Are you looking for a WordPress security plugin? WordFence Security is one of the most popular WordPress security plugins in the market. In this WordFence Security review, we will take a look at its features and performance to find out if it is really the best WordPress security plugin in the market.
Why You Need a WordPress Security Plugin
WordPress is the world’s most popular Content Management System. It powers more than 25% of all websites on the internet. This huge number makes it a popular target for malicious attacks, hacking attempts, code injection, etc.
Most WordPress users are not developers or experts in online security. There are some security best practices that you can follow like maintaining regular backups, using strong passwords, etc.
You will need a WordPress security plugin for advanced stuff like scanning for malware, blocking suspicious activity, or monitoring your website.
Having said that, let’s take a look at how WordFence Security protects your website against common threats.
Setting Up WordFence Security plugin
WordFence Security plugin comes as both Free and Paid version. The paid version has extra features and premium support. Free version is quite usable too, and this is what we will be using for the review.
WordFence Security plugin works out of the box and default settings should work for most websites. The plugin also has a settings page where you can setup the plugin to meet your own requirements.
Simply visit WordFence » Options page to configure plugin settings.
WordFence Security is a very powerful plugin and comes with an extensive set of features and options. First you will get to setup the basic plugin options. This includes enabling or disabling the core plugin features and providing additional email address for alerts.
The advanced options page is where you can change how plugin behaves and performs on your site. First you have alerts, you can enable or disable events you want to be notified about. If you run a busy website then you will get a lot of emails from WordFence security as alerts. A lot of these alerts are not harmful activities.
Then there are Firewall rules and scan rules. This is where you can tell plugin which files and directories to scan and adjust firewall behavior. Don’t change these options unless you know what you are doing.
Don’t forget to click on the save changes button when you are done.
Scan Your Website for Threats with WordFence Security
WordFence Security comes with a powerful scanning tool. Simply visit WordFence » Scan to initiate a scan. WordFence will check your WordPress site for common threats like backdoors, malicious and suspicious code, MySQL injection, etc.
After the completion of the scan it will show you the number of issues it found. With each issue you will see detailed information about it with practical advice on how to fix it.
WordFence is one of the most popular WordPress plugins used by more than a million websites. They collect data from WordPress sites all over the world. It helps them effectively learn about new threats and how to spot them.
However, WordPress forums are full of mixed reviews from users who actually use the plugin. Sometimes it catches the backdoors and malicious code that other scanners won’t catch. Sometimes it may fail to detect them. It is always a best strategy not to rely on just one tool if you suspect that your site’s security might be compromised.
Monitor Your Live Traffic with WordFence Security
A large number of any site’s traffic comes from automated bots like search engine crawlers, data mining bots, and automated spam bots. This is quite normal and nothing to be panicked about.
However, if your site is under a DDOS attack then you would notice bombardment of hits from specific ips to your website. Using the live traffic tool in WordFence Security you can monitor these IPs in real time and block them.
While the information collected by this tool can be very helpful, it does not help a website owner much. Most attack bots use a variety of IP ranges spread across different networks around the world. It is very difficult to effectively block IP addresses.
As soon as you block an IP network, the bot net switches to another network. This is a never ending game where you cannot win by manually monitoring and blocking things on your own.
Pricing and Support for WordFence Security
The basic WordFence Security plugin is available for free. The pricing for premium version starts from $39 per year. There are different pricing options for bulk licensing.
Support for free version of the plugin is provided by the official WordPress.org forums. Free support is limited and not guaranteed. Premium support is provided by the email based ticketing system.
There is documentation available on how to use different tools in WordFence Security plugin on the official website.
Our Verdict on WordFence Security Plugin
WordFence Security plugin is a good option for a basic WordPress security setup. However, it is not the best WordPress security plugin.
It puts significant amount of load on your server. This could affect your site’s performance if you are on a shared hosting environment. It messes up with your WordPress data and stores a lot of information in your database.
The user interface of the plugin is not that great. We think it can be cleaned up a little. The options page is overwhelming and there are simply too many options.
(If you’re looking for an alternative security plugin, check out our iThemes Security review.)
We give WordFence Security 3 out of 5 stars. Here is a breakdown of our review scores: