WordPress.org

Plugin Reviews

Wordfence Security

The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware.

1101112256

2553 reviews
Average Rating
4.9 out of 5 stars
You are currently viewing the reviews that provided a rating of 5 stars. Click here to see all reviews.
Wonderful
By , for WP 4.4.2

The plugin fail his duty.
It's simple to configure and very effective, it has many advanced options.

Plugin give you a secur feeling
By , for WP 4.4.2

After my website was hacked I installed this plugin and it gave me a secur feeling. This plugin keeps the bad guys and girls outside.

Has stopped hundreds of intrusion attempts
By , for WP 4.4.2

I have seen the evidence of how Wordfence has stopped hundreds of intrusion attempts to my WP sites. I am grateful for all the hours it has saved in rescue taks.

The best security plugin
By , for WP 4.4.2

I've tried other security plugins in the past and they've always been too expensive or too hard to configure. This plugin comes configured out of the box and is easy to customise. It protects my website from most security threats and it gives me peace of mind. Thanks for creating this great plugin.

Impressive functionality!
By , for WP 4.4.2

After cleaning from a botnet infection this tool found other remnants that went unnoticed. Great work!

Very professional
By , for WP 4.4.2

JUST INSTALLED THIS AND RUN MY FIRST SCAN - VERY IMPRESSED WITH THE HIGH LEVEL OF PROFESSIONALISM .

Should be part of Core
By ,

Especially sine the last two "maintenance" releases of WordPress were security based, and Automattic can't write secure code to save their lives.

10 stars if possible
By , for WP 4.4.2

Lifesaver !!! Thank You !!!
Have used the free version for years ... sorry guys, not paid yet, will get there! But that means I can totally vouch for the basic free version which is robust indeed. More than I can list here, many settings, read the docs, give it a test run.

One example is setting automatic thresholds to throttle or block IP addresses that misbehave.

In my case there is only one person (me) for admin login, so I set an automatic IP block for 4 failed login attempts (there is a workaround for You if you manage to lock yourself out). So today I happen to look at the list of blocked login attempts and see:

Republic of Lithuania Republic of Lithuania
IP: 46.148.18.162 [unlock] << they are blocked, click to unblock <<
Reason: Exceeded the maximum number of login failures which is: 4. The last username they tried to sign in with was: '----'
Hostname: 46.148.18.162
Last blocked attempt to sign-in or use the forgot password form was 12/30/2015 5:20:12 AM (1 month 5 days ago).
18 attempts have been blocked
Will be unlocked in 16 days << Is that helpful or WHAT???

Check the log of login attempts -- then set an automatic block for popular wrong login names such as "admin", etc. They don't get a second chance.

Conveniently keep an eye on "pages not found" to fix your site redirects. Automatically throttle or block IPs that pound you with dummy page names, trying to overwhelm your site. (Set a similar threshold for excessive attempts for valid page names.)

Look at the top consumers list. Does 37 hits from an IP in Romania make sense for your site? Drill into their history. Hm, tried to access page names containing "query", "js" and also flagged as "possible XSS" -- make that a permanent block for a few months.

See the history and map location for any IP address on any list. Block/Unblock as you wish. Yes, thugs roll to a new IP but still it helps. If IP attacks are concentrated in one country, block that entire country for as long as you wish.

Be careful to not throttle/block benign search engine crawlers. There's a tab to help with that, too.

Look at list of most recent visitors, what do they do?

I set parameters and let Wordfence handle most of it. I only spot check now and then, especially when I see spikes in bandwidth. Dig in and see if you can't divert some of that useless load -- not to mention risk!

No problems Ever with the Wordfence plugin or updates. In my somewhat limited plugin experiences they have been supremely professional. Reported problems are most likely conflicts with other plugins or an outdated WP version.

Oh and don't forget #1 those daily scans that compare your WP code and plugins to repository versions, and email you if differences pop up. If You have made code changes, set a flag to ignore, only, those particular lines of code.

Wordfence is an awesome public service, take advantage of it!

Easy to use.
By , for WP 4.4.2

Easy to use and setup, although I did have to deactivate-reactivate the plugin after migrating my site to a new server. Worked great after that though.

No complaints! It works and it's free. Highly recommended.

Very useful tool - and easy to use!
By ,

Can't believe all the functionality it provides. Thanks!

You must log in to submit a review. You can also log in or register using the form near the top of this page.