Security, WordPress

Wordfence for Beginners


wordfence for beginners header graphic with white text against blue fence
Keeping your WordPress website secure should be a top priority. After putting in all that work to design, promote, and launch your WordPress site, you don’t want to lose all of your content in an attack. A simple way to protect your WP site is with the Wordfence security plugin. 

What Is Wordfence?

With over 3 million installations, Wordfence is one of the most popular security plugins for WordPress sites. It includes a firewall and malware scanner designed for WordPress. The plugin also comes with a variety of additional features from two-factor authentication to blocking IP addresses. It allows you to manage every aspect of your WordPress security easily. And, there’s a free version so you don’t have to pay extra to keep your site secure.

Advantages of Wordfence

Wordfence comes pre-installed in pair WP hosting plans so, we know one or two things about it. There are many advantages to using the plugin. Essentially, it offers an easy way to implement and manage a large variety of security features:

Firewall

The Wordfence firewall is designed and maintained specifically to protect WordPress sites. The firewall functions to identify and block malicious traffic before it can reach your site. After you enable the Wordfence firewall, your server will deploy the firewall code before it runs your site’s PHP code. This allows the firewall to thoroughly analyze all requests to access your site before any traffic can reach it. The firewall operates extremely fast because it runs before your database connects and your website can load. Potentially harmful traffic gets stopped at the firewall while friendly users and crawlers can continue on to your website with no problems.

Virus Scanner

The Wordfence plugin also comes with a virus scanner, which scans for malicious code in all of your WordPress files. Wordfence scans for several different things including: 

  • Malicious code
  • Backdoors left behind by hackers
  • Shells installed by hackers
  • Known malicious URLs
  • Known patterns of infections

The scan will also examine your existing posts, pages, and comments for harmful code. You can conduct these scans manually and see the results immediately after the scan is completed. Or you can schedule virus scans in advance and receive the results by email or when you next log into your WordPress site. 

File Repair

When you receive your Wordfence scan results, it will tell you what action to take to resolve any issues uncovered during the scan. One of the options includes file repair, which will replace the affected file with an original copy of the file. If you’re worried about losing any custom code you added to the file, you can create a backup before repairing it. 

IP Blocking

With Wordfence, you can block suspicious IP addresses. An IP address identifies a specific computer or server connected to the internet. If you notice repeated attempts to hack your site from the same IP address, you can block that address entirely with Wordfence.

Two-factor Authentication

One of the most effective security measures to use on your WordPress site is two-factor authentication. Two-factor authentication requires you to both enter your password and use your phone to verify your identity before logging into your account. You can enable two-factor authentication through the Wordfence plugin. 

Email Notifications

Email alerts are another feature of the Wordfence plugin. If your WordPress site is experiencing a security issue, you’ll quickly receive an email alert about the problem from Wordfence. You can configure your alert settings to include notifications when a user is signed in or if there’s an increase in attacks on your site. The email notifications allow you to act quickly in the event of a security emergency.

It’s free! 

The Wordfence plugin is free, but a paid version with more advanced features is also available. Wordfence premium is $99 for a whole year and comes with reputation checks and country blocking. Both the free and paid versions are good options for securing your WordPress site.

Getting Started with Wordfence

Wordfence is easy to use and installs the same way as other WordPress plugins.

Step one: Installation

  1. First, log into your WordPress admin account. 
  2. Then, navigate to the left-hand menu and choose Plugins > Add New
  3. Search for wordfence in the plugin search bar. 
  4. Find the Wordfence Security – Firewall and Malware Scan plugin in the results and click Install Now.
  5. Once the plugin finishes installing, click on the Activate button (previously the Install Now button). 
  6. A popup will then appear where you can enter your email address. This is the address Wordfence will use to send alerts and updates to. Enter your email address and click Continue. 
  7. The final popup will ask for your premium license key. If you purchased Wordfence premium, enter the key here. If you want to purchase Wordfence premium, click Upgrade to Premium. And if you want to use the free version, click No Thanks. 

Now, you’re all set with the plugin!

Step two: Navigate Settings

Most of the Wordfence defaults shouldn’t require any changes, but there are a few settings that you should update with your preferences. One of the most important things you should do in your Wordfence settings is enable automatic Wordfence updates. 

To do this, go to Wordfence > All Options in your dashboard menu. Then, go to Wordfence Global Options > General Wordfence Options. Check the Update Wordfence automatically when a new version is released box to make sure your plugin stays updated. Keeping your plugins upgraded to the latest version is essential to your site’s overall security and performance.

Next, you should verify where you want Wordfence to send email notifications. Go to Wordfence Global Options > General Wordfence Options. You can enter your email address for where to send email alerts here.

Last, you can set up manual or automatic scans in the Scan Options > Scan Scheduling dashboard. By default, your scans should be enabled to run automatically. This allows Wordfence to run the scans when they choose, which is usually once a day. 

Step three: Your First Scan

When you’re ready to run your first Wordfence scan, go to Wordfence > Scan on your WordPress dashboard. It should give you the option for a tour of the plugin. Just click next to get the tour or close out of the tour popup. Then, click Start New Scan and wait for it to finish scanning your site. It will tell you when the scan is complete so then you can scroll down to the Results Found tab. In the results section of your scan, you can see what issues the scan uncovered and what you can do to fix them. 

Step four: Enable Firewall

By default, the Wordfence firewall should be enabled to run as a WordPress plugin or Basic WordPress Protection. If you want to make the firewall more secure, you can switch to Extended Protection. With Extended Protection, the firewall will deploy before your PHP files. To turn on Extended Protection, go to Wordfence > Firewall and click the Manage Firewall button. Then, click on the Optimize the Wordfence Firewall button. A popup will appear with a lot of text that you should read if you have more than one WordPress installation running on your site. If not, click Download .htaccess then click Continue. Another popup should appear to tell you that you were successful, which you can close out of.

Now, you should be good to go with WordPress security! All you have to do now is pay attention to any Wordfence security alerts and issues that may arise. You can also continue exploring other security features that come with Wordfence like two-factor authentication. 


All pair WP hosting plans come with Wordfence pre-installed! Get started today for only $14.95/month!