Over the weekend, I added WordFence security to the site. WordFence is a free (with premium option) service that provides backend security and monitors a WordPress site and prevents all sorts of bad things from happening. It has a slew of options and services that can be configured in any way a user would like, providing some peace of mind.

As you can see, the services and options it provides are many:

WordFence options

It has, for example, a firewall that prevents unwanted actors from gaining access to your site, however as with any good firewall you can whitelist sites or block sites as you see fit. It also claims it learns as time goes on, however I’m not able to test that at this time.

WordFence firewall

I’ve had this site for several years now, so as you can imagine with all the posts and photos and links there are a lot of potential hazards, and the service did a complete scan to be sure everything was on the up and up. It found a potentially malicious link in one of my posts from two years ago, and although the link was simply giving credit for a header image and not actually malware, I deleted it anyway. It scans everything for malware, the aforementioned malicious links, and any other problems and ranks what it finds in terms of its severity. I’m glad to say this site, to paraphrase Tangina Barrows, is clean.

Clean!

There are many, many, many options. This kind of thing can often result in a performance deficit, although I haven’t noticed any slowdown at all. On a curious side note, I was asked to download my .htaccess file before WordFence scanned my site and implemented itself which I thought was strange. If you’re not familiar, .htaccess is an Apache-specific file placed in a directory of a website that specifies some site functionality, such as redirects or even password access without having to modify the server settings; WordPress itself states that it “uses this file to manipulate how Apache serves files from its root directory, and subdirectories thereof,” and .htaccess functionality cascades to all subdirectories (it can be overridden with another .htaccess file in a subdirectory, but that’s for another post). Why they wanted me to download that they never specified, but I did and ended up not needing to worry.

Another interesting thing about the .htaccess file is that it has been around FOREVER!

So with that sidetrack out of the way, the site is now more secure than ever, WordFence is running in real time, and I’ve already received some emails telling me about the login attempts they’ve blocked (from both Germany and France – I’m worldwide!) and how smoothly my site is running. I’m very happy with it so far. If you have a site and are interested, it’s very easy to install and can be done from the ‘install plugins’ section of the WordPress backend.

Nice try, but I have WordFence!