Wordfence is a popular security plugin for WordPress. If you want to enhance your website's security level, you can install a Wordfence firewall plugin.
Introduction to WordPress Security Plugin Wordfence
Wordfence is a well-known security plugin for WordPress, featuring a firewall and a malware scanner. If you want to learn more about how Wordfence works, please
click on this articleto view. In simple terms, Wordfence can prevent you from installing malicious plugins or files containing malicious code, and it can scan all files on your website to detect malicious code. It can also block brute-force password attacks, check for file changes, perform vulnerability checks, and more. Naiba finds two features of Wordfence particularly useful.
1. File ScanningWordfence's scanner can scan all files on the server. If you have the premium version, it also connects to a cloud database for comparative file scanning, which yields better results. For example, as shown in the image below, Naiba's scan detected a blank PHP file.
Filename: wp-admin / .php File Type: Core Details: This file is located in the WordPress core directory but is not distributed with this version of WordPress. This is often due to it being left over from a previous WordPress update, but it could also be added by other plugins or malicious files introduced by attackers. If your website has been compromised, traces will inevitably be left in file modifications. Early detection and handling can prevent greater losses.
2. Firewall FunctionalityIf your website is under attack or being scraped by spam crawlers, it's impractical to manually monitor website logs to block IPs. However, using Wordfence's firewall feature can automatically block IPs that meet certain conditions. For instance, Naibabiji is frequently harassed by spam crawlers probing for website backdoor files. After installing Wordfence, the firewall automatically blocked many of them for me.
There are many more features you can explore after installation.
Wordfence Plugin Download Address
Wordfence comes in both free and premium versions. The difference is that the premium version includes an API key, allowing connection to their servers for updates on new rules, including real-time IP blacklists, firewall rules, and malware signatures. It also includes premium support, country blocking, more frequent scans, and spam and junk mail checks.
Download LinkHow to Obtain Wordfence Professional Edition
For personal blogs, the free version is generally sufficient. However, I recently came across a method for obtaining a Wordfence premium key on Weixin Hancí, so I'll share it here. First, install the Wordfence plugin.
WordPress Plugin Installation Tutorial. Then, when you run the plugin, you'll see a prompt like the one below. Enter your email address.
Select NO for the button (to opt out of their promotional emails), agree to the terms of service, and then click CONTINUE. On the next screen for entering the key, simply click No Thanks.
Then, via FTP (
Baota Panelif using Baota Panel, you can directly use the file editing function), open the file wp-content/plugins/wordfence/lib/wordfenceClass.php. Search for the following line of code.
if (!WFWAF_SUBDIRECTORY_INSTALL && $waf = wfWAF::getInstance()) {Then, below this line of code, after `$siteurl = wfUtils::wpSiteURL();`, add the following four lines of code.
wfConfig::set('isPaid', 1);
wfConfig::set('keyType', wfAPI::KEY_TYPE_PAID_CURRENT);
!!wfConfig::set('isPaid', 1);
!!wfConfig::set('keyType', wfAPI::KEY_TYPE_PAID_CURRENT);The final result is as shown in the image below:
Then save the file to overwrite it.
Over ten thousand days—I'm not sure if this method will become obsolete with the next update. Naiba tested this on Wordfence version 7.4.1.
Wordfence Usage Reminders
If your financial situation allows, please support the official plugin. Installing Wordfence will add some load to your server. If you notice your website slowing down, consider enabling Wordfence only when you need to scan for file security and keeping the plugin disabled otherwise. Any WordPress security plugin is just an auxiliary measure; the key is to properly secure your server yourself. If you can afford it, use official themes and plugins; if not, avoid using pirated ones. Do not upload files or code from unknown sources, set a complex password, and generally, it won't be so easy to get hacked. Additionally, Wordfence has an optimization option that writes to the php.ini file (under Nginx). Decide whether to enable it based on your needs. Naiba doesn't plan to use this plugin long-term, so I didn't enable it. Enabling it should provide slightly stronger protection. (If you can't write to it, refer to this article:
Modify .user.ini File Permissions to Add Wordfence High Firewall Level)
Related Articles
There are many more features you can explore after installation.
Comments are closed
The comment function for this article is closed. If you have any questions, please feel free to contact us through other channels.