With all of the recent articles about massive coordinated attacks on WordPress sites, I’ve seen tons of advice. Some of it is great, (like changing your passwords to something strong that incorporates a mix of cases within letters and numbers) and some of it is just plain dumb and over the top.
I’ve read every article that pops up on my feeds about the subject, and the one thing that I did take away from all of it is that Wordfence is an awesome plugin. Wordfence is like having a “security center” for your website. I’ve always wondered why WP doesn’t have more security options built in, and this plugin fills the gap. Here is a quick guide on what I like most:
Scanning: The plugin has a very simple interface that allows you to scan your site for known “bad guys”. Run it once a month, just to be safe!
Basic Options: Be sure to add your email address for alerts. I’ve gotten 2 email reminders that plugins are out of date. While it may be a pain to get reminders for some, it makes me set a reminder to keep my client’s sites up to date.
Login Security Options: This is my favorite feature. Using this options panel, you can keep a tight eye on exactly what is happening these days. There are people attacking wordpress servers by attempting to log in with the user name “admin” which everyone has by default, and every possible password combination a machine can calculate. (sometimes called a dictionary attack) With this options panel, you can prevent that kind of attack instantly. The default settings are fine, but you may want to tighten it up even more if you are so inclined.
That’s the end of my “free commercial” for Wordfence. It is a great plugin, and something I’d recommend for anyone with a wordpress site.