Installing and Setting Up of Wordfence Security in WordPress

Wordfence security plugin can be referred to as a full time Antivirus and Firewall package for WordPress. It offers complete protection to your website from various attacks. Wordfence will also prevent you from SEO blacklist of Google.

Don’t have backups? Wordfence can repair hacked files, even if you don’t have backups. Some of the other impressive security features offered by this plugin include:

– Login brute force protection

– Hiding WordPress version number

– Blocks fake google crawlers

– Many More

The plugin is powered by cloud scanning servers of Wordfence based in Seattle. Your files will be verified against originals by a clean copy of each WordPress core version, plugins and themes released  in the WordPress repositories. A cached copy of the Safe Browsing list of Google is also preserved, which gets updated in real-time and later on used for your scans.

Wordfence security plugin is a hot favourite among most webmasters and WordPress users for securing a site. Easier to configure, the plugin with more than 1.8 million downloads has an average rating of 4.9/5 on WordPress repository.

Crucial Features of Plugin:

– Checks for out of date themes, plugins and core files

– Compare core WordPress files against the originals in the repository

– Scan for known malware files

– Scan, DNS for unauthorized changes

– Compare plugins and open source themes against originals.

– Scan for weak passwords

– Scan files outside your WordPress installation

– Scan your site for the HeartBleed vulnerability

– Scan files, posts a comments for URLs in Google’s Safe Browsing List

– Scan file contents to look for any backdoor, virus, malware, trojan, posing potential danger URL or vulnerability.
– Check disk space to prevent any kind of DDos attack.

The Brute-Force Log-In Protection:

– The feature locks out users post detecting a specific number of failures.

– Immediately locks out invalid usernames.


– Immediately blocks fake Google crawlers.

– Blocks anyone that gains access to your website too fast.

– Blocks anyone generating ‘page not found errors’ too fast.

Hiding WordPress Version

This is a free version of Wordfence that automatically scans all files and database tables of website once in a day. Thereafter, it alerts you through email in case of an intrusion. When you upgrade to the paid version of wordfence, you benefit from two-factor authentication (sign-in via cell phone). It also provides you with country blocking features. Both are very effective in stopping brute force attackers in tracks. If you want to know deeply information about this plugin, feel free to ask us :

Standard Options

Step 1: After installation, go to your Wordfence options in the side menu.

Step 2: Enter your email address to receive alerts.

Step 3: Uncheck Enable Live Traffic View (a nice feature that allows you have a look at real time activity of your website but also leads to slow down page load time).

Step 4: Select “Use PHP’s built in REMOTE_ADDR…” from the drop-down menu.

Step 5: Select ‘all options’ Under Scans.

Step 6: Under “Firewall Rules” section, you may set different rules for humans and crawlers trying to misuse your website. For instance, when someone breaks one of your rules, simply “block” them or “throttle” them. This restricts their access with an SEO safe 503 (come back later) HTTP message on a temporary basis.

Note: The firewall rules must set carefully based on the type of traffic.

Setting Up Firewall Rules – Some Tips

– Customize setting for your website in case you choose to limit the rate at which the site can be accessed.

– Setting ‘high’ values for human visitors works if your users skip quickly between pages.

– Set page view limit to a ‘high’ value for crawlers if your website gets aggressively crawled by non-Google crawlers such as Baidu.

– Are you under attack? This calls for an immediate aggressive protection to your website or your content, you can set low values for most options.

Note: Wordfence usually doesn’t recommend blocking fake Google crawlers unless there’s a specific serious problem with an individual stealing your content.

Other Login Security Options

Here’s what you should keep in mind about the following security options:

Whitelisted IP addresses that bypass all rules – Strictly avoid touching this option unless you have a static IP address that does not change.

WordFence Security Network – Participating in the WordFence security network? The wordfence will instantly immediately block all attacks originating from an IP address that has already attacked other WordPress sites.

As final step, click ‘Save Changes’.

Run Scan

Go to ‘Scan’ available under the ‘Wordfence’ menu. Start security scan.

After the scan is complete, you need to address the issues it finds. These appear at the bottom of the page.

Related Posts

Leave A Comment

You must be logged in to post a comment.