• thyroidliv


    I was recommended this plugin. Bad advice. It cannot even block comments from sites I have manually blocked. I have blocked them in every which way. I spam them when they get posted. No reaction. I believe they are mostly focused on promoting their premium version. There is a constant barrage of mails on this subject. I just got one now, alerting me to a medium security issue. It was the twenty twenty theme needing an update! I don’t use this theme. Of course, a long ad for premium attached! They spam you with mails. I have disabled most mails from them, but one does want security alerts. Which I have set to medium. How is updating a theme you don’t use a security issue? I don’t understand people recommending this plugin. WP security was much better. Only it locked me out after I upped the security level. I must get Sucuri.

Viewing 1 replies (of 1 total)
  • Plugin Author WFSupport


    Thanks for reaching out and for your thoughts about Wordfence. I’d like to address some of your comments here to clear up some misunderstandings.

    We don’t block comments and don’t offer that as part of our service. If you mistakenly thought this was part of the service then you did not read the documentation or features offered in Wordfence. We used to have a comment filter that ran alongside Akismet or other traditional comment filtering plugins but removed it awhile back.

    Email alerts are an integral part of any security plugin. If you don’t know something is wrong, you can’t possibly address it. I understand why those emails might have been irritating to you. I have a list of alerts that I turn off on sites I have setup because they are informational in nature and don’t require any action on my part. I only like seeing the emails that tell me I need to do something, but new users have told us they like seeing the emails at first because it is comforting to know Wordfence is working on the site and doing its job. But the emails can be excessive depending on your site traffic which is why we have a documentation page and walk through video explaining how to tune them. Had you reached out to our staff here on the forums they would have been happy to help you make sure that the emails you got were the ones you needed to see. I, however, don’t see any posts from you asking for help on our forums here at WordPress.org.

    Speaking to your comment about updating a theme that you don’t use, it is very important because even though the theme may be deactivated the files in it are still publicly available in most cases. The same thing is true for plugins. Even if they are deactivated, if the files can be seen by browsing to their location then a hacker can potentially use them to exploit the site. For instance, try visiting yourdomain.com/wp-content/plugins/wordfence/readme.txt. Even if Wordfence is deactivated that file is visible. The idea is not to leave anything to chance. If you only want to see theme and plugin update notifications if a known security vulnerability is in them then you can select High instead of Medium where you set it before. This page I linked to earlier tells you what the different alert levels are. I usually set mine to high but also have a regular update schedule to update all my plugins and themes that I have on the site. To be fair though, I only keep the plugins and themes on my site that I am using, with the exceptions of a few of the default twentysomething themes that are in every version of WordPress just in case I need to revert to one of them because my theme has an issue.

    We do understand if the Wordfence plugin is a little too concerned about the security of our users’ sites than you might prefer. We offer about 80% of the plugin features, all fully featured and not limited in functionality, in the free version. The premium version offers a few other things and adds other stronger ways to prevent an infection and includes access to Premium support. You can even clean a hacked site using Wordfence Free. Your contention that we only care about promoting our Premium version is not factual and is rather unfair.

    We wish you luck in finding a security solution that is right for you. I’d only advise reaching out when you need help before deciding to change plugins because the plugin did what it said it would. You might find their support is quite willing to lend a hand and can solve your issue to make it a better experience for you.


Viewing 1 replies (of 1 total)
  • The topic ‘Does not block’ is closed to new replies.