At the time of writing, you can see from the stats below that Wordfence is one of the most downloaded security tools from WordPress.org
Some of the key things to look out for when installing a “must have” plugin is to check when last it was worked on, the number of active installs, the number of issues as well as the resolved issues and the ratings.
So Wordfence is one of those plugins that ticks all the right boxes. It is very active in terms of installations and the dev team work on it around the clock releasing new versions and updates all the time which is something absolutely necessary for a security plugin. Nobody would install a security plugin that hasn’t been updated in a year.
In terms of features, the following features are available in the free version:
- Web Application Firewall identifies and blocks malicious traffic. Built and maintained by a large team focused 100% on WordPress security.
- Protects your site at the endpoint, enabling deep integration with WordPress. Unlike cloud alternatives do not break the encryption, cannot be bypassed and cannot leak data.
- Integrated malware scanner blocks requests that include malicious code or content.
- Protection from brute force attacks by limiting login attempts, enforcing strong passwords and other login security measures.
WORDPRESS SECURITY SCANNER
- Malware scanner checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections.
- Compares your core files, themes and plugins with what is in the WordPress.org repository, checking their integrity and reporting any changes to you.
- Repair files that have changed by overwriting them with a pristine, original version. Delete any files that don’t belong easily within the Wordfence interface.
- Checks your site for known security vulnerabilities and alerts you to any issues. Also alerts you to potential security issues when a plugin has been closed or abandoned.
- Checks your content safety by scanning file contents, posts and comments for dangerous URLs and suspicious content.
- With Live Traffic, monitor visits and hack attempts not shown in other analytics packages in real time; including origin, their IP address, the time of day and time spent on your site.
I would highly recommend this plugin for ease of installation and out of the box features. I do not think the premium version is a must have and if you combine this plugin with a few of the other security measures, you are well on your way to sleeping easy at night with your website in the right security zone.
Download it today and install it on a dev site to test the features