The problem with all editorial systems is that users install third-party add-ons and plug-ins. Virtually it is very difficult to ensure the security of all code and to prevent CMS as a whole from outside attacks.
Previously, we've shown some tips to help make the site more resistant to attacks. Now we'll show you how to install a security solution that should not be missed on any WordPress site.
Web safety tips that you should not miss:
Learn more on How to secure WordPress without plugins, just using .htaccess file and how to increase security by Changing the URL of the login page screen.
1. Free Antivirus, Firewall and Malware Search - Wordfence protects WordPress sites for free
Wordfence Security is one of the most recommended plugins in WordPress. There is nothing to wonder about. The security extension is reminiscent of antivirus for computers and can protect the web from hackers, brute force attacks and plug-ins that have a security hole discovered. All this in real time and with regular checks that constantly tell you the possible risks and opportunities to defend your website.
Tihis plugin is available both for free and in a paid version. Let´s focus on a free version that offers plenty of features to improve website security.
- In the left column of WordPress administration, click „Plugins“ > „Plugin installation“.
- Enter „Wordfence Security“ into search.
- Click „Install“.
- Activate the plugin by clicking „Activate“.
in the left column of the site administration, the bookmark „Wordfence“ will be added. Once it opens, a window will be viewed. It will require you to enter an e-mail with any safety warnings. You can then skip the license key entry - this option is only available for the Premium version.
After these steps, Wordfence is functional and active.
Are plugins and templates secure? Automatic checks reveal threats.
Wordfence has a great feature in automatic controls. They check the status of the current plug-ins and notify the webmaster of possible threats. Updated plugin and templates are checked – whether the latest version is installed on the site. At the same time, it is possible to check the consistency of the plugins - whether some of their components have been changed and there is no hidden malware in them.
- Go to WordPress administration, click Wordfence in the left column and select „Scan“.
- You can run the new test manually by clicking the button „Start new scan“, or you can go straight to the results.
- A review will be performed and the solution proposal will appear below on the page.
If you've ever encountered a situation where your WordPress site has repeatedly invaded and deleted the content or redirected visitors to a different page, Wordfence is an effective prevention for such situations.
Quick checks on the free version are performed every 24 hours, detailed then every 72 hours and the protection is running continuously. Detailed control planning offers up to a paid version.
Login protection and blocking of suspicious IP addresses
Wordfence automatically detects and blocks IP addresses that are repeatedly unsuccessful trying to log in to the site within a short time span. Such behavior corresponds to frequently used so-called dictionary attacks. Suspicious addresses, according to statistics most often from Russia and the Asian countries, can then block the system and prevent them from further accessing the server.
If you accidentally block someone with administration access, you can manually unblock them. With the link that arrives at the administrator's email, it can not happen that a complete blocking of the web access occurs.
Monitor live traffic to the server
Live traffic where you can see not only a live user, like in Google Analytics, but you can see all of the approaches to your website is an another interesting feature. Including variety of crawlers, robots of search engines and services.
To track live traffic, follow these steps:
- Click Wordfence in the left column of the WordPress administration and select „Tools“.
- Click the bookmark „Live Traffic“.
- The live log with the IP address records and information about the type of visit is displayed. The table shows when it comes to living people „Human“ and when in comes to robots „Bot“.
- To see details, click on the record and find out more about the IP address, and block it if necessary.
If necessary, change the plugin settings and edit it in two places. One of them are so called „Wordfence Global Options“, where different rules settings can be found – e.g when the email notification is to be sent to the administrator.
The second option is an item „All options“, where detailed settings can be made. Form and frequency of regular e-mail reports, or settings for protection against brute force attacks can be made here. Select, after how many unsuccessful attempts the user will be banned or locked. Changing these settings can only be recommended to experienced users and at your own risk.