After building your own websiteBackend security is also a very important part. This plugin called Defender WordPress Security, Malware Detection, and Firewall can perform security checks, malware scans, and firewall functions for your website. It can also provide security recommendations. We recommend everyone to use it.
Introduction and Download of Defender Security
Defender WordPress Security, Malware Detection, and Firewall was previously shared by Naibabiji
A very useful WordPress speed optimization plugin: HummingbirdAnother free plugin from the same company. Using Defender WordPress Security, you only need to click the mouse a few times to get the best WordPress security settings. Defender WordPress Security supports:
- Malware scanning;
- Firewall;
- Two-factor authentication;
- Prevention of brute force login;
- Prevention of SQL injection;
- Prevention of cross-site scripting (XSS) attacks;
- Other WordPress vulnerabilities.
The plugin supports Chinese. Naiba tested it on the
Website Building Noteswebsite, and the functions are acceptable. It is currently in use.
Download LinkDefender Security Usage Tutorial
1. When using the plugin for the first time, there will be a quick setup. Just click the 'Start Using' button.
2. After the scan is completed, there will be a scan result. Any issues will be highlighted for you.
3. In the 'Security Tweaks' section, you will receive some security recommendations, similar to security assistants on computers. You can click to view each recommendation and decide whether to accept it based on your actual situation.
- Disable Trackback and Pingback (Recommended to adopt the suggestion)
- Database Prefix (Risk of database injection. The suggestion is to modify the database prefix, but it is not recommended for already installed websites as modifying the database prefix carries risks.)
- File Editor (Disable file editing. Recommended to adopt the suggestion)
- Security Keys (Recommended to adopt the suggestion)
- Information Disclosure (Prevent information leakage. Requires server administrator handling. The suggestion can be accepted.)
- Admin Login Duration (Default is 14 days, can be adjusted to a shorter period.)
4. File Scanning will scan and display files and folders not included in the default WordPress directory, as shown in the image below:
You need to make your own judgment. For example, many files in the image above are verification files for search engines and pose no security threat, so they can be ignored directly. 5. IP Locking IP locking is a simple firewall function, but it is very practical.
Logs:In the IP Locking section, you can see a log. If there are 404 pages accessed by others on your website, they will be displayed here. This function can help you troubleshoot 404 pages on your website, and you can also directly blacklist the IPs of bots scanning for non-existent files.
Login ProtectionThis is a powerful tool against brute-force attacks on your website's admin account. By default, if there are 5 failed login attempts within 5 minutes, access is blocked for 5 minutes. You can choose a longer duration or permanently ban the IP address. You can also specify usernames to block from logging in. For example, if you don't use 'admin' to log in to your site, but someone attempts to log in with 'admin', it's likely a bot attack, and you can directly block it. Of course, if you are using other
WordPress brute-force login protection plugins, you can deactivate and delete them, as one plugin with the same functionality is sufficient.
404 DetectionBy default, if 20 visits to 404 pages occur within 5 minutes, the IP will be blacklisted for 5 minutes. In practice, you can set this threshold higher, such as 10 times within 3 minutes, which can effectively block most spam bots.
IP Blocking: This is the IP whitelist and blacklist. If you want to permanently block an IP address, simply add it here. It's worth noting that this feature includes the ability to block IPs by region, so you can replace the
iQ Block Countryplugin. 6. Advanced Tools The advanced features include two main functions: two-factor authentication and admin area masking (Mask Login Area). The two-factor authentication uses Google's service, which is not accessible in China, so consider carefully before enabling it. The admin area masking feature can replace
WPS Hide Login. The remaining advanced features, such as blacklist monitoring, are less useful, and audit logs can be replaced with
WP Security Audit Log.
2. After the scan is completed, there will be a scan result. Any issues will be highlighted for you.
3. In the 'Security Tweaks' section, you will receive some security recommendations, similar to security assistants on computers. You can click to view each recommendation and decide whether to accept it based on your actual situation.
You need to make your own judgment. For example, many files in the image above are verification files for search engines and pose no security threat, so they can be ignored directly. 5. IP Locking IP locking is a simple firewall function, but it is very practical.
Logs:In the IP Locking section, you can see a log. If there are 404 pages accessed by others on your website, they will be displayed here. This function can help you troubleshoot 404 pages on your website, and you can also directly blacklist the IPs of bots scanning for non-existent files.Login ProtectionThis is a powerful tool against brute-force attacks on your website's admin account. By default, if there are 5 failed login attempts within 5 minutes, access is blocked for 5 minutes. You can choose a longer duration or permanently ban the IP address. You can also specify usernames to block from logging in. For example, if you don't use 'admin' to log in to your site, but someone attempts to log in with 'admin', it's likely a bot attack, and you can directly block it. Of course, if you are using otherWordPress brute-force login protection plugins, you can deactivate and delete them, as one plugin with the same functionality is sufficient.
404 DetectionBy default, if 20 visits to 404 pages occur within 5 minutes, the IP will be blacklisted for 5 minutes. In practice, you can set this threshold higher, such as 10 times within 3 minutes, which can effectively block most spam bots.IP Blocking: This is the IP whitelist and blacklist. If you want to permanently block an IP address, simply add it here. It's worth noting that this feature includes the ability to block IPs by region, so you can replace theiQ Block Countryplugin. 6. Advanced Tools The advanced features include two main functions: two-factor authentication and admin area masking (Mask Login Area). The two-factor authentication uses Google's service, which is not accessible in China, so consider carefully before enabling it. The admin area masking feature can replaceWPS Hide Login. The remaining advanced features, such as blacklist monitoring, are less useful, and audit logs can be replaced withWP Security Audit Log.
Comments are closed
The comment function for this article is closed. If you have any questions, please feel free to contact us through other channels.