OK, you may probably be thinking that this is yet another “article” about WordPress security. That’s about right actually as I do have quite a few of them here already. Nonetheless, this post will provide more alternatives on how to protect your WordPress site and go a step further, that being how to “clean up” your site in case it gets hacked (true case study).
To avoid being repetitive about what you need to do and not to do, I suggest you read the following articles when you get the chance. From these articles you will learn the essentials of securing your WordPress sites, such as making backups, using strong passwords, making use of free CDN services, and never using “admin” as your username, among other things.
- WordPress Security For Blogs and Small Business, Why care?
- Best Security Plugins For WordPress, Protect Your Online Business
- About malware and hacked sites – Google’s Official Hack Help Site
Now for the case study..
My Blog is “Tiny” and They Don’t Care?
Wrong. Just to give you an example, recently a mom-blogger emailed me asking for help. Anyway, her blog has been injected with the MW:SPAM:SEO hack. The result was that Google marked her site as being compromised. Her source code had links pointing to other sites about that “blue pill that starts with a V.., among others”. This was made possible by an installation of a lesser known plugin that had the malicious code in it. The malicious code altered some WordPress core files and finding them was no easy task, until…
WordFence Plugin to the Rescue
This plugin literally helped me fix the issue. After running a scan with WordFence, minutes later it detected the malicious code on one plugin and the core file that was altered. From there, it asked me if it was an authorized modification or not. In this case, they were not authorized modifications, so I opted to restore the original WordPress core file and the plugin responsible for injecting the code. Seconds later, voilá, WordPress core file restored and malicious code gone. Some days later, the message from Google saying “site may be compromised” was no longer there. Cool!
So about WordFence…
Wordfence Security is a free enterprise (premium version available) class security plugin that includes a firewall, anti-virus scanning, cellphone sign-in (two factor authentication), malicious URL scanning and live traffic including crawlers. Wordfence is the only WordPress security plugin that can verify and repair your core, theme and plugin files, even if you don’t have backups.
Wordfence is now Multi-Site compatible and includes Cellphone Sign-in which permanently secures your website from brute force hacks.
Wordfence is part of Feedjit Inc. which is based in Seattle, Washington. Wordfence was founded by Mark Maunder and Kerry Boyte who have over 40 years combined experience in Software Engineering and CyberSecurity
OK. Did you notice that part that is bold? Does it really work? Well, I’m telling you right now that it does. That is how I fixed the mom-blogger’s issue.
Here’s a quick demo. I’m not going to mention every feature here as there are simply too many of them. Just head over to their site and WordPress repository and from there you will find all the documentation info you need about WordFence.
Just a side note. Please don not neglect your WordPress sites security. You may think that no attempts are being made on your site, but truth to be told, I am convinced that it is in one way or another. WordFence helps you protect your site, but as with anything else, is not a full proof 100% guaranteed protection. It makes the job of hackers more difficult, and that is what you are aiming for. If for some reason WordFence can not help you get rid of problems, you may want to seek for professional help.
Need more alternatives? Here’s an infographic courtesy of wptemplate.com. It contains a list of popular security plugins.
That’s it, and be safe! Have you tried WordFence before? What security measures are you using?
Martin
Every once in a while I find a golden nugget when comes to increasing the efficiency and speed of our WordPress site, your tutorial is one of the best “golden nuggets” I’ve come across. Thank you for all the time and effort in putting this together!
Tom
Thanks for this great plugin. Even with the best tools, I think it’s a good habit to backup your site regularly. It could save you from those hackers and the mess you create on accident π
Drew Tracy
I second Martin’s comment. Sometimes these posts come across my reader that stop me in my tracks and make me say (I never even thought of that). Not that I’ve never thought about internet security but for some reason I figured my lowly blog brand site wasn’t at risk.
John Gibb
hi DiTesco
Wow, the only WP plugin who can repair themes and plugins even if we fail to back-up our files? Sounds amazing…
I use Secure WordPress at the moment, but Wordfence Security sounds much better, I’m going to give it a try soon.
I cannot neglect security, as just recently got a major site hacked, so from now on, all my niche blogs and authority sites are going to be protected like never before…
Best!
Jason
We used to use wordpress for our site awhile back but after having had it hacked so many times, we decided to just re-do our page from the ground up. I wish we had seen this post BEFORE that.
Liz McGee
Wow, there’s a lot of choices for security software?
I’ve heard a lot of good things about Wordfence and this post just confirms some of its benefits.
Security is more of an issue than ever and it’s so important to keep our work safe and secure.
Thanks DiTesco,
Liz π
Welcome Liz. I agree, security is no longer just an issue or option, but rather, something that must be in place. Can’t stress enough the importance of it..
Nhick
Hmm, lots of options here.. nice lists and cool infographics..
Really appreciated blog and I’ ll try to implement these security options for my blog . I like most your explanation way through infographics..
I normally use Secure WordPress plugin for my blogs . Never knew that we have that much of choice in security category . Going to look on it now π
Karan
Wow, this plugin surely has some cool features and a two factor authentication feature definitely helps in restricting unauthorized access.
Nope, I haven’t tried WordFence before but I do use a Firewall plugin that has saved me from numerous hack attempts. I also use a limit login attempt plugin, do not use Admin and have a pretty good password.
Hi Peter. Guess you got that security thing pretty well covered. In any event, if you decide to give WordFence a whirl let me know. It is a pretty awesome security plugin.. best I’ve seen so far.
Jaypee
Thanks for sharing about WordFence my friend! Now I can get rid of several plugins I’m using because WordFence has all the features that those plugins provide.
Btw, just a question regarding the Live Traffic feature of WordFence. How much resource does it use up from the blog server/bandwidth? Cause based on my previous experience with live traffic tracking plugins/services is that sometimes they use a good amount of bandwidth and sometimes use up space in the WP database.
Hi Jaypee. You can call WordFence some sort of All-In-One. Good point having this installed to replace several others. As for the live traffic, I really can’t say as I am not using that feature. I’m guessing that it will consume a bit of resource due to the feature in itself running constantly. As for being compatible with cache plugins, I have not seen any problem yet on any of my sites. I’m running WordFence with one or the other. Good thing about plugins is we can always “turn them off” and delete it π
Jaypee
I’ve already installed WordFence and I could say that it’s already one of my favorite and recommended plugins. Thank you for sharing about it.
I was able to get rid of like 4-5 plugins because of it so now I only have to monitor & update 1 plugin. Regarding the issues with caching plugins, yes it seems like it works well with W3 Total Cache on my blog.
Jaypee
Oh yeah, one more thing I forgot to ask earlier. Will it cause any conflicts with caching plugins like W3 Total Cache?
Ryan
Thank you for this post. I just installed WordFence and it already found a problem. Getting hacked is always something that I’ve worried about, ever since my first little site got hacked. It really doesn’t matter how small the site is, someone will go after it. This plugin is amazing, and I really appreciate you bringing it to my attention!
Hi Ryan. Glad you found the plugin useful. Have a safe site π
Goran
Thanks for this plugin. I currently using Better WP Security but I will also try this plugin
Jai Dodia
Hi Di Tesco,
I got more alerted about security of my WordPress Blogs after reading this post as I thought hackers don’t target small or personal sites.I’m surely gonna implant WordFence to all of them.Such a nice featured plugin.Thank you for sharing.
I used free cloudflare CDN on one of my wordpress site. Unfortunately, the site become slow and performance reduced. I finally had to disable the plugin
That’s very odd. Perhaps it may have been a question of proper configuration. You are actually the first that I know of that had a negative impact by using CF.. oh well.. Have you tried Incapsula?
melli
I configured CF through quickcache WP plugin. Perhaps that was the reason?
Pretty sure it was.. If you need help, perhaps I can give you a hand.. let me know
Jim
I checked your plugin ratings on google i found it very useful more than i had so i install and update my word press database completely, It help me a lot to keep secure my word press.
My site got hacked and I lost everything .I just got done rebuilding it and it is nothing like the old one. Thanks for the post I am going to install wordfence and try and prevent this from happening again
Anees
Im using Better WP Security Plugin and its perfect. I don’t need anything else. There’s nothing to worry about π
Abhay
i agree anees the latest wp security plugin is perfect . i think it works better than any plugins