WordFence Security Plugin - Review


WordFence security plugin is no more a good security plugin.

  • Live Traffic Audit
  • easy way to Block IP
  • Login Limit

Starting from version 7.* this plugin completely changed how it was supposed to be.

  1. After activation, a pop-up comes with checked checkbox and almost hidden close button.

  2. When I go to plugin Settings, again Pop-up! :neutral_face:

Such aggresive way to collect email seems bad for user-experience.

wordfence_logHuman - Best way to Spam Search Engine!

Thanks & Regards,

(Suprim Shrestha) #2

Which security plugin would you recommend @gulshankumar?

(Amit Tiwari) #3

I had a lot of trouble with this…!!

Alternate Solution :


I have tried top two plugins which I can say, iThemes and WordFence. Both what does, I don’t feel secure.

The best Security plugin is ‘following WordPress standard best practices’.

My best advice would be…

  • Use latest PHP version
  • Secure web hosting
  • Enable two factor authentication at your domain, hosting
  • Have a Web Firewall. I think, Sucuri, Cloudflare and DO these are good.
  • Always keep backup
  • Avoid using Abandoned plugins (typical sign: Those plugins which miss ‘View details’ link at Plugins page)
  • Focus on least access to Dashboard area
  • Always keep WordPress up to date
  • Avoid Nulled plugin, themes, it may give surprise anytime, no matter who trusted friend/site shared that stuff
  • Avoid using same password everywhere
  • Secure your email address, enable TFA
  • Never keep common username such as ‘admin’
  • Use HTTPS

Many things to follow but I feel better to avoid plugins.


Thanks for sharing valuable points. May i ask what to do to avoid brute force attack? Also latest version of PHP sometime gives compatibility issues.


You can hide username, as written here.


Thanks. I have used jetpack for avoiding attacks but they blocked my login page one day and also showing an ip to whitelist which is not mine. Any other face same issue?


Yes, to fix. Edit to wp-config.php file add below constant value and save changes.

define('JETPACK_IP_ADDRESS_OK', 'Type Your IP Address');


For dynamic ip?


where can i find this option in phpmyadmin?


You have to whitelist each time if you get blocked.


Check wp_users

(अभिषेक वर्मा) #13

@gulshankumar you’re right. According to my experience with WordFence plugin, It’s a garbage which produces more and more garbage.
This can be a reason if you’re penalized by Google when using this plugin.


is this true?


It will be unwanted URLs that Google will crawl without any reason. Hence, some load at server.