WordFence Security Plugin

The Wordfence Security plugin is included in all Whoosh templates as a security tool to block attacks and to detect when your WordPress site has been hacked (and help you repair any damage).

The plugin has had over 230,000 downloads and it is rated 4.8 out of 5. The plugin author is Mark Maunder

Whoosh and Wordfence

Whoosh sets up your WordPress site with good security and configures Wordfence to keep it safe by a) trying to block threats and b) letting you know when it detects that a hack has taken place.

Whoosh sets up Wordfence with a few changes from the default settings to beef up the detection and protection without consuming too much more resources.

Wordfence has three roles from a security standpoint: to protect, to detect and to monitor. You can use the feedback from the monitoring to improve the protection and detection by changing the settings to address the specific threats that your site faces.

Wordfence Protects

  • Blocks malware and phishing URLs including all URLs on the Google Safe Browsing List in all your comments, posts and files that are security threats.
  • Block common security threats such as fake Googlebots and malicious scans from hackers and bot-nets.
  • Block or throttle security threats like aggressive crawlers, scrapers and bots doing security scans for vulnerabilities in your site.
  • Login security to lock out brute force hacks and to stop WordPress from revealing info that will compromise security.
  • Checks the strength of all user and admin passwords to enhance login security.

Wordfence Detects

  • Scans WordPress core files, themes and plugins against WordPress.org repository versions to check their integrity and see how files have been changed and optionally repair.
  • Scans for signatures of over 44,000 known malware variants that are known security threats and backdoors including C99, R57, RootShell, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Diveand Dx

Wordfence Monitors

  • See all your traffic in real-time, including robots, humans, 404 errors, logins and logouts and who is consuming most of your content. Enhances your situational awareness of which security threats your site is facing.
  • View all traffic including automated bots that often constitute security threats that Javascript analytics packages do not show you.
  • Use reverse DNS and city-level geo-location so you know from where security threats originate
  • Monitor your disk space because some attacks attempt to consume all disk space to create denial of service.

Wordfence Premium

Given that no site is impregnable then detection is, in my opinion, at least as important than protection.

If you require more than daily scanning then you may want to consider the premium versions of Wordfence

Speak Your Mind

*