I should actually say Wordfence is a “great” and “wonderful” WordPress plugin, but that almost takes away from my intention of describing it as a solid and steady security app and resource.
Many years ago, I waded into the deep waters of website security. Not surprisingly, the water was a bit cold and so I would, much like a spring lake, get in and get out and feel good that I had at least tried. At the time I used to hand-code websites (with PHP etc.), and so my interest in security was third party and “cloud” based.
But time marched on, and my work changed from hand-coding to primarily working with the WordPress platform. I found I could still use cloud-based firewalls and monitoring systems. However, these solutions were costly, and some of my clients simply couldn’t afford them. I decided to come up with a solution to this issue by offering a three-tier security plan. Simply put, a no-cost plan, a low-cost plan, and a high-end plan. The high-end plan was already figured out, but the other two required another toe-dip/hip-wade/full dive into the cold and vast waters of WordPress website security.
I did a lot of reading and testing. I ended up narrowing my search based on three important needs:
- Non-invasive. I wanted the security plugin(s) to be as “non-intrusive” as possible. I know this sounds like a strange thing, but it seemed there was a level of chaos that could possibly happen with a security plugin if it embedded itself too much.
- Simple. The plugin(s) needed to be simple to set up.
- Room to grow. I wanted plugin(s) that I could “grow into.” Much like WordPress you simply don’t know everything, but over time you learn many things and solid things that work really well for you.
Enter Wordfence. It was simple to set up, not terribly intrusive, and there was potential to expand my knowledge of website security—ongoing.
Wordfence is a different type of security. It is what is referred to as endpoint rather than cloud-based. Wordfence has written several blog postings – Moving to Endpoint Security for WordPress – about this and describes it as “… a device on a network that a human interacts with, as opposed to the network itself.” With endpoint security, I am an active participant and my knowledge continues to grow. This is important because security is ongoing and forever.
And that brings me to the next thing I like about Wordfence: their security knowledge and investment isn’t contained within the confines of WordPress. They frequently blog about what is happening on a much larger scale, such as New WannaCry Ransomware and How to Protect Yourself and Check if Your Home Router is Vulnerable. I like the fact that they don’t just give back to the WordPress community, but to great Internet community. Share, share, share. It is how the good-guys win.
One of the most useful tools that Wordfence offers is located under Options: Immediately block the IP of users who try to sign in as these usernames. I add test, admin, and the name of the website. Just those three entries block a lot of malicious login attempts. Over time, I look to see what the failed logins are (listed in the Dashboard) and add them to the list. Just one of the many easy tweaks you can make.
Back to the no-cost plan…this website, Three Loud Crows, is secured based on my no-cost plan. I do that on purpose to ensure that what I offer works for me as it would for a client. Though my plan contains several weapons in my arsenal of website security, Wordfence does a fantastic job and continues to evolve and inform.
P.S. It should be noted that I was not prompted to write this blog post on behalf of Wordfence, nor am I an affiliate or being paid. I just simply like the plugin. I encourage you to try it (free or paid). It will help you to learn more about what you need to know to protect your website.