Building Your Own WebsiteSecurity is also a very important part. This plugin named Defender WordPress Security, Malware Detection, and Firewall can perform security checks, malware scanning, and firewall functions for your website. It can also provide security recommendations. We recommend everyone to use it.
Introduction and Download of Defender Security
Defender WordPress Security, Malware Detection, and Firewall is another free plugin from the same company as the very useful WordPress speed optimization plugin: Hummingbird, which was previously shared by Naibabiji.
A very useful WordPress speed optimization plugin: HummingbirdAnother free plugin from the same company. Using Defender WordPress Security, you only need to click a few times with your mouse to get the best WordPress security settings. Defender WordPress Security supports:
- Malware scanning;
- Firewall;
- Two-factor authentication;
- Prevention of brute force login;
- Prevention of SQL injection;
- Prevention of cross-site scripting (XSS) attacks;
- Other WordPress vulnerabilities.
The plugin supports Chinese. Naiba tested it on the
Website Building Noteswebsite and found the features acceptable. It is currently in use.
Download LinkDefender Security Usage Tutorial
1. When using the plugin for the first time, there will be a quick setup. Just click the 'Start Using' button.
2. After the scan is complete, there will be a scan result. Any issues will be highlighted for you.
3. The 'Security Tweaks' section will give you some security recommendations, similar to security assistants on computers. You can click to view each recommendation and decide whether to accept it based on your actual situation.
- Disable Trackback and Pingback (Recommended to adopt the suggestion)
- Database Prefix (Risk of database injection. The suggestion is to modify the database prefix, but it is not recommended for already installed websites to adopt this suggestion, as modifying the database prefix carries risks.)
- File Editor (Disable file editing, recommended to adopt the suggestion)
- Security Keys (Recommended to adopt the suggestion)
- Information Disclosure (Prevent information leakage, requires server administrator handling, can accept the suggestion.)
- Admin Login Duration (Default is 14 days, can be adjusted to a smaller value.)
4. File Scanning will scan and show you files and folders not included in the default WordPress directory, as shown in the image below:
This requires your own judgment. For example, many files in the image above are verification files for search engines and pose no security threat, so they can be ignored directly. 5. IP Locking IP locking is a simple firewall function, but this feature is very practical.
Log:In the IP Lock section, you can see a log. If your website has 404 pages accessed by others, they will be displayed here. This feature can help you troubleshoot 404 pages on your website, and you can also directly blacklist the IPs of bots scanning for non-existent files.
Login Protection: This is a powerful tool against brute-force attacks on your website's administrator account. By default, if there are 5 failed login attempts within 5 minutes, access is blocked for 5 minutes. You can choose a longer duration or permanently ban the IP from accessing. Additionally, you can specify usernames to block from logging in. For example, if you don't use 'admin' to log into your website, but someone attempts to log in with 'admin', it's likely a bot attempting a brute-force attack, and you can directly block it. Of course, if you are using other
WordPress Brute Force Login Protection Plugins, you can deactivate and delete them, as one plugin with the same functionality is sufficient.
404 Detection: By default, if 20 visits to 404 pages occur within 5 minutes, the IP will be blacklisted for 5 minutes. In practice, you can set this threshold higher, such as 10 visits within 3 minutes, which can effectively block most spam bots.
IP Blocking: This is the IP whitelist and blacklist. If you want to permanently block an IP address, simply add it here. It's worth noting that this feature includes the ability to block IPs by region, so you can replace the
iQ Block Countryplugin. 6. Advanced Tools The advanced features include two functions: two-factor authentication and admin area masking (Mask Login Area). The two-factor authentication uses Google's service, which is not accessible in China, so consider carefully before enabling it. The admin area masking feature can replace
WPS Hide Login. As for the remaining advanced features, the blacklist monitor is not very useful, and the audit log can be replaced with
WP Security Audit Log.
2. After the scan is complete, there will be a scan result. Any issues will be highlighted for you.
3. The 'Security Tweaks' section will give you some security recommendations, similar to security assistants on computers. You can click to view each recommendation and decide whether to accept it based on your actual situation.
This requires your own judgment. For example, many files in the image above are verification files for search engines and pose no security threat, so they can be ignored directly. 5. IP Locking IP locking is a simple firewall function, but this feature is very practical.
Log:In the IP Lock section, you can see a log. If your website has 404 pages accessed by others, they will be displayed here. This feature can help you troubleshoot 404 pages on your website, and you can also directly blacklist the IPs of bots scanning for non-existent files.Login Protection: This is a powerful tool against brute-force attacks on your website's administrator account. By default, if there are 5 failed login attempts within 5 minutes, access is blocked for 5 minutes. You can choose a longer duration or permanently ban the IP from accessing. Additionally, you can specify usernames to block from logging in. For example, if you don't use 'admin' to log into your website, but someone attempts to log in with 'admin', it's likely a bot attempting a brute-force attack, and you can directly block it. Of course, if you are using otherWordPress Brute Force Login Protection Plugins, you can deactivate and delete them, as one plugin with the same functionality is sufficient.
404 Detection: By default, if 20 visits to 404 pages occur within 5 minutes, the IP will be blacklisted for 5 minutes. In practice, you can set this threshold higher, such as 10 visits within 3 minutes, which can effectively block most spam bots.IP Blocking: This is the IP whitelist and blacklist. If you want to permanently block an IP address, simply add it here. It's worth noting that this feature includes the ability to block IPs by region, so you can replace theiQ Block Countryplugin. 6. Advanced Tools The advanced features include two functions: two-factor authentication and admin area masking (Mask Login Area). The two-factor authentication uses Google's service, which is not accessible in China, so consider carefully before enabling it. The admin area masking feature can replaceWPS Hide Login. As for the remaining advanced features, the blacklist monitor is not very useful, and the audit log can be replaced withWP Security Audit Log.
Comments are closed
The comment function for this article is closed. If you have any questions, please feel free to contact us through other channels.