Since a website has been created, webmasters would like to try every means to maintain the site and protect it from malicious attacks. Thus, WordPress security plugin comes out for this purpose. There are thousands of plugins available for WordPress users to let their sites develop in a secure environment, among which WordFence Security gets the nod so we are going to tell you how to make full use of this powerful plugin.
About WordFence Security
WordFence Security is an enterprise class WordPress security plugin free of charge, popular with millions of users worldwide. Note that, some premium features are only available for paid users. This plugin is specialized in enhancing website security and performance so as to make your website more secure and faster.
It features Falcon Engine which is the fastest caching engine in this field, and this plugin also has the ability to enforce strong password, scan for vulnerability, block malicious network, and so on. In this guide, we will focus on its security functions.
Install and Activate WordFence Security Plugin
As the previous guides have told you, we install this plugin via WordPress dashboard. Log into your WordPress Dashboard and go to Plugins > Add New > WordFence Security plugin. Click Install Now to download this plugin and then activate it soon.
How to Use WordFence Security Plugin
And now, WordFence Security appears on the dashboard sidebar. Move your mouse onto this plugin and then you will see a list of options available. Let’s look into those functions one by one.
Click the first item called Scan. This page tells you a brief introduction about WordFence Scan and gives you several links to other pages that include something more about this function. You can click “Read out scanning documentation” to get an idea on what is WordFence Scan and how does it works. And now, you are required to click the “Start a WordFence Scan” button and start scanning your website.
Note that, the option on the top of this page enables you to determine whether to update this plugin automatically. You can take one of the two options according to your own needs.
After waiting for dozens of seconds, there is a result comes=ing out in the Scan Summary box and the Scan Detailed Activity box. You can check if there is something wrong with your website intuitively. The words in green indicate that the scanned item is secure while the “Paid Members Only” means that this item is only available for paid users. Besides, you are allowed to enable or disable an item scan via Wordfence > Options.
The Scan Detailed Activity shows you how many files, plugins, themes, pages and records have been scanned and how much resource is used for scan. This is great for you to know some particular cases of the website.
Note that, the message “Congratulations! No security problems were detected by Wordfence” means that everything runs well on your site.
This is where to check the website traffic in real time. In this way, once someone accesses to your website, you are able to know the visitor’s hostname, IP address, name, browser type and the landed page immediately. If there is anyone intending to attack your site, you can get his/her information in time and block this IP to prevent malicious attacking.
This setting enables you to block IPs manually. You just need to copy and paste the IP address in the blank. And then, this IP can no longer access to your website. Besides, you can just lock an IP address out from login and check who are held back frequently in recent days. If you determine to unlock all IP addresses, you can click “Clear all blocked IP addresses” or “Clear all blocked out IP addresses”.
Cellphone Sign-in integrates with “Two Factor Authentication” technology and it has been used by many organizations to secure their official sites. With this advanced function, you are required to sign into your website with a password as well as in possession of your cellphone. In this way, even the hackers have cracked your login password, they cannot intrude the website because they cannot acquire your cellphone verification.
However, Cellphone Sing-in is regarded as a premium features and only available for paid users. If you wish to activate it, you need to go to “click here and get a premium Wordfence API Key” and bring this function into effect.
The Country Blocking is also a premium option designed for paid users, which gives you the right to block some countries from accessing to your website. You can customize the message that will come out when the blocked visitors try to enter the site or you can set it as a redirected URL. Besides, some advanced country clocking options are also available for you.
Below the blocking options, all countries in the world are shown in the country list. You are allowed to select all or deselect all by clicking the given buttons. If you just want to block some of those countries, then you are required to check the box near the name of the country.
This is where to schedule when to enable WordFence to scan your website as well as check the current scan time. You can specify the time from Monday to Sunday, morning to night. Perhaps, you are also able to let an automatic schedule on your website. Finally, click Save Scan Schedule to confirm all changes.
Whois Lookup used to know about who is the owner of an IP or domain name, which is a powerful feature and easy to handle. You just need to enter the IP or domain in the blank and then click the “Look up IP or Domain” button. And then, you will get a list of information about this domain, like Registry Domain ID, Registry WHOIS Server, Registrar URL, and so on.
The Advanced Blocking is designed for people who wish to block a range of IP addresses rather than doing this one by one. In addition, it also enables you to block web browsers and referer. Finally, click “Block Visitors Matching this Pattern” button to confirm all settings.
In the WordFence Options, you are able to check your WordFence API Key. The Basic Options allows you to determine whether to enable firewall, login security, live traffic view and automatic scheduled scans. Make a decision according to your own needs and then click Save Changes button.
Besides, there are some advanced options offered to you, including:
- Alerts – If an alert happens, you will receive an email in real time.
- Live Traffic View – You can determine whether to view live traffic and ignore certain IP addresses or usernames.
- Scans to include – Specify the web content that should be scanned.
- Firewall Rules – You can throttle or block certain visitors if they exceed the criteria that you have set up.
- Login Security Options – Strengthen login security by enforcing strong password, limiting login failures, limiting forgot password attempts, and customizing some other settings.
The last step is to click Save Changes.