Making sure your WordPress website is safe and secure should be one of your top concerns. Whether you manage your website yourself or hire someone to do it – make sure your website is secure!
WordPress is a very popular platform (for good reason) but with that popularity comes risk. Security vulnerabilities can happen on WordPress websites that neglect to keep WordPress (core), plugins, and themes up to date. But this isn’t the only avenue malicious attackers can take – they can attempt to brute force attack your WordPress usernames and password, or by using SQL injection attacks for example.
While there isn’t a single solution or action that will keep your site 100% safe, there are a lot of great plugins that can help. And one that we at Novem Designs, LLC love to use is Wordfence.
Wordfence has both a free and premium version (1 API key for a single WordPress website for 1 year will run you $39.00 – as of July 2015). You should evaluate your website, your budget, and the different features of the versions to decide which version will be best for you.
If one WordPress site running Wordfence is attacked, the attacker is blocked and all other sites also running Wordfence block that attacker.
The quote above is taken directly from the Wordfence website- and is really what makes this plugin one of our favorites. Shared information across sites to help stop a threat before it happens.
While that alone is a great feature, check out some of the other features that Wordfence offers.
- Real-time security network
- Scan core, theme, and plugin files
- Repair files
- Scan content for bad URLs
- Real-time traffic shows hackers
- Real-time view of crawlers
- Scan for known malware
- Scan for hundreds of backdoors
- Includes a complete firewall
- Rate limit rogue crawlers
- Block IP‘s and manage blocks
- Intelligently block networks
- Block fake Googlebots
- Block brute-force attacks
- View top content leeches
- Monitor disk space
- Enforce strong passwords
- Check existing passwords
- Scan for DNS changes
- Get detailed IP info
- Track IP‘s to their source
That’s a pretty good list. And the best part? All of those features are included in the free version of the plugin. The premium version includes all of that and more.
Wordfence Premium Features
- Cellphone sign-in
- Advances comment spam filter
- Check if site is Spamvertized1
- Check if site IP is generating spam
- Remote scans
- Country blocking
- Frequent scans
- Scheduled scans
- Premium support
The image below is from a blog I manage using Wordfence as part of the security. Wordfence logs the 404 pages that some people land on. The great part about this is you can actually see failed attempts at trying to exploit WordPress, themes, and plugins.
The image blow shows two very common attacks that failed because everything on this site is up to date and secure.
There is no single plugin that will keep your WordPress website safe and secure. Wordfence is just one of many tools that are available to help you sleep better at night. In our minds, here at Novem Designs, we feel this is one plugin that really makes a difference. If you’re not using it, you should highly consider doing so today.