WordPress is a flexible and widely used platform. Unfornianetly this comes with a big drawback, a lot of sites using the same system means it is profitable to write an exploit for it. One vulnerable plugin can be enough to get access to your site or the data of your customers. Wordfence is a security plugin that provides you with a set of features to restore your confidence. Let’s take a quick look at those features.
This plugin contains free and premium features, making this a very accessible solution for your basic security needs. Wordfence is a firewall that runs on your WordPress installation itself, not in the cloud. This results in fewer ways to circumvent the firewall itself. Since this firewall runs before anything else is loaded on your site, practically all traffic has to pass this security check. When this firewall notices a suspected activity, it will actively block any connection from that user. This will for example minimize the impact of a DDoS-attack on your site.
But Wordfence is not only a firewall, but it also packs a security-scanner. This scan evaluates the state of your server, detects common misconfigurations, and checks plugins and themes for possible security risks. This way you can handle a security risk before it gets used against you. If the scanner finds a vulnerability with a high risk, you can be notified by email.
There is one more feature that makes this the #1 security-plugin in our opinion, the login security module. WordPress allows you to easily add and edit the content of your website, all you need to do is to log in and you can start right away. By default, the only security check before you have access to your dashboard is your password. Of course, it’s possible the make this password as secure as possible (by using a password manager for example), but let’s be honest; you can do more to protect your data. Wordfence gives you a lot of options to make your login more secure, specifically the 2fa integration is a must in our opinion.
Two Factor Authentication makes sure that a user can’t just use a password to log in. There is also a 6-digit code required which is unique and time-based. There are apps for almost every mobile platform that supports 2fa codes, so making your phone part of the security of your site is a piece of cake. Improving security does not always go hand in hand with user-experience but since you and your visitors rely on your website, this is a small price to pay.