Want to add a layer of security and protection to your WordPress site?
As we all know WordPress is the most popular content management system in the world and there are many who use it as their platform to publish their content (32% of sites are created by WordPress)
Due to its great popularity, it is preferred by hackers and hackers more than other platforms.
Fortunately, there are plenty of security add-ons available to help you protect your site from these attacks.
Wordfence It is one of the popular WordPress plugins that helps you secure your site and protect it from hacking attempts.
In this article, we’ll show you how to easily install and setup the Wordfence security extension on your site.
What is a Wordfence extension? How do you protect your site?
Wordfence is a WordPress site security and security plugin that helps you protect your site against security threats like hacking, malware, DDOS, and brute force attacks.
It comes with a powerful firewall, which filters traffic to your site and blocks suspicious requests.
It has something like a malware scanner that scans all WordPress core files, templates, plugins, files and media uploaded to your site and suspicious code.
This helps you to easily clean your site if it has been hacked.
The basic Wordfence extension is free, but it also provides Paid version It gives you access to more advanced features such as country blocking, constantly updated firewall rules, scheduled scanning of your site, etc.
Now let’s see how to install and set up the Wordfence extension easily to get maximum protection and security for your site.
Steps to install and setup the Wordfence extension on your site
The first thing you need to do is to install and activate the Wordfence Security extension on your site.
This is done by going to (Plugins >> Add New) from the WordPress Dashboard.
Click on Add New at the top of the page, then type the name of the Wordfence plugin in the search box, then install and activate the plugin.
Upon activation, a new item called Wordfence will be added to your site’s dashboard menu.
Clicking on it will take you to the extension’s settings control panel.
This page shows an overview of the extension settings on your site.
You will also see notifications and security stats like last IP bans, failed login attempts, total blocked attacks, etc.
Wordfence settings are divided into different sections.
The default settings will work automatically, but you still need to review and change them if necessary.
Let’s start the scan first.
Check your site with the Wordfence extension
Go to (Scan << Wordfence) from the control panel, then press the “Start Scan” button
Wordfence will now start scanning all your site files.
It will look for changes in the file sizes of WordPress core and major plugins.
It will also look inside files to check for suspicious codes, malicious URLs, etc…
These scans usually need a lot of server resources to run but Wordfence does an excellent job of managing the scans as efficiently as possible.
The time it takes to complete the scan depends on the amount of data in your site, and the available server resources.
You will be able to see the progress of the scan in the yellow boxes on the scan page.
Most of this information will be technical however you don’t have to worry about the technical stuff.
Once the scan is finished, Wordfence will show you the results.
It will notify you if it finds any suspicious codes, infections, malware, or corrupted files on your site.
It will also recommend actions that you can take to fix these issues.
The Wordfence extension automatically performs complete scans on your site once every 24 hours.
The paid version of the extension allows you to schedule a scan of your site for your convenience.
Create a Wordfence Firewall
Wordfence comes with an application firewall, which is a PHP application level firewall.
The Wordfence firewall provides two levels of protection, the basic one which is enabled by default, allows it to work as a WordPress plugin.
This means that the firewall will be loaded with the rest of your WordPress plugins.
This can protect you from many threats, but you will miss out on the threat protection that is designed to work before you load your site template and other plugins.
The second level of protection is called Extended Protection, which allows Wordfence to run before WordPress core files, plugins, and themes, and this provides stronger and better protection from more advanced security threats.
Here’s how to set up Extended Protection.
Visit the Firewall << Wordfence page and click on the Optimize Firewall button.
Wordfence will now run some tests to reveal your server’s configuration settings.
Then Wordfence will ask you to download the current .htaccess file as a backup.
Click on the “Download htaccess” button and after downloading the backup file, click on the “Continue” button.
Wordfence will now update your .htaccess file which will allow it to run before WordPress, and you will be redirected to the firewall page where you will now see the protection level as “Extended protection”
You’ll also notice a “Learning Mode” button when you first install Wordfence, which is to tell the extension how you and your users interact with your site to make sure it’s not blocking legitimate visitors.
After about a week, it will automatically switch to “Enabled and Protecting mode”
Monitor and prevent suspicious activity with the Wordfence extension
The Wordfence extension displays a very useful history of all requests made to your site.
You can view it by visiting (Tools << Wordfence) and from the Live Traffic page you can see the list of IP addresses requesting different pages on your site.
You can block individual IP addresses or even entire countries from this page.
You can also block suspicious IP addresses manually by visiting the (Firewall << Wordfence) page
Advanced settings and tools in the Wordfence add-on
Wordfence is a powerful add-on with lots of useful options.
You can visit the All Options << Wordfence page to review all the available options.
Here you can selectively turn features on and off.
You can also enable or disable email notifications, checks for your location, and other advanced settings.
On the (Login Security << Wordfence) page you can run a password audit to ensure that all users on your site are using strong passwords.
From the (Tools << Wordfence) page you can run a search whois Scans for suspicious IP addresses and displays diagnostic information to help correct problems either in the extension or on your site.
Paid version users can add Wordfence Also setting up a two-factor login to enhance login security on the site.
Wordfence or Sucuri which is better?
Some may ask is Wordfence better or Sucuri?
Sucuri It is another WordPress security plugin that comes with a firewall to scan your site and remove malware.
Wordfence and Sucuri are great options for improving the security of your WordPress sites.
However, Sucuri may have some advantages that give it some advantage over Wordfence.
One of these features is the Location Application Firewall WAF
Wordfence is an application-level firewall, which means it runs on your own server.
On the other hand, Sucuri’s add-on firewall is a DNS level firewall meaning that all traffic to your site goes to the private cloud proxy as well before reaching your site.
This helps Sucuri prevent DDOS attacks more efficiently and also reduces the load on your site’s server resources.
In the end, we hope that this article will help you learn how to install and properly configure the Wordfence extension for use on your site.
And if you have any questions regarding adding Wordfence, please leave it to us in the comments below the article and we will be happy to answer it 🙂