WordFence Security Plugin - Review


#1

WordFence security plugin is no more a good security plugin.

  • Live Traffic Audit
  • easy way to Block IP
  • Login Limit

Starting from version 7.* this plugin completely changed how it was supposed to be.

  1. After activation, a pop-up comes with checked checkbox and almost hidden close button.

  2. When I go to plugin Settings, again Pop-up! :neutral_face:

Such aggresive way to collect email seems bad for user-experience.


wordfence_logHuman - Best way to Spam Search Engine!

Thanks & Regards,
Gulshan


(Suprim Shrestha) #2

Which security plugin would you recommend @gulshankumar?


(Amit Tiwari) #3

I had a lot of trouble with this…!!

Alternate Solution :


#4

I have tried top two plugins which I can say, iThemes and WordFence. Both what does, I don’t feel secure.

The best Security plugin is ‘following WordPress standard best practices’.

My best advice would be…

  • Use latest PHP version
  • Secure web hosting
  • Enable two factor authentication at your domain, hosting
  • Have a Web Firewall. I think, Sucuri, Cloudflare and DO these are good.
  • Always keep backup
  • Avoid using Abandoned plugins (typical sign: Those plugins which miss ‘View details’ link at Plugins page)
  • Focus on least access to Dashboard area
  • Always keep WordPress up to date
  • Avoid Nulled plugin, themes, it may give surprise anytime, no matter who trusted friend/site shared that stuff
  • Avoid using same password everywhere
  • Secure your email address, enable TFA
  • Never keep common username such as ‘admin’
  • Use HTTPS

Many things to follow but I feel better to avoid plugins.


#5

Thanks for sharing valuable points. May i ask what to do to avoid brute force attack? Also latest version of PHP sometime gives compatibility issues.


#6

You can hide username, as written here.


#7

Thanks. I have used jetpack for avoiding attacks but they blocked my login page one day and also showing an ip to whitelist which is not mine. Any other face same issue?


#8

Yes, to fix. Edit to wp-config.php file add below constant value and save changes.

define('JETPACK_IP_ADDRESS_OK', 'Type Your IP Address');


#9

For dynamic ip?


#10

where can i find this option in phpmyadmin?


#11

You have to whitelist each time if you get blocked.


#12

Check wp_users


(अभिषेक वर्मा) #13

@gulshankumar you’re right. According to my experience with WordFence plugin, It’s a garbage which produces more and more garbage.
This can be a reason if you’re penalized by Google when using this plugin.


#14

is this true?


#15

It will be unwanted URLs that Google will crawl without any reason. Hence, some load at server.