How to prevent hackers on your site part 4: Wordfence

Wordpress Security
One of the best security features we have discovered in our years of working with websites is a plugin called Wordfence. You may remember us saying in a previous post that plugins can be places of vulnerability on your site – this is true – however, Wordfence has such a strong worldwide reputation that we install the free version on every site we build as a standard feature.   The other big name in site securiy is Sucuri, which is also an excellent product. We will discuss pros and cons of the two a bit later in this post.  

Why is Wordfence so good?

Wordfence describe themselves on their site as: “a global team of WordPress security analysts, threat researchers, software engineers, and support staff…we focus exclusively on securing WordPress websites, and on WordPress security research.”   Because of their sheer size and number of users they are aware of WordPress security threats almost as soon as they become obvious, and work to counteract them. Think of it like a global Neighbourhood Watch for WordPress sites.  

How does it work?

Wordfence and Sucuri are Endpoint WAFs (web application firewalls), as opposed to a product like Cloudflare, which we’ll discuss in a later post, which is a Cloud WAF. For the most robust security possible we’d suggest you use both endpoint as well as cloud.   Endpoint WAFs work within your site itself, which is why they are effective in geo-blocking and IP blocking

How much does Wordfence cost? Is it worth it?

Wordfence has a free version which, as we said earlier, we install as a standard on every site we build. However, we do recommend you upgrade to the Premium version (around US$89 per year). The main difference between the free and premium versions is that there is a 30-day delay in information for the free version, whereas updates happen in real time for premium subscribers. Back to the Neighbourhood Watch example, if you’re a paid subscriber you’d get a knock on your door as soon as a potential new threat was detected, whereas if you had the free version you’d get a letter in the post a month afterwards.   Subscribers of Wordfence Premium can also access geo-blocking, which–as we mentioned in a previous post–can keep your site out of view from countries where a large amount of attacks originate from. Premium subscriptions also come with real-time IP blocking. If your website is the main source of your business marketing or you run an e-commerce site, we highly recommend you purchase Wordfence Premium.  

Wordfence vs Sucuri

Having an Endpoint WAF installed on your site, whichever one you choose, is a no-brainer. Our experience is that Sucuri seems to slow down the site a little, so if speed is your highest priority be aware of this. Sucuri may be a little more robust as it also integrates DNS-level firewalls and does a lot of hardening on the code side of things, but this can also mean that it’s more challenging to remove, and can cause some challenges with development. This is why, for speed and flexibility. we prefer Wordfence.   Whichever Endpoint WAF you choose, you’ll find that having even a basic Endpoint WAF can save you a lot of time, hassle, and money through increased site security.
Comments (0)

Leave a Reply

Your email address will not be published. Required fields are marked *