Using the WordFence Security plugin for WordPress
Wordfence is a free plugin you can use in your WordPress site to scan for hacked files and to monitor the access of visitors to your site. You do not need to enter an API key in the "API Key" field for the free version; however, not all the functions are available for free. This article will explain the basic free functions of WordFence and how to use the Scanning, IP Blocking, Live Traffic view, and more.
Installing the WordFence plugin
- Log into the WordPress Dashboard.
- Go to Plugins and click Add New. Type security in the Search Plugins box and find the WordFence Plugin.
- Once you activate the plugin you will see a "Congratulations" box with a Start Tour button.
You can watch the tour or just click close.
WordFence has the ability to Scan your files, Watch your visitors live, block IP's, automate scanning and more. Below are the features in WordFence.
Note! Not all features are for free with WordFence. For example, Country Blocking and Scan Schedule are only for paid WordFence customers.
WordFence Basic options
|Alerts||Allows the administrator to be emailed when an alert happens.|
|Live Traffic View||You can view your traffic while it occurs on your site with the Live traffic view feature.|
|Scans to include||You can scan specific areas of your WordPress site with the Scans to include feature.|
|Firewall Rules||This section allows you to restrict access to your WordPress in the event your site gets attacked. Important! Make sure you have your email address as the administrators emails address in the event your get locked out of your WordPress dashboard. This feature will email the administrators emails address with the information to get you back in your WordPress Dashboard.|
|Login Security Options||Allows you to lock out a "bot" or user that is trying to "Brute Force Attack" the login on your WordPress.|
|Other Options||You can set memory options an other debugging settings for WordFence in the "Other Options."|
Scanning your WordPress site
When you start a scan with WordFence, you will see the status and what is being scanned in the Scan Summary window. You can also view the Scan Detailed Summary during the scan. Any failures in the security scan will show in the results.
Viewing Live Traffic
Next, you can look at the "Live Traffic" of those who are visiting your website as they are browsing yoru site. This is especially good for security because you can see the Hacker IP address and other information if they are on the site.
Manually blocking IP addresses
In the WordFence plugin section, click the Blocked IP's link. You can add IP addresses to your WordFence plugin to restrict access from those addresses. IP blocks are go to prevent Brute Force attacks on your WordPress logins.
Whois look up by IP or Domain
he WHOIS lookup in the WordFence section is used for looking up where a domain or an IP address is from. You can get the country the domain or IP address is from and then use the IP blocking feature in WordFence to block the IP.
We value your feedback!
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
new! - Enter your name and email address above and we will post your feedback in the comments on this page!
WordPress security Plugins
2014-06-24 6:04 pm
Hi, Wordfence doesn't media zip files. I am starting a wordpress multi sites on my inmotion VPs hosting and would like to find something that will scan my hosting or wordpress multi sites to scan uploads zip files and other file types.
2014-06-24 7:00 pm
Because you are on a VPS, you do have access to ClamAV which is an Anti-Virus software that can scan .zip files.
I went ahead and enabled this for you within WHM, and you should now be able to login to cPanel and under the Advanced section there is a Virus Scanner button. This option is only going to let you scan the entire account though, and a virus scan can be intensive.
I would recommend that you instead login with SSH and then directly scan the directory your uploaded files are in while you limit the CPU usage of intensive tasks with this command:
/usr/local/cpanel/bin/cpuwatch 1 clamscan -ri /home/userna5/public_html/wp-content/uploads
It will spit out output like this:
----------- SCAN SUMMARY -----------
Please let us know if you had any other questions at all.
2014-06-24 7:14 pm
Thank you, I bookmarked this comment for when I get the new network of site set up. I'd like to be able to scan just that section if possible. However it will probably be a week or two before I need to start scanning on a regular bases.
2014-06-24 7:32 pm
No problem at all. If you are going to need to scan a specific directory on a regular basis I might recommend setting up a cron job to make that easier on yourself.