For several weeks I’ve been trialling WordFence on my blog, not that you’d have noticed it.
WordFence is a plugin that can be added to any existing WordPress installation, adding Intrusion Detection and Prevention capabilities usually encountered on application layer gateways.
It’s the market leading security plugin for WordPress sites so they claim, but why might you want to use such a plugin? As any inspection of CMS logs will show, WordPress sites are exposed to vulnerability scanning activities incessantly.
What does it do? First off, it installs a CMS firewall and integrates it into the WordPress installation. This is a Web Application Firewall (WAF) with real-time threat intelligence feeds (including automatic blocking) and brute force attack detection and prevention.
But there’s more! You can also configure custom rules that auto-block IPs that attempt to access URL’s of a predefined pattern. Protections include whitelisting, SQLI, XSS, malicious file uploads, LFI, XXE, privilege escalation attempts, and many others. You could, for example, use a URL for another CMS GET request seen by threat actors as a basis for blocking on your own site.
Fake crawlers can also be detected and blocked, and repeat requestors can also be blocked, so it has some useful behavioural security features.
Installation is a breeze: search for the plugin and install using the WordPress dashboard.
After you install WordFence, you’ll have a few setup questions to answer. These include an email address that will receive alerts from the plugin, and some other questions. It’s worth trying out the tour option at installation, which will cover all the key functions.
On the dashboard for the plugin, you’ll find the current state of the plugin and other useful information such as notifications. It includes a high-level summary of things that need to be resolved, including the actions that need to be taken. You can also configure the firewall, scan for security issues, enable 2FA, and more.
A handy real-time view of traffic is also included, categorised as security issue or human, which can easily refer to WHOIS and IP address block lookups.
Globally WordFence claims over 3 million attacks are blocked each day using their software. Taking out their subscription provides real-time blocking of IP addresses from threat intelligence sources, adding a lot of value.
Overall, WordFence is a good product and it should be seriously considered by all WordPress sites. The behavioural security features make it a valuable addition to any site, and it works well with real-time threat intelligence feeds to automatically block attackers.