WordFence security plugin for WordPress websites appears to lock down the site, keep out hackers and destroy malware. Even the free version looks good, but I have paid.
With WordPress so popular, hackers have long targeted weaknesses within the CMS or within individual plugins and themes. There are constant updates just to deal with security weaknesses, meaning you only have to fail to update a theme or plugin promptly and you could be hacked. Spammers and hackers also make multiple attempts to long in using guessed names and passwords.
WordFence closes those doors.
Notifications by email
The plugin scans your site for errors, notifying you when updates are needed or if files have been altered in anyway. It locks out IP addresses that try to log in unsuccessfully several times. You can even set it to immediately block attempts to log in using certain names.
You can also set up a double-secure logging in system so that when you correctly enter your password it sends you a text (SMS) with an additional code that you need to add on the end of your password to complete the log in.
The plugin also scans your site and compares files with those held centrally by WordPress so if a file gets modified – often a sign of intrusion by malware – it notifies you.
Fix it or ignore it
With all of these notices you get the chance to remedy it or ignore it – if you have made the modification yourself, for example.
I saw first-hand the damage these hackers can do when I was asked to help out on a site run by a former student of mine. It took almost a day to clean up the site, free it of malware, delete the additional users that had been created and eradicate the 1000s of extra spam advertising posts that had been created.
Since I have been using Wordfence on this site and on my personal site I have updated plugins and themes much faster and seen just how many attempts are being made daily to log-in to my websites.
Links (new windows)