WordPress is a free and open source blogging tool and content management solution (CMS) based on PHP and MySQL. WordPress was used by more than 23.3% of the top 10 million websites as of January 2015.
Wordfence Security Plugin
Anything that’s popular is more open to attack and WordPress is no exception. One of the quickest and easiest way's we've found to secure a WordPress site is through the use of the WordFence plugin from Feedit, Inc. With over 6,000,000 downloads, Wordfence is arguably the most popular security plugin for WordPress.
Wordfence is available as a free version and also offers a premium version that is currently priced at $39. The premium version provides two factor authentication via SMS, country blocking and the ability to schedule scans.
Like all WordPress plugins, Wordfence can be easily installed by visiting wordpress.org, searching plugins, and searching for Wordfence. You can also download Wordfence by visiting www.wordfence.com.
How it Works
Wordfence starts by checking if your site is already infected. It performs a deep server-side scan of your source code comparing it to the Official WordPress repository for core, themes and plugins. After the initial scan, Wordfence will continue performing periodic scans on your site and alert you if any plugins have been modified or need to be updated.
Wordfence uses real-time threat analysis and blocking. If one WordPress site running Wordfence is attacked, the attacker is blocked and all other sites also running Wordfence block that attacker. You can see a real-time display of WordPress attacks per minute accross all sites running Wordfence by visiting www.wordfence.com.
The home screen of Wordfence Security where you can see a summary, manage security issues and do a manual security scan. The results of these scans will also be emailed to you.
Live Site Activity
The Live Traffic view of Wordfence Security where you can see real-time activity on your site.
Blocked IP Addresses
The "Blocked IPs" page where you can manage blocked IP's, locked out IP's and see recently throttled IPs that violated security rules.
The basic view of Wordfence Security options. There is very little to configure other than your alert email address and security level.
Advanced Security Options
If you're technically minded, this is the under-the-hood view of Wordfence Security options where you can fine-tune your security settings.
We highly recommend the Wordfence security plugin. The free version will provide protection you really should not go without. The premium version, in our opinion is worth the cost simply to add two form signin authentication and country blocking. In short, WordPress sites are very vulnerable to attack and the Wordfence security plugin does a great job protecting sites from common attacks and keeping you informed of vulnerabilities.