How to Setup WordFence
The popularity of WordPress has attracted the attention of scammers and hackers. Many of them seek to get access to user information on your website or use your website to infect user computers. Luckily, the WordPress is proactive and has come up with solutions to tighten security and keep out the bad guys. One of the leading solutions is using the Wordfence Security Plugin to secure your WordPress website from intrusion.
WordFence security protects your website by doing these 3 things:
- Puts up a firewall that shields your website from known attacks. WordFence keeps track of offending IP addresses and this allows them to shield you before it happens,
- WordFence Security scans and monitors your website files for changes that may be manipulated
- WordFence Security protects the WordPress login pages by blocking traffic that may try to attempt a number of passwords.
Install WordFence Security
The first thing you need to do is install WordFence Security in your WordPress site. Head over to Plugins -> Add New and type ‘Wordfence Security’ into the search field then hit enter.
Next, click on the install button next to WordFence in the search results and activate it. When you activate it, you’ll see the WordFence menu in the left navigation. You’re now ready to go through set up.
Email Alerts
The first thing we’ll set up is the email address that will receive security alerts as things happen. Remember WordFence Security monitors your website and will notify you if there’s something important going on.
WordFence Premium
You may not be ready to upgrade to WordFence premium but I wanted to mention it here for completeness. WordFence premium provides even more protection. These include the firewall shield and malware signatures that quickly detect any intrusion.
Scan Your Website
Like I mentioned earlier, WordFence Security comes with a scan feature. Let’s run the scanner now. Find WordFence in your admin tab (lower left area) and click on Scan. The WordFence scan searches for malware, malicious links, and patterns of infections. It does this by examining all of the files, posts, and comments on your website. It also checks your server and monitors your site’s online reputation.
WordFence will show you the progress of the scan as it finds things to look for. Most of what you see may be too technical but you don’t have to worry about it at this time. At the end of the scan, WordFence will show you the results and what actions you may need to take.
WordFence Firewall
WordFence is equipped with an application firewall (as opposed to server-level firewall). This firewall provides protection and 2 levels.
Level I provides protection is enabled by default and runs like any plugin would.
Level II provides extended protection and this is achieved because WordFence can run before the rest of WordPress loads. This helps catch attacks on your website before the attacks have any impact on your website.
Go to WordFence -> Firewall and click on Manage Firewall button. On the next page under Protection Level, click the Optimize button.
On the popup screen, select your server configuration and download the .htaccess backup file. If you’re not sure what your server configuration is you can go with the one that has been pre-selected for you or ask your web host. Lastly, click Continue.
Login Security Settings
WordFence beefs up security around your login pages because this is a vulnerable access point. The first setting in this section is turning two-factor authentication for the different user roles. If you have multiple groups of users it may be a good thing to enable 2FA for them.
WordFence also gives you the option of enabling Google reCAPTCHA on login pages. You’ll need to obtain the site key and secret for the reCAPTCHA before you can use it here and it free.
How to Setup WordFence: Final Thoughts
I hope that this how to setup WordFence walk through was helpful. WordPress security and protection is important for any WordPress website. Keeping your website secure will not only keep things running smoothly but also help you avoid unnecessary downtime. When your website gets infected it can take hours and even days to clean it up and get back online. Take a moment and set up your site’s security following this guide. It only takes a few minutes. I hope you enjoyed this short how to article. Go to my how to page for more!