I’ve been using the Wordfence plugin on my site for about a year and I’m both impressed by it’s capabilities and shocked by the incredible number of hacking attempts on my site that it reports. This plugin really should be standard for any and all WordPress sites in my opinion.
First and foremost, this is a security plugin – it protects your site from hacks, malware and viruses. It scans your site when you first activate it and continues to scan it regularly. It checks your wordpress source code against the main repository to ensure that it has not been tampered with, it makes sure that your user passwords are strong and that your plugins are up to date, and so on and so on. You’d be hard pressed to find a more complete solution to lock down your site.
As part of the security process, it locks out IP addresses that have too many log in attempts, can black list IP addresses to prevent access completely and also allows you to block access from at the country level if you like.
It also has a really interesting “Live View” mode that shows you where the currently active sessions have come from and what they are looking at.
On top of all this, it also has a caching engine built in called Falcon. This means that it will speed up your site without the need for additional plugins such as W3 Total Cache or WP Super Cache.
What I like most
I like the alerts and the regular report that it emails me. I get the following alerts:
- An email when anyone logins in and the IP address of the login
- An email when a IP address is locked out for having too many failed logins (these can get pretty crazy and so they can be switched off)
- An email when plug ins are out of date or any other issue from a scan
The weekly report is also fantastic and I am always shocked at how many attempts to hack into my site there are each and every week.
Here’s the Top 10 blocked IPs… 256 attempts from the same IP this week?
Here’s the Top 10 countries who have been blocked – even though it says the USA, I suspect these are just where the access points are based (e.g. Amazon or Azure).
Top 10 failed logins – just this past week.
As you can see, this little plugin is a very effective and useful shield against a whole array of security issues that your WordPress website is facing every single day.
How much does it cost?
The basic product that does plenty is free. The premium version has some additional blocking options and a few other advanced features but it is still only $39 per year.
Go get it.