Wordfence is a free plugin you can use in your WordPress site to scan for hacked files and to monitor the access of visitors to your site. You do not need to enter an API key in the "API Key" field for the free version; however, not all the functions are available for free. This article will explain the basic free functions of WordFence and how to use the Scanning, IP Blocking, Live Traffic view, and more.

Installing the WordFence plugin

  1. Log into the WordPress Dashboard.
  2. Install the WordFence pluginGo to Plugins and click Add New. Type security in the Search Plugins box and find the WordFence Plugin.
  3. Tour the WordFence pluginOnce you activate the plugin you will see a "Congratulations" box with a Start Tour button.

    You can watch the tour or just click close.

WordFence Options

WordFence has the ability to Scan your files, Watch your visitors live, block IP's, automate scanning and more. Below are the features in WordFence.

Note! Not all features are for free with WordFence. For example, Country Blocking and Scan Schedule are only for paid WordFence customers.

WordFence Basic options
Alerts Allows the administrator to be emailed when an alert happens.
Live Traffic View You can view your traffic while it occurs on your site with the Live traffic view feature.
Scans to include You can scan specific areas of your WordPress site with the Scans to include feature.
Firewall Rules This section allows you to restrict access to your WordPress in the event your site gets attacked. Important! Make sure you have your email address as the administrators emails address in the event your get locked out of your WordPress dashboard. This feature will email the administrators emails address with the information to get you back in your WordPress Dashboard.
Login Security Options Allows you to lock out a "bot" or user that is trying to "Brute Force Attack" the login on your WordPress.
Other Options You can set memory options an other debugging settings for WordFence in the "Other Options."

Scanning your WordPress site

Scan your files WordFenceThe first this you will want to do is scan the WordPress site.You will now have a section in your WordPress Dashboard specific for WordFence. Go to the WordFence section and click Scan.

Scan resultes WordFenceWhen you start a scan with WordFence, you will see the status and what is being scanned in the Scan Summary window. You can also view the Scan Detailed Summary during the scan. Any failures in the security scan will show in the results.

Viewing Live Traffic

View Live traffic WordFenceNext, you can look at the "Live Traffic" of those who are visiting your website as they are browsing yoru site. This is especially good for security because you can see the Hacker IP address and other information if they are on the site.

Visitors information WordFenceThe image to the right shows what a visitor looks like in your WordFence plugin. The name, IP, Hostname, browser type, and more can be ascertained from the "Live Traffic View".

Manually blocking IP addresses

Block IPs in WordFenceIn the WordFence plugin section, click the Blocked IP's link. You can add IP addresses to your WordFence plugin to restrict access from those addresses. IP blocks are go to prevent Brute Force attacks on your WordPress logins.

Whois look up by IP or Domain

WHOIS lookup in WordFencehe WHOIS lookup in the WordFence section is used for looking up where a domain or an IP address is from. You can get the country the domain or IP address is from and then use the IP blocking feature in WordFence to block the IP.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Like this Article?
n/a Points
2014-06-24 6:04 pm

Hi, Wordfence doesn't media zip files. I am starting a wordpress multi sites on my inmotion VPs hosting and would like to find something that will scan my hosting or wordpress multi sites to scan uploads zip files and other file types.

Any suggestions

Staff
9,962 Points
2014-06-24 7:00 pm
Hello Kimberly,

Because you are on a VPS, you do have access to ClamAV which is an Anti-Virus software that can scan .zip files.

I went ahead and enabled this for you within WHM, and you should now be able to login to cPanel and under the Advanced section there is a Virus Scanner button. This option is only going to let you scan the entire account though, and a virus scan can be intensive.

I would recommend that you instead login with SSH and then directly scan the directory your uploaded files are in while you limit the CPU usage of intensive tasks with this command:

/usr/local/cpanel/bin/cpuwatch 1 clamscan -ri /home/userna5/public_html/wp-content/uploads


It will spit out output like this:

----------- SCAN SUMMARY -----------
Known viruses: 3419698
Engine version: 0.97.8
Scanned directories: 1
Scanned files: 8
Infected files: 0
Data scanned: 93.86 MB
Data read: 25.29 MB (ratio 3.71:1)
Time: 35.511 sec (0 m 35 s)


Please let us know if you had any other questions at all.

- Jacob
n/a Points
2014-06-24 7:14 pm

Thank you, I bookmarked this comment for when I get the new network of site set up. I'd like to be able to scan just that section if possible. However it will probably be a week or two before I need to start scanning on a regular bases. 

Staff
9,962 Points
2014-06-24 7:32 pm
Hello Kimberly,

No problem at all. If you are going to need to scan a specific directory on a regular basis I might recommend setting up a cron job to make that easier on yourself.

- Jacob

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

4 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!