More than a third of all websites in the world today run on WordPress. This makes the popular content management system one of the most attractive targets for hackers and malware. A solid security plugin is therefore mandatory to protect your own data, ensure the security of visitors and avoid possible performance problems due to attacks. The market for security plugins is large and diverse. One of the most comprehensive and popular plugins, which integrates both a good scanner and its own firewall, is Wordfence. The tool is available to users in a free version and a licensed and thus paid version. But what can the plug-in really do, how easy or complicated is the configuration and is the licensed version worth it?
What is Wordfence?
Wordfence is one of the most popular security plugins for WordPress, with well over 20 million downloads of the tool to date. The smart application combines a number of security features that can be configured individually and according to individual requirements via an interface. Whether you need the paid or free version depends on the purpose and personal needs. The paid version contains more features and the firewall rules and the malware database are also updated in real time in the licensed version.
Why is Wordfence so popular?
Hacker attacks or malware can cause much more than just data loss or performance problems. In this way, hackers can spy on website visitors’ data or place malicious scripts on the website, which subsequently cause problems on users’ end devices. In addition, a website that has been attacked can be added to the Google blacklist. As a result, the website is no longer found on Google, which in turn leads to a significant loss of traffic on the website. Although it is possible to resubmit the website to Google after an attack, there is no guarantee that the original ranking will be restored. All these threats make installing a reliable security plugin a necessity. Wordfence scores here on the one hand with a solid free version and with a clear interface. This makes it possible for website operators who are not security experts to configure and maintain the plug-in themselves.
Premium or Free?
Wordfence is one of the best free solutions when it comes to WordPress security. Even the free version of the plug-in has a good firewall, extensive monitoring and a large number of functions for scanning files and links. The tool also offers its users the ability to repair corrupted files and block suspicious links. However, if you need real-time monitoring, you should go for the licensed version. The premium version also offers the advantage of two-way authentication, with customer service also available for problems and questions.
The most important features at a glance
The strengths of the plug-in lie in its versatile range of functions and the tidy interface. Wordfence dives deep into the system and tries to find vulnerabilities and suspicious activities. Problems that arise during a scan are displayed in the overall overview. In this section, users can also find the number of logins, as well as blocked IP addresses and attacks. Necessary measures to improve the security of WordPress can be derived from this information, with the plug-in offering suggested solutions to the problems found. Administrators are also notified of the individual incidents via email. Exactly this point is often criticized by experts, since Wordfence sends a large number of e-mails depending on the configuration, but not every suspicious case found requires action.
Scanning files and links
The plugin scans files, checks them for changes and compares the files with those in the Wordfence database. URLs in comments and articles are also checked. The links are compared with Google Safe Browsing. It is therefore not possible to smuggle harmful links into the website via the comment function. If unknown files or changes are found, Wordfence will display them on the overview page at the end of the scan. In addition, suggested solutions are offered to the user. It is thus possible to restore files to their original state or to repair or delete the affected file. Premium version users also have the option to scan public areas, with signatures updated in real time in the paid version. Since a scan can negatively affect the performance of the website, the plug-in also offers the option to start the scan at a specific time, for example when there is less traffic on the site.
Wordfence has a solid firewall enabled by default. The firewall is initially in the so-called learning mode. The system initially learns which users are unwanted and which are allowed access. This makes it possible to filter for unwanted users so that they do not even get to the website. The learning mode is automatically deactivated after one week. In addition, the firewall detects malicious uploads, cross-site scripting, SQL injections and dangerous bots and blocks their access. Wordfence obtains the list of current threats from the Threat Defense Feed. However, the list is only updated every 30 days in the free version. Again, those who want constant updates will have to resort to the licensed version.
In a brute force attack on the log-in area, hackers try to illegally gain access to a website. In the course of the attack, different combinations of username and password are automatically tried. Once the attacker is on the website, he has the website under his control. To minimize such attacks, the plug-in offers the option of limiting the number of possible log-in attempts. The default setting is 20 attempts within 5 minutes. If all attempts were unsuccessful, the user will be blocked by the system. To increase security, the number of attempts allowed can be reduced to 5 or 10.
Wordfence is one of the most popular WordPress security plugins and rightly so. The plug-in already has a considerable range of functions in the free version. Even installing Wordfence alone significantly improves the security of WordPress, although some individual configuration settings should be made for optimal protection. All those who are interested in the professional version in particular should therefore have at least basic knowledge of Internet security. With a little configuration work, comprehensive and sustainable protection against unwanted attacks can be created within a short time.