Wordfence is a popular security plugin for WordPress. If you want to enhance your website's security level, you can install the Wordfence firewall plugin.
Introduction to WordPress Security Plugin Wordfence
Wordfence is a well-known security plugin on WordPress, featuring a firewall and a malware scanner. If you want to understand in detail how Wordfence works, please
click this articleto view. In simple terms, Wordfence can prevent you from installing malicious plugins or files containing malicious code, and can scan all files on your website to detect malicious code. It can also block brute-force password attacks, check for file changes, vulnerability checks, etc. Wordfence has two features that Naiba finds particularly useful.
1. File ScanningWordfence's scanner can scan all files on the server. If you have the premium version, it will also connect to the cloud database for comparative file scanning, yielding better results. For example, in the image below, it scanned and found a blank PHP file for Naiba.
Filename: wp-admin / .php
File Type: Core
Details: This file is located in the WordPress core location but is not distributed with this version of WordPress. This is usually due to it being left over from a previous WordPress update, but it could also be added by other plugins or malicious files inserted by attackers. If your website has been compromised, traces will definitely be left in file modifications. Early detection and handling can prevent greater losses.
2. Firewall FunctionIf your website encounters attacks or is being scraped by spam crawlers, it's impossible to manually monitor website logs to block IPs. However, using Wordfence's firewall function can automatically block IPs that meet certain conditions. For example, Naibabiji is often harassed by spam crawlers probing for website backdoor files. After installing Wordfence, the firewall automatically blocked many of them for me.
There are many more features you can experience after installing it.
Wordfence Plugin Download URL
Wordfence is divided into a free version and a premium version. The difference is that the premium version includes an API permission, allowing connection to their servers to obtain updated rules, including real-time IP blacklists, firewall rules, and malware signatures. It also includes premium support, country blocking, more frequent scans, and spam and junk mail checks.
Download LinkHow to Get Wordfence Professional Version
Actually, for personal blogs, the free version features are sufficient. However, I recently saw a method to obtain a Wordfence professional version key on Weixin Hanci, so I'll share it here. First, install the Wordfence plugin.
WordPress Plugin Installation TutorialThen, after running the plugin, you will see a prompt like the one in the image below. Enter your email.
Select NO at the button (to not receive their promotional emails), check the agreement, and then click CONTINUE to proceed. On the next screen to enter the key, simply click No Thanks.
Then, via FTP (
Baota Panelif using Baota Panel, directly use the file editing function), open the file wp-content/plugins/wordfence/lib/wordfenceClass.php. Search for the following line of code
if (!WFWAF_SUBDIRECTORY_INSTALL && $waf = wfWAF::getInstance()) {Then, below this line of code, under the line $siteurl = wfUtils::wpSiteURL();, add the following 4 lines of code
wfConfig::set('isPaid', 1);
wfConfig::set('keyType', wfAPI::KEY_TYPE_PAID_CURRENT);
!!wfConfig::set('isPaid', 1);
!!wfConfig::set('keyType', wfAPI::KEY_TYPE_PAID_CURRENT);The final result is as shown in the figure below:
Then save the file to overwrite it.
Over ten thousand days, it's unknown if the next update method will become invalid. The version tested by Naibabiji here is Wordfence 7.4.1.
Wordfence Usage Reminder
If your financial situation allows, please support the official plugin. Installing Wordfence will increase the server load to some extent. If you feel your website has become slower, you can consider enabling Wordfence only when you need to scan for file security and keeping the plugin disabled at other times. Any WordPress security plugin is only an auxiliary tool. The key is to properly secure your server yourself. If you have the money, use official themes and plugins; if you don't, avoid using pirated themes and plugins. Do not upload files or code from unknown sources, set a complex password, and generally, it won't be that easy to be hacked. Then, Wordfence also has an optimization option that writes to the php.ini file (under Nginx). Decide for yourself whether to write it. Naiba does not plan to use this plugin long-term, so it wasn't written. Writing it should make the protection a bit stronger. (If you cannot write it, refer to this article:
Modify .user.ini file permissions to add Wordfence high firewall level)
Related Articles
There are many more features you can experience after installing it.
Comments are closed
The comment function for this article is closed. If you have any questions, please feel free to contact us through other channels.