I had been looking at security plugins for my website for quite some time and had installed – and uninstalled – several during the process. I finally settled on the Wordfence Security plugin, and I have to say I am stunned at what could potentially be happening to my website.
A common way that hackers get access to WordPress sites is by sending out bots that automatically attempt to log in to your website. The standard admin user name for WordPress in the past was “admin”, so the bots use that and then try computer generated passwords to attempt to log in to your site. Once there, they’ll create all sorts of mischief and mayhem, such as adding pop ups, redirecting users to another page, and even adding viruses to your site to remove it altogether.
How does Wordfence help?
Wordfence will send you email notifications whenever it comes up with something fishy, based on your settings. For example, I receive numerous….yes NUMEROUS… notifications every week, that a bot is trying to access my site. I have my settings set to lock out any user that has 3 failed log in attempts, so that IP address will be blocked for 24 hours.
Here’s what one of those emails looks like:
I shutter to think what would happen to my website if one of these hackers had actually gotten in. This is the main reason that you absolutely, without question, do NOT want to EVER use the word “admin” as your user name for your WordPress site, or any other site for that matter.
Wordfence will also scan your site’s content for bad URLs. An example of this would be if a URL that you are linking to in one of your posts has been determined to contain any type of malware. Here’s an email I received just last week.
Once I logged into my website, I was able to find out exactly which URL from this post was bad and remove it from my site. Since the URL in question was a legitimate URL, I visited the site just to be sure, and sure enough, when I clicked on the link to contact the owner of the site, it redirected me to a gambling website.
You can also choose to ignore certain issues, if you know they are not harmful to your site, or your visitors.
Wordfence will also notify you if your theme or plugins need updating, so that you can be sure to take care of those updates in a timely manner.
Additional benefits of Wordfence:
- Firewall to further help thwart hackers – new in 2016!
- Real-time Security Network
- Scan Core, Theme and Plugin Files
- Repair Files
- Scan content for bad URLs
- Real-time traffic shows hackers
- Real-time view of crawlers
- Scan for known malware
- Scan for hundreds of backdoors
- Includes a complete firewall
- Rate limit rogue crawlers
- Block IP’s & manage blocks
- Intelligently block networks
- Block fake Googlebots
- Block brute-force attacks
- View top content leeches
- Monitor disk space
- Enforce strong passwords
- Check existing passwords
- Scan for DNS changes
- Get detailed IP info
- Track IP’s to their source
How does Wordfence know if your site has been hacked?
If a hacker should gain access to your site, during one of the regular scans, Wordfence will scan the core files of your site for any changes to the code. If it detects something, it will notify you so that you can take the appropriate action.
Here’s what you should do if you have been hacked:
- Make sure you have the most recent version of WordPress.
- Upgrade all your themes and plugins to their most recent versions, as well.
- Change all passwords on the site.
- Backup all your files and the database (hopefully you are running a regular backup of your site).
- Go to the Wordfence options page and make sure the options to scan core, theme and plugin files are selected, even if you might not have these selected as part of your normal settings. Then run a Wordfence scan. This compares your core, theme and plugin files against the original versions in the WordPress repository and lets you know how a hacker has changed them. You can change your settings back, once you know what files have been hacked.
- Once the scan is complete, you may see a very long list of files that have been infected. Take your time and slowly work through the list.
- Examine any files that have been marked as suspicious and delete them if they are dangerous. Remember that you cannot undo these deletions.
- Look at any core, theme and plugin files that may have been altered. Use the Wordfence option provided to see what has changed between the original file and your file. If the changes look malicious, use the Wordfence option to repair the file.
- Look at any unknown files that are in core directories and delete them if necessary
- Work your way through the list, until you have gone through it and it is empty.
- Run another scan to confirm that your site is clean.
Finally, if your site is not clean and you are using the free version of Wordfence, you may need to upgrade so that you can get support to help you determine the problem, or you might be able to get support from your hosting company.
Ideally, we want to prevent hackers from getting in in the first place, so taking precautions with Wordfence is a very good idea, as well as having a reliable web site backup in place, such as Updraft Plus Premium.
I’m always curious what others are doing to protect their websites, so please comment below and let us know how you protect your site!