Wordfence looks for vulnerabilities such as old or outdated plugins, weak passwords, or compromised files.
WordPress is delivered in a pretty secure state. Most hackers get in through weak passwords our poorly coded add-ons. Here’s some more info on securing your site:
http://codex.wordpress.org/Hardening_WordPress
Thanks sdayman and agreed about the outdated plugins. A site I managed a while back was compromised by a deactivated plugin that is pretty well known and widely used. It’s important to make sure and remove those if you aren’t using them because they can open the door to all kinds of nastiness.
In answer to your original question, one of the ways Wordfence works is by helping to block login attempts from the bad guys. You have a ton of settings on the options page to configure, like lockout after x attempts, how long people are locked out, etc. I also highly recommend setting the option that forces Admins and Publishers to use strong passwords and hiding your WordPress version. Keeping your suite safe and hack free requires some diligence and forethought, and Wordfence is a valuable tool that can help you do that.
tim
Hi @the Creative Tablet
This is a very interesting question, and one that goes beyond WordFence specifically.
The BlogVault guys wrote a very interesting article about it actually: https://blogvault.net/does-wordpress-security-plugin-secure-your-site/
Does WordPress stop hackers or is it just a secondary solution if and when you are hacked?
Is a very big question, the response could easily be turned around with:
What kind of hackers?
WordFence seems to have a fairly decent brute force features, which could be argued is preventing attacks. But the attack spectrum is so diverse, brute force attempts are but one attack vector to be concerned with.
The article articulate this point very well.
All the best,
Blog entries like that are frustrating – seems to be a user issue with the reviewer. We have included protection for Timthumb and other specific vulnerabilities via Wordfence scanning. So if you have the vulnerability you’ll get a critical alert. This is more effective than, say, using an .htaccess rule to try to block the vulnerability from being exploited but leaving the vulnerability in place – we get the user to focus on the root cause of the issue and fix that.
Occasionally we will provide real-time patching of an issue via auto-updates. For example yesterday’s release protects against the Slider Revolution issue even if you haven’t upgraded yet. In this case, even though we’d like the user to deal with the root-cause and upgrade their version of Slider Revolution, the amount of PR around the issue creates enough risk that we rolled out additional protection until our customers can upgrade that plugin.
@perezbox Lets try to keep the marketing links to a minimum. We have many other high-profile competitors and partners on this forum making a valuable technical and support contribution and we welcome relevant contributions from you folks too, but lets keep it focused on supporting the community and on this forum specifically, providing customer support for Wordfence.
Regards,
Mark Maunder – Wordfence Founder.
Hi Mark
The blog entry shouldn’t be frustrating, it’s very accurate. Unless you are saying that your plugins is a Firewall capable of stopping vulnerabilities from exploited. It’s great you’re able to patch your users, kudos to your team.
Not sure I agree with your point about it being better than blocking it via .htaccess, that’s not entirely accurate. It is effective to patch though. The one risk you introduce is patching someone else’s work. What happens if they upgrade later, now you start getting into conflicts with code and that can be all kinds of bad for the users. Food for thought.. but I’m sure you have thought through that.
As for marketing links. Which are you referring to? Pretty sure I didn’t share any marketing links here, just a link I felt addressed the question being asked. I also didn’t see this in the WordFence forum, rather in the /tags/hacked forum. We have no relationships with BlogVault and are not mentioned in the post, unless I missed it.
So to your point, pretty sure it’s helpful to the community.
All the best
Tony Perez – Sucuri Co-Founder
We provide both firewall and scanning/alerting functionality which work in concert to provide a more secure WordPress website. So back to the original poster’s question, we do provide a firewall and we go deeper than that because we have access to inspect site code, search for malware, find vulnerabilities in code during our scans, do deep inspection of both the filesystem and the database and provide alerting and reporting to give our customers a more secure site.
@perezbox We’re not patching PHP code, so that’s not an issue. We instead provide firewall functionality so that if someone uses the attack vector I mentioned they’re blocked before it hits the vulnerable plugin.
That blog entry installs a vulnerable WP system and then tries to protect it with security plugins using only firewall functionality. The real world scenario is that a WP admin is getting alerted by our plugin that they have out of date themes, plugins or core components or vulnerabilities on their site and they upgrade them or close the holes while we simultaneously provide firewall functionality to prevent exploitation of selected security holes – and as a last resort if a site does get hacked we’ll detect that and help you fix it.
From the blog entry it doesn’t appear that a Wordfence scan was done, either scheduled-daily or manual, which likely would have provided insight into vulnerabilities on the site.
This is appearing on our support forum – I do understand you found it via another route though. So lets cut this short here – I think the original poster’s question has been answered. We’re always interested in outside perspectives and you’re welcome to email me at mark at wordfence.com to continue the conversation.
Regards,
Mark Maunder – Wordfence Founder.
