I've been impressed by the Wordfence Security plugin after running it on several sites for a few months. Here are some of my favorite features of this plugin:
Update Nov. 9, 2016: Over the last 3 years, we’ve found “all-in-one” security plugins like Wordfence and iThemes Security to be bloated (they slow down the site) and more trouble than they’re worth (false positives, etc.). Instead, we use secure managed hosting such as Flywheel and WP Engine. When clients choose not to use managed hosting, we follow some of the advice in Hardening WordPress. We also like Jetpack Protect. There's still a place for Wordfence, so this post is still valuable.
Note: This page contains affiliate links. Please see Affiliate Disclosure.
Because Wordfence locks out IP addresses that attempt brute force attacks, I no longer need the Limit Login Attempts plugin. Because Wordfence can email me about available updates to core, themes, and plugins, I no longer need to use the WP Updates Notifier plugin. However, I've recently started using WP Remote to update sites en masse, so I don't need Wordfence to notify me anyway.
Here's how I configure Wordfence. You should adjust these steps for your situation and preferences.
See the Wordfence documentation for more details.
Wordfence is great, but it doesn't do everything. I still use these security plugins:
If website security has you worriedly wringing your hands, get one of our WordPress Maintenance Plans and enjoy some peace of mind. All of our plans include security scans; our Gold and Silver plans also include malware removal. Rest easy. We’re watching your site.
Nice post Chad. I'm a huge fan of Wordfence also. My question to you is about remote management though: have you used ManageWP before? I'd love a side my side comparison as I'm loving ManageWP http://www.managewp.com
Avi, I haven't yet tried ManageWP. In January 2013 the local WordPress Grand Rapids meetup group briefly discussed InfiniteWP, ManageWP, and WP Remote. Each option had its fans.
Thanks for this useful article. I am using Wordfence Security plugin in all of my blogs of WP. It works really great as it helps keep my sites clean and working. Fantastic plugin!
You're welcome, Jack. I agree that it's a great plugin. Security is so important!
Have you had any issues with WP Remote not working with Wordfence. I just installed WP Remote and getting red in the WP remote control panel. There is no support by WP remote for this problem: https://wpremote.com/support-center/troubleshooting/my-site-is-showing-up-as-red/#Wordfence Security
I would like to know how you worked around this?....
Thanks!!
I'm using WP Remote and Wordfence together on over 20 sites on various hosts, and am not having issues. WP Remote used to recommend adding their IP address as a whitelisted IP address in Wordfence > Options > Other Options, but I'm pretty sure it worked even when I didn't add that. It looks like WP Remote removed that recommendation from their site. I currently have that address whitelisted on all my sites.
Thanks for a detailed post on setting WF up correctly. I found a lot of the security plugins I was using hadn't been updated in over 2 years so wanted to switch, and reduce the number of plugins being used.
I've followed your guide and set it up accordingly. I found there wasn't a check box for turning off live Traffic reports, so that's still running.
Great post all the same and has really helped me set it up for the best results.
Nice one,
Barry
Barry, they moved the checkbox for Enable Live Traffic View after I wrote this post. It's now at the top of the WordFence Options page, under Basic Options. I just updated the post accordingly.
thanks a lot for your article. i've seen that if i use tor web wordfence can't help me to discover who use tor. Have you an idea how to block tor web users?
thanks in advance
Otello, I haven't done anything with Wordfence relating to Tor. Here's the contact page for Wordfence. It says that if you use the free version of Wordfence, you can ask in their forums. If you use the paid version, you can email them about it.
One of the best plugin when it comes to secure your wordpress account from hack. Everyone who is using worpdress give it a try.
Security can not be compromise in any sense. its a perfect plugin in security point of view. I would suggest everyone to implement as they should.
Great and reliable security Plug-in. Thanks for sharing
One of the most secure plug-in.
Another needed addition for WordPress security.
it is mandatory for wordpress security indeed
Security is a major concern for website owners. Since WordPress is one of the most popular content management systems, it is always on the hitlist of attacker and hackers. If your website host does not care about security of your website, you should not care about the host. Cloudways secure and managed wordpress hosting not only maintains a healty and secure server environment, but also ensures that your application level security is not breached with the integration of the WordFence plugin in the console.
Thanks for sharing informative stuff and security plugin.
Thanks for sharing. I'll try this plugin
Yes. that is true that plugin is very important for WordPress security. We recommend this to all of our word press outsourcing clients.
How to set CPU limit on plugin?
acil, we didn't create the plugin, and don't offer support on it. I recommend posting your question in this plugin's support forum.
Thx Chad, u can offer me another wordpress security plugin?
Over the last 3 years, we've found all-in-one security plugins like Wordfence and iThemes Security to be bloated and more trouble than they're worth. Instead, we use secure managed hosting such as Flywheel and WP Engine (aff. links). When clients choose not to use managed hosting, we follow some of the advice in Hardening WordPress. We also like Jetpack Protect and Force Strong Passwords.
WordFence. WordFence is one of the most popular WordPress security plugins.
BulletProof Security.
Sucuri Security. ...
iThemes Security (formerly Better WP Security) ...
Acunetix WP SecurityScan. ...
All In One WP Security & Firewall. ...
6Scan Security.
One of the most important plugins!