Wordfence is a WordPress security plugin that acts as a website firewall. It provides security to your website in many ways, so if you are concerned about your website security (we all should be), you can Wordfence or other popular WordPress security plugin. We are recommending Wordfence here because it is very easy to set up, user-friendly and we love it. Here is how you can get started with Wordfence:
- Log in to your WordPress admin area and install the “Wordfence Security – Firewall & Malware Scan” plugin.
- Once your installation is complete, you will see a congratulations box. You will also see a box to enter your email address. You will need to enter your email address agree to their terms and condition. If you would like to join their mailing list, click on Yes if you don’t want to receive emails from them, then click no. Then click on the “Continue” button. You will receive the alerts and notifications directly to your email.
- Now Wordfence will ask you for a Premium License key. We will be using the free version of wordfence. So, click on the “No Thanks” link from the bottom. The setup will be complete.
- Scan Full Website: After the installation, we can now scan the full website. Keep your full account backup first, then go to Wordfence > Scan and click on the “START NEW SCAN” button to begin your full website scan. You will see the scanning progress on the scan detail window.
If the scan detects malicious files on your website, you will be given the choice to either delete the files or restore it to the original version. Keep in mind that if you remove some necessary files by accident, your whole site might go down. That’s why we recommend you keep a backup of your website.
- You can find the scan result of your site in the bottom. For example, if you need to update any plugin that you have installed, you can see it here. You can also manually mark the issue as fixed if you think it is already fixed.
- Login Security: Wordfence features many login security options including 2-factor authentications. Set up your login security by going to Wordfence > Login Security. You can configure 2FA here using any TOTP-based apps such as Google Authenticator. You can also modify the Login Security settings from the settings tab.
- Security Alert Setup: The default security alerts that Wordfence sets up during the initial setup is pretty useful. But you can also manage what alerts you receive to your email that you have specified right after the installation. To manage security alert settings, go to Wordfence > All Options and then click on the “Email Alert Preferences” option. You will see all the settings to set when you might want to receive the security alert email. For example, if you want to be alerted when an IP address is blocked by Wordfence, then you can select that option. Similarly, if you want to be notified when an Admin account logs in from a new device, then you can enable that option. After you have made the appropriate changes, click on the “Save Changes” button on the top to save the changes.
By following those simple steps, you are well ahead of most of the other WordPress users on securing your website. As WordPress is the most used CMS throughout the world, it is also a popular target for many attacks. So, taking proper measures to protect your website is the most important part. Now that you know how to add basic protection to your WordPress website, you can continue building your website without worries.