerous site. Wordfence continually scans all your files and your posts and comments for any URL’s that are listed as dangerous on the Google Safe Browsing list.
We don’t stop after a comment or post has been scanned once, but instead we continually scan your comments and posts because the known list of dangerous sites continually changes.
We don’t stop there…
Wordfence also scans your site’s entries in DNS (the domain name system) to make sure they haven’t been altered and alerts you about any changes. We also check for out of date plugins and themes and we even monitor your site’s disk space for a little extra protection.
The Wordfence team is constantly working to make our software more effective at protecting your site. You will see regular plugin updates and we update the software and scanning data on our cloud servers more frequently. If you don’t already have Wordfence, get it now to get a more secure WordPress website.