Coming across the Wordfence Security plugin is probably one of the best things that have happened to my blog.
Being offline for almost a year, I was no longer updated to the latest stuff like WordPress plugins so I was glad that my friend Fracisco blogged about Wordfence because if not for his post, I wouldn’t have known about the plugin or it could’ve taken me longer to find out about it.
For those who aren’t familiar with this plugin, Wordfence Security is an enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more stuff. Here’s a video introduction:
To give you a better idea on how extensive this plugin is, check out the complete list of features:
After reading the complete set of features and trying it out on my blog, Wordfence instantly became one of my all-time favorite and recommended plugins. By installing Wordfence, I was able to get rid of some plugins that provided individual features that were already incorporated in Wordfence – Exploit Scanner, Login Lockdown, WP Ban, WP Firewall and WP Security Scan. I think it was also a blessing in disguise because not only were those plugins redundant but some of them haven’t been updated for more than two years so their code could be outdated and make them useless. Another advantage of installing Wordfence is by having just one plugin to do all these functions, I can cut down on the overhead caused by installing multiple plugins and still maintain the security on my blog.
So how much is it you ask? It’s 100% FREE! There is however a Premium version ($39/year) that gives users these extra features – Cellphone Sign-in, Remote Scans, Country Blocking, Frequent & Scheduled Scans, Premium Support and Scan Core, Theme and Plugin Files. But for most users, the free version is more than enough and provides one of the best security features & protection for any WordPress blog.
I’ve been using Wordfence for over a month now and so far I haven’t had any major issues with it. The features I like most about it are the Scanning, Live Traffic, Firewall, Login Security (enforce strong passwords, lock out login failures, lock out after specified number of forgot password attempts, lock out invalid usernames, hide valid users in login errors and prevent users registering admin username if it doesn’t exist), Alerts (critical problems, someone is locked out from login, IP address is blocked, lost password, administrator account logs in, non-admin user logs in) and other options such as Hide WordPress version, Scan comments for malware and phishing URLs and Check password strength for user accounts.
Live Traffic is a cool feature that allows you to see your website visitors in real-time. Unfortunately, I had to disable it because it’s a bit IO extensive as it logs traffic used in querying the geographic database to figure out visitors location. If you want to try it out, just enable it and see how it works then disable it again when you’re done.
Mark Maunder, one of the co-founders of Wordfence Security (the same person who discovered the TimThumb zero day vulnerability) was kind enough to provide me with a Premium license for this review, so I have access to the Premium Features such as Frequent Scans and Cellphone Sign-ins. However I had to disable Frequent Scans because the scan results were logged in the database and in time, the accumulated data resulted in a bigger database size. Instead, I scheduled it to perform a scan once a week. I still haven’t decided whether I should enable Cellphone Sign-ins because I already enabled password protection on my WordPress installation.
Overall, Wordfence Security is an awesome plugin and a must-have for any WordPress-powered website. It’s easily one of the best security plugins out there for both free and premium markets. It’s also the only security plugin that can repair WordPress core files, themes and plugins on sites that have already been hacked or compromised.
Like I mentioned earlier, Wordfence Security is now one of my favorite plugins and I highly recommend it to anyone who uses WordPress. But then of course, not all users have the same resources, preferences or needs so it may or may not be the right security solution for you. The best thing to do is try it out yourself and install it on your website. If you do, make sure the configurations are setup properly and that you only enable the features/options that you need. Because Wordfence uses quite a bit of the server resources, it’s not ideal to use on a shared hosting environment where resources are limited.
Based on user reviews that I’ve read, one thing that caused a bit of a problem was uninstalling the plugin. After uninstalling it, the database tables created by Wordfence were not removed. Users had to manually remove it themselves which can be a difficult task for some users. I haven’t tried uninstalling it yet so I don’t know if this issue has already been resolved in the latest version.
You can download Wordfence Security from the official WordPress plugin repository
So what do you guys think of Wordfence Security? Anyone else using it on their WordPress-powered websites? What feature/s do you like most and what new features would you like to see added in future updates? Please share your thoughts via the comments section below.