Lifesaver !!! Thank You !!!
Have used the free version for years ... sorry guys, not paid yet, will get there! But that means I can totally vouch for the basic free version which is robust indeed. More than I can list here, many settings, read the docs, give it a test run.
One example is setting automatic thresholds to throttle or block IP addresses that misbehave.
In my case there is only one person (me) for admin login, so I set an automatic IP block for 4 failed login attempts (there is a workaround for You if you manage to lock yourself out). So today I happen to look at the list of blocked login attempts and see:
Republic of Lithuania Republic of Lithuania
IP: 126.96.36.199 [unlock] << they are blocked, click to unblock <<
Reason: Exceeded the maximum number of login failures which is: 4. The last username they tried to sign in with was: '----'
Last blocked attempt to sign-in or use the forgot password form was 12/30/2015 5:20:12 AM (1 month 5 days ago).
18 attempts have been blocked
Will be unlocked in 16 days << Is that helpful or WHAT???
Check the log of login attempts -- then set an automatic block for popular wrong login names such as "admin", etc. They don't get a second chance.
Conveniently keep an eye on "pages not found" to fix your site redirects. Automatically throttle or block IPs that pound you with dummy page names, trying to overwhelm your site. (Set a similar threshold for excessive attempts for valid page names.)
Look at the top consumers list. Does 37 hits from an IP in Romania make sense for your site? Drill into their history. Hm, tried to access page names containing "query", "js" and also flagged as "possible XSS" -- make that a permanent block for a few months.
See the history and map location for any IP address on any list. Block/Unblock as you wish. Yes, thugs roll to a new IP but still it helps. If IP attacks are concentrated in one country, block that entire country for as long as you wish.
Be careful to not throttle/block benign search engine crawlers. There's a tab to help with that, too.
Look at list of most recent visitors, what do they do?
I set parameters and let Wordfence handle most of it. I only spot check now and then, especially when I see spikes in bandwidth. Dig in and see if you can't divert some of that useless load -- not to mention risk!
No problems Ever with the Wordfence plugin or updates. In my somewhat limited plugin experiences they have been supremely professional. Reported problems are most likely conflicts with other plugins or an outdated WP version.
Oh and don't forget #1 those daily scans that compare your WP code and plugins to repository versions, and email you if differences pop up. If You have made code changes, set a flag to ignore, only, those particular lines of code.
Wordfence is an awesome public service, take advantage of it!
Easy to use and setup, although I did have to deactivate-reactivate the plugin after migrating my site to a new server. Worked great after that though.
No complaints! It works and it's free. Highly recommended.
Can't believe all the functionality it provides. Thanks!
...but I really love it now! I love being able to monitor when someone logs into the backend. I love getting monthly emails regarding what IP's are trying to gain access. And I really love getting notified of recent file changes. I really feel like Wordfence has got my back!
The stress and worry, wondering if I might make a mistake in the way I create and add posts or pages to my website is gone. Knowing wordfence is there keeping the site safe allows me to sleep better at night.
It feels an important niche
A Must Have.
Love it. Thanks!
This helps a great deal to see what is going on, to dermine attacks, which take place regularly, and to monitor 404. When one worries about website security, this plugin is the front of monitoring and of rejecting unsolicited calls.
You must log in to submit a review. You can also log in or register using the form near the top of this page.