Wordfence Security Plugin for WordPress

Wordfence is a security plugin for WordPress.

Let’s review each of these.

Two Factor Authentication (2FA)

2FA adds another layer of protection against brute force attacks to your WordPress admin area.

Generally you would go to YOURWEBSITE.COM/wp-admin and login to update posts, and customize your site.

When enabling 2FA, before the admin can login it will send an email to the admin email with a verification code. In order to login to your WordPress backend you’ll need to have the correct code.

This is excellent protection as it stops brute force attacks as well as preventing someone who may have found a password you use on multiple other sites from leaked databases.

Network Geo Blocking

You can block IP addresses, ranges and countries. Depending on what your website is about, and what languages it is in. A layer of added security is to block countries of visitors who have no real use to visit your site.

A good example would be if you have an ecommerce site and you don’t ship to China or Russia, you might as well block those countries as most of the traffic will be bot or hack attempts.

Source Code Validation

Once a system is compromised many hackers change WordPress source code files to include more malicious code. 

By replacing or checking wp-admin and wp-includes files you can increase your security and make sure there are no backdoors/hacks in those files.  If something is found Wordfence will alert you.

Automatic IP Blocking

When any site running wordfence is found to be compromised by a certain IP that IP can be automatically blocked. This ties into the wp-admin login system so when the failed login attempts reach the number you set, the IP will be blocked.

Login Attempts Monitor

You can see who is trying to login to your wp-admin and block them.

Did I mention Wordfence is FREE?

Using a plugin like Wordfence should be your first step in securing your WordPress Site.