Wordfence Security – Firewall & Malware Scan
THE MOST POPULAR WORDPRESS FIREWALL & SECURITY SCANNER
Wordfence includes an endpoint firewall and malware scanner that were built from the ground up to protect WordPress. Our Threat Defense Feed arms Wordfence with the newest firewall rules, malware signatures and malicious IP addresses it needs to keep your website safe. Rounded out by 2FA and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available.
WORDPRESS FIREWALLWeb Application Firewall identifies and blocks malicious traffic. Built and maintained by a large team focused 100% on WordPress security.
[Premium] Real-time firewall rule and malware signature updates via the Threat Defense Feed (free version is delayed by 30 days).
[Premium] Real-time IP Blacklist blocks all requests from the most malicious IPs, protecting your site while reducing load.
Protects your site at the endpoint, enabling deep integration with WordPress. Unlike cloud alternatives does not break encryption, cannot be bypassed and cannot leak data.
Integrated malware scanner blocks requests that include malicious code or content.
Protection from brute force attacks by limiting login attempts.
WORDPRESS SECURITY SCANNERMalware scanner checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections.
[Premium] Real-time malware signature updates via the Threat Defense Feed (free version is delayed by 30 days).
Compares your core files, themes and plugins with what is in the WordPress.org repository, checking their integrity and reporting any changes to you.
Repair files that have changed by overwriting them with a pristine, original version. Delete any files that don’t belong easily within the Wordfence interface.
Checks your site for known security vulnerabilities and alerts you to any issues. Also alerts you to potential security issues when a plugin has been closed or abandoned.
Checks your content safety by scanning file contents, posts and comments for dangerous URLs and suspicious content.
[Premium] Checks to see if your site or IP have been blacklisted for malicious activity, generating spam or other security issue.
LOGIN SECURITYTwo-factor authentication (2FA), one of the most secure forms of remote system authentication available via any TOTP-based authenticator app or service.
Login Page CAPTCHA stops bots from logging in.
Disable or add 2FA to XML-RPC.
Block logins for administrators using known compromised passwords.
WORDFENCE CENTRALWordfence Central is a powerful and efficient way to manage the security for multiple sites in one place.
Efficiently assess the security status of all your websites in one view. View detailed security findings without leaving Wordfence Central.
Powerful templates make configuring Wordfence a breeze.
Highly configurable alerts can be delivered via email, SMS or Slack. Improve the signal to noise ratio by leveraging severity level options and a daily digest option.
Track and alert on important security events including administrator logins, breached password usage and surges in attack activity.
Free to use for unlimited sites.
SECURITY TOOLSWith Live Traffic, monitor visits and hack attempts not shown in other analytics packages in real time; including origin, their IP address, the time of day and time spent on your site.
Block attackers by IP or build advanced rules based on IP Range, Hostname, User Agent and Referrer.
Country blocking available with Wordfence Premium.
InstallationInstall Wordfence automatically or by uploading the ZIP file.
Activate the Wordfence through the ‘Plugins’ menu in WordPress. Wordfence is now activated.
Go to the scan menu and start your first scan. Scheduled scanning will also be enabled.
Once your first scan has completed, a list of threats will appear. Go through them one by one to secure your site.
Visit the Wordfence options page to enter your email address so that you can receive email security alerts.
Optionally, change your security level or adjust the advanced options to set individual scanning and protection options for your site.
Click the “Live Traffic” menu option to watch your site activity in real-time. Situational awareness is an important part of website security.
To install Wordfence on WordPress Multi-Site installations:Install Wordfence via the plugin directory or by uploading the ZIP file.
Network Activate Wordfence. This step is important because until you network activate it, your sites will see the plugin option on their plugins menu. Once activated that option disappears.
Now that Wordfence is network activated it will appear on your Network Admin menu. Wordfence will not appear on any individual site’s menu.
Go to the “Scan” menu and start your first scan.
Wordfence will do a scan of all files in your WordPress installation including those in the blogs.dir directory of your individual sites.
Live Traffic will appear for ALL sites in your network. If you have a heavily trafficked system you may want to disable live traffic which will stop logging to the DB.
Firewall rules and login rules apply to the WHOLE system. So if you fail a login on site1.example.com and site2.example.com it counts as 2 failures. Crawler traffic is counted between blogs, so if you hit three sites in the network, all the hits are totalled and that counts as the rate you’re accessing the system.