Over the weekend I saw this post about some recent attacks on WordPress sites and verifying WordPress security is enabled. I thought for a moment about adding a password limit plugin when I remembered that I had installed WordFence which actually includes an incorrect password limiting feature. There are a ton of other options to go through with WordFence but here are some of the basic features included in the free version.
WordFence WordPress Security Features
WordPress Security Scans
WordFence runs several security scans on your WordPress site. Scans include:
- Password strength
- Out-of-date plugins, themes and WordPress versions
- Posts for known dangerous URLs and suspicious content
- Files outside your WordPress installation
- File contents for backdoors, trojans and suspicious code
Login Security Options
WordFence has several login security options in place. Some of them are:
- Lock out after n password failures
- Lock out after n forgot password attempts
- Amount of time a user is locked out
- Immediately lock out invalid usernames
WordFence will email letting me know when there are updates to plugins or themes. It will also email me if there are any issues discovered with a scheduled scan of my entire site.
I’ve been using WordFence for a few months now and overall I’m happy with its features. It’s helped me pinpoint where some security flaws might be and somewhat easily ensure I have a decent level of security with my site.