I am reviewing the premium features of Wordfence in this WordPress Security blog post. I was provided a free upgrade to Premium in order to review this service. I would willingly pay for the premium service from Wordfence, because as you will read, their services provide me with peace of mind, which is well worth the annual investment of $40. All thoughts and opinions in this post are my own.
Every day your blog is being poked, prodded, scanned, tested, and analyzed by software and hackers. Why? Access of course! And while some of them have destructive intent, the most common reason for these intrusions is…. money! WordPress is one of the most widely used platforms for creating websites. With 10 million of the worlds top websites using WordPress and 23+% of the current market using WordPress (Thank you Wikipedia), it’s easy to see why hackers would want to learn to exploit this platform, and exploit it they do!
Not every hacker has the intention of destroying your blog, deleting all your content, and leaving you with nothing. In fact, it’s quite the opposite. These hackers are trying to make money, and they need your blog around to do that. There are many reasons your site may be hacked including, turning your web server/blog into a drone.
Computer power and internet access costs money, and once they have control they can use your system to send out spam, mine data, mine bitcoins (internet currency), attack other blogs for intrusion, or even send out viruses. One of the more popular attacks has been the inter-linking of various hacked blogs, all connecting to one main site, with the intent to climb the ranking charts of good ol Google. The site that the infected blog is connect to will rank high in Google searches, and will be a bogus website on a popular product. Now their bogus site will get lots of clicks, and they are then free to serve up a virus, worm, malware, advertisement, or all of the above to unknowing victims searching for that product!
So you might think, well this doesn’t sound so terrible for my blog. Well guess what, your website will also start showing up when people search for this content and your SEO keywords will all be pointing to that product. Even if you remove these SEO hacks on your site, it can take a long time for Google to recognize you as you’re supposed to be. Sounds pretty terrible now right?
My post How to Secure Your Blog discussed a great plugin for WordPress to help protect your blog, Wordfence. Wordfence gives you interactive real-time monitoring, alerts, file scanning, cell phone access, blocking by single IP or country, comment spam filtering, and site performance caching engines to get you through Denial of Service attacks. That’s not all, I just got tired of listing everything!
Real Time Monitoring
Exploits that present themselves in WordPress and plugins are usually out of our hands. But there are so many pieces of blog security that ARE in our hands. Monitoring of your blog traffic is one of them. And by traffic I mean knowing who’s accessing your blog, scanning your blog, logging into your blog, and attempting to login to your blog. If someone is trying to log into your blog at 4am, wouldn’t you want to know that? You get this type of monitoring with Wordfence. You can’t sit by idly thinking your blog isn’t a target – because it is, no matter what size your blog is! Below is a glimpse at the real-time monitoring tool within Wordfence. You can see where the person is and what page the person is trying to access. You can also see the top consumers of your blog, login/logout logs, and all the crawlers that are scanning your page for data.
The last time I looked at the Wordfence website it reported that attacks against all WordPress sites running Wordfence were 16,922 attacks per minute. I repeat, per minute. That’s some serious stuff, and that doesn’t account for the sites not running Wordfence.
With Wordfence you can manually scan your blog for vulnerabilities, malware, and viruses daily, or you can schedule scans. With Wordfence Premium you can even have Wordfence scan from an outside-IN angle, which is great for auditing and detecting vulnerabilities you wouldn’t otherwise see. Based off these scans Wordfence gets smarter daily, learns trends to better protect your blog, and is able to see attacks before they get to you. Wordfence scans all incoming and outgoing traffic from your blog, so no download or comment goes un-turned for malicious activity!
Alerts & Login Security
I like alerts. I want to know who’s attempting to access my site with an invalid login, trying to use the forgot password feature to gain access, or even logging in successfully. You can see how someone from china (above) was trying to login with the user account of ‘admin’. This allows me to block offenders, monitor who comes and goes, and see if anyone even comes close to guessing the real usernames for my blog.
Never use the default user of admin or a basic username such as ‘Dave’. Learn more about this on my How to Secure Your Blog post. Below are some of the advantages of going Wordfence premium, which I highly recommend. A great feature of premium is spam detection. If your blog becomes infected and you send out spam you can be put on a black list – and it can take a while to come off that list!
Getting alerts are great since I know that there is added login security with Wordfence Premium. While I love all the other features Wordfence provides, the login security features are still my favorite. Hackers are always trying to obtain access to our blog using the default admin login. If they do, their IP is automatically blocked.
Performance (Falcon Engine)
Recently, Wordfence introduced a new feature; Falcon Engine. Falcon Engine is a site caching optimization tool to the next level. Unlike most caching plugins, it’s goal isn’t just to speed up your blog, it’s goal is to keep your blog running through a Distributed Denial of Service attack, should that ever happen. A DDoS is essentially when lots of data is sent to your blog at once, so much data that the site would normally crash, since it doesn’t have the power to compute with that much data at once. It’s pretty cool stuff, read more about it and check out their demo here: Wordfence Falcon Engine
I’ve used both the Free and Premium version of Wordfence and while the free version is great, I could not get by without the features of the premium upgrade. The additional options and configuration power you get from premium like the advance comment spam protection, checking to see if my blog is infected, as well as external scanning for vulnerablities, allows me to sleep better at night!
I hope this was a helpful article for you. I am excited to announce the launch of my new consulting website, Blog-Rite. Blog-Rite will feature content like I provided today, related to blogging tips, tricks, how-to’s, and tutorials on website development, CSS, Adobe Photoshop, DFP configurations and more. If you liked this post stop over to Blog-Rite.com and sign up for the newsletter and follow me on Twitter @blogrite! Blog-Rite offers tons of services to bloggers, so if you’re strapped for time and can’t do it all (none of us can!) I’d love to help you make your blog a success! Blog Rite, Blog Happy!
What About You?
- Do you have problems with hackers on your site? What have you done?
- Ever been hacked? What was your experience like?
We are linking up!