How to Fortify for FREE Your WordPress Site with WordFence 🛡️

Today, I'm going to show you my favorite
security plugin for WordPress. It's called WordFence, and they have a fantastic free version,
which is what I use for all my sites. Now, if you don't use the security plugin
for your WordPress site, do it, please. Even if it's not this one,
use another one. So let's go check out WordFence right now. What's up, SaaS Masters? Like I said, we're going to check out
this free security plugin for WordPress. Now, like I said,
if you are not using something like this, then use another one,
but do use a security plugin. WordPress is one of the most hacked sites in the world because obviously
it's the most famous DMS. The probabilities of someone
hacking your site are really high. Do install a security plugin. Now, before we jump into WordPress, I want to show you my sponsor
for this video, which is Hostinger. I want to show you their great plans that they have, which is
what I use on my sites. For example, if you jump over to the link in the description, jump into hosting,
I'm going to show you the web hosting because you're going to get an extra
discount with the coupon code that I have.

Jump over to the pricing plans,
check the plans that they have, see what is the right fit for your needs,
and select the one you want. In this case, I'll select
the business plan. I'll add it to cart. Right here, we are going to get rid of with the amount of months
that we want to lock in. Obviously, if you select the most months,
you're going to get the lowest price and you're going to be good
for this amount of months. Plus, the renewal price is also cheaper. Now, check these prices. It's $191.52.
But if you add My Coupon code, which is SaaSer, we're going to apply it
and we're going to get an additional discount, which is $172.37 now,
so take advantage of it. Let's jump over to our WordFence plugin. Now, I've already installed the plugin. Like I said, this is the free version,
and this is what I use for all my sites. Even if I am using my CloudFlare security,
I still use WordFence or a plugin that's for security because it's like
the second layer of security.

Now, several tools comes into this
WordFence system, which one is the firewall
and the other one is the scanner. Plus, it also reduces the brute force attacks and all of that,
which I'll show you on this video. Now, first of all, you're going to be graded with the
dashboard knowing what's going on. For example, in the last 24 hours,
these are the total attacks logged. So like I said, even me who has a Cloudflare security
going on, I still get a bunch of attacks. So the more popular your site is,
the more attacks it's going to have.

And the summary for this firewall is today, two complex ones, week,
365, month, 1,180 complex blocks. So here's the total for these,
no brute force in my case. But like I said, I also have an additional
security system on CloudFlare. Now, we're going to jump
over with the firewall. So in the firewall,
do go ahead and activate it once you get started and you're going to get
access to the managed WAF. Now, be aware that there are some
limitations in the free version.

But like I said, this is better
than nothing, so don't skip it. You're going to have,
for example, rate limiting. You won't have some options to tweak it,
but you'll get the options to have it. Blocking, help, firewall options. Let's go ahead and check this out.
Here we go. Here's the firewall options. We have web application firewall status. In this case, I have it enabled. By default, it's disabled,
so do enable it. You got your advanced firewall options so you can delay IP and country blocking
until after WordPress plugins have loaded.

That means that if you want to block countries or IPs, you can
do so by adding them here. Allow list services. These are services that are going
to be checking up your site. For example, if Facebook wants to check
out your site, you're going to allow it. So take this on, or immediately
block IPs that access these URLs. So again, these are
rules that you can add. So just like I do on CloudFlare,
you can also do it here. So that means if you want to block some
particularlyother sites, links of your site that people shouldn't
be accessing, go ahead and add them here.

Ignore IP addresses from work, fence,
web application, firewall alerting. So again, you can add your IPs here. The rules that you want to enable,
you got all these rules available here. Like I said, it's super easy to use. Just enable these because basically,
if you are not into really customizing development on your own,
you want to have all this on. Root force protection, this is a must. You don't want to have
someone attacking your side.

For example, they try to hack your
site 1,000 times in one second. Well, that's not going to happen because
you have your brute force protection enabled and you have all these
options that you can go through. Rate limiting.
Again, this also helps prevent from people trying to hack your site
one time and another. For example, before it was really common
that you can hack a password by trying multiple passwords in, I don't know,
100, 1,000 times in a minute.

And obviously, you would get to a point
where you actually hack the side. In this case,
you don't allow it with the proof force attack and the rate limiting and allow
list URLs, URLs that you want to allow. That's for the firewall. There's also a scan option for this. This has worked wonders for me. I've had had, for example, viruses and malware on my site,
and this has gotten the job done. So again, I'm in the free version. There are some things that you need to update if you want
to get the full version.

For example, spam advertising checks, spam checks, block list checks,
you don't need to have the paid version. But if you want to check your service state file,
changes, malware scan, content safety, public files, password strength,
etc, you will have access to that. And you'll have options to clean
these files once the scan is done. Something fell there, but we're not
going to go into that right now. There's also some tools included here. Nothing fancy when it comes to who is lookup, import, export
and diagnostic unless you need that. Or for example, here's the live
traffic, which is interesting. For example, this is me,
which is everything is fine. I got that little green checkmark
there because I'm good to go. But check these guys out. These guys from, I don't know where, say, I don't know where that is,
they're trying to reach these pages. Check this out. They have no business
going into these pages. And we're friends, obviously,
block this person. But again, I can go into this and I can go block IP because right now it's blocked
by firewall, by no malicious user agents.

But if you really want to block it,
you can block the IP from here. Run who is on this person, see recent traffic,
add param to firewall allow list. That's if you want to allow them. But no, you don't want
to allow these hackers in. But you can see here, these are
the links that they are trying to reach. They should not be going to these pages. So they're automatically blocked,
thanks to Workfence. Login security, if you want to have this,
for example, two-auth identification, I'll throw that out because you shouldn't
be seeing that, and all the options. So there's some options here. You might want to turn
off or on some of these. For example, email alerts. You might not want to get
alerted every single time. In my case, I want to get emailed
if WorkFence is deactivated.

And for what else they have it,
I have them all off. But you could turn these on if you
want to be notified for these things. There's also firewall options,
which we checked already. You can view them here in the settings
and other settings like life traffic options, import, export
and the login security. So you're going to get all
of that in the free version. I'm going to say this again,
please don't have a WordPress site that doesn't have a security plugin
and do have this one updated. Now, in my case, I have all
the plugins to be updated manually.

I go to manually update these,
except for this security plugin. My security plugin is
automatically updated. That's the only one
that have automatic update. So do consider that when doing this
in case you want to do it also. But there you go.
That is Workbench. That's the security plugin I use
for all my sites on the free version. So like I said, it's more than enough. Plus, I also use my CloudFlare
security options. But there you go. That's a wrap for my favorite
security plugin on WordPress. See you later..

As found on YouTube

Get Your Resources Here:

You May Also Like