WPBeginner

Beginner's Guide for WordPress

  • Blog
    • Beginners Guide
    • News
    • Opinion
    • Showcase
    • Themes
    • Tutorials
    • WordPress Plugins
  • Start Here
    • How to Start a Blog
    • Create a Website
    • Start an Online Store
    • Best Website Builder
    • Email Marketing
    • WordPress Hosting
    • Business Name Ideas
  • Deals
    • Bluehost Coupon
    • SiteGround Coupon
    • WP Engine Coupon
    • HostGator Coupon
    • Domain.com Coupon
    • Constant Contact
    • View All Deals »
  • Glossary
  • Videos
  • Products
X
☰
Beginner's Guide for WordPress / Start your WordPress Blog in minutes
Choosing the Best
WordPress Hosting
How to Easily
Install WordPress
Recommended
WordPress Plugins
View all Guides

WPBeginner» Blog» Plugins» How to Install and Setup Wordfence Security in WordPress

How to Install and Setup Wordfence Security in WordPress

Last updated on May 1st, 2017 by Editorial Staff
52 Shares
Share
Tweet
Share
Pin
Free WordPress Video Tutorials on YouTube by WPBeginner
How to Install and Setup Wordfence Security in WordPress

Do you want to install and setup Wordfence security plugin on your website? Wordfence is a popular WordPress plugin that helps you tighten the security of your WordPress site and protects it from hacking attempts. In this article, we will show you how to easily install and setup Wordfence security plugin in WordPress.

How to install and setup Wordfence

What is Wordfence? How it Protects Your WordPress Site?

Wordfence is a WordPress security plugin that helps you protect your website against security threats like hacking, malware, DDOS and brute force attacks.

It comes with a website application firewall, which filters all traffic to your website and blocks suspicious requests.

It has a malware scanner that scans all your WordPress core files, themes, plugins, and upload folders for changes and suspicious code. This helps you clean a hacked WordPress site.

The basic Wordfence plugin is free, but it also comes with a premium version that gives you access to more advanced features such as country blocking, firewall rules updated in real time, scheduled scanning, etc.

Having said that, let’s see how to install and easily setup Wordfence for maximum security.

How to Install and Setup Wordfence in WordPress

First thing you need to do is install and activate the Wordfence Security plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, the plugin will add a new menu item labeled Wordfence to your WordPress admin bar. Clicking on it will take you to the plugin’s settings dashboard.

Wordfence settings dashboard

This page shows an overview of the plugin’s security settings on your website. You will also see security notifications and stats like recent IP blocking, failed login attempts, total attacks blocked, etc.

Wordfence settings are divided into different sections. The default settings will work for most websites, but you still need to review and change them if needed.

Let’s start by running a scan first.

Scanning Your WordPress Site Using Wordfence

Head over to Wordfence » Scan page and then click on ‘Start a Wordfence Scan’ button.

Start a Wordfence scan

Wordfence will now start scanning your WordPress files.

The scan will look for changes in file sizes in the official WordPress core and plugin files.

It will also look inside the files to check for suspicious code, backdoors, malicious URLs, and known patterns of infections.

Typically these scans need a lot of server resources to run. Wordfence does an excellent job of running the scans as efficiently as possible. The time it takes to complete a scan will depend on how much data you have, and the server resources available.

You will be able to see the progress of the scan in the yellow boxes on the scan page. Most of this information will be technical. However, you don’t need to worry about the technical stuff.

Once the scan is finished, Wordfence will show you the results.

It will notify you if it found any suspicious code, infections, malware, or corrupted files on your website. It will also recommend actions you can take to fix those issues.

Free Wordfence plugin automatically runs full scans on your WordPress site once every 24 hours. Premium version of the plugin allows you to set up your own scan schedules.

Setting up Wordfence Firewall

Wordfence comes with a website application firewall. This is a PHP based application level firewall.

The Wordfence firewall offers two levels of protection. The basic level which is enabled by default allows the Wordfence firewall to run as a WordPress plugin.

This means, that the firewall will load with rest of your WordPress plugins. This can protect you from several threats, but it will miss out on threats that are designed to trigger before WordPress themes and plugins are loaded.

The second level of protection is called extended protection. It allows Wordfence to run before WordPress core, plugins, and themes. This offers a much better protection against more advanced security threats.

Here is how you would set up the extended protection.

Visit Wordfence » Firewall page and click on the Optimize Firewall button.

Optimize Wordfence firewall

Wordfence will now run some tests in the background to detect your server configuration. If you know that your server configuration is different from what Wordfence has selected, then you can select a different one.

Click on the continue button.

Next, Wordfence will ask you to download your current .htaccess file as a backup. Click on the ‘Download .htaccess’ button and after downloading the backup file click on the continue button.

Wordfence will now update your .htaccess file which will allow it to run before WordPress. You will be redirected to the firewall page where you will now see your protection level as ‘Extended protection’.

Extended protection enabled

You will also notice a ‘Learning Mode’ button. When you first install Wordfence, it attempts to learn how you and your users interact with the website to make sure that it doesn’t block legitimate visitors. After a week it will automatically switch to ‘Enabled and Protecting’ mode.

Monitoring and Blocking Suspicious Activity Using Wordfence

Wordfence shows a very useful log of all requests made to your website. You can view it by visiting Wordfence » Live Traffic page.

Here you can see the list of IPs requesting different pages on your website.

Live traffic tool in Wordfence

You can block individual IPs and even full networks on this page.

You can also block suspicious IPs manually by visiting the Wordfence » Blocking page.

Manually block IPs in Wordfence

Advanced Settings and Tools in Wordfence

Wordfence is a powerful plugin with lots of useful options. You can visit Wordfence » Options page to review them.

Wordfence options

Here you can selectively turn features on and off. You can also enable or disable email notifications, scans, and other advanced settings.

On Wordfence » Tools page, you can run password audit to ensure that all users on your website are using strong passwords. You can run whois-lookup for suspicious IP addresses and view diagnostics information to help debug issues with the plugin or your WordPress site.

Premium version users can also setup two-factor login to strengthen login security on their websites.

Wordfence vs Sucuri – Which One is Better?

Now some of you will probably be thinking how Wordfence stacks against Sucuri?

Sucuri is another popular website security suite that comes with a website application firewall, malware scanner and removal.

At WPBeginner, we use Sucuri. Check out our Sucuri review to see how it helped us block more than 450,000 WordPress attacks in 3 months.

Both Wordfence and Sucuri are great choices to improve your WordPress security. However, we believe that Sucuri has some features that give it a slight edge over Wordfence.

One of them is website application firewall. Wordfence WAF is an application level firewall, which means it is initiated on your server.

On the other hand, Sucuri website firewall is a DNS level firewall. This means all traffic to your website goes to their cloud proxy before reaching your website. This helps Sucuri block DDOS attacks more efficiently and also reduces server load on your website.

We hope this article helped you learn how to install and properly setup Wordfence on your website. For more security tips, you should also check out our ultimate WordPress security guide for beginners.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

52 Shares
Share
Tweet
Share
Pin
Popular on WPBeginner Right Now!
  • How to Properly Move Your Blog from WordPress.com to WordPress.org

  • Google Analytics in WordPress

    How to Install Google Analytics in WordPress for Beginners

  • Revealed: Why Building an Email List is so Important Today (6 Reasons)

    Revealed: Why Building an Email List is so Important Today (6 Reasons)

  • How to Fix the Error Establishing a Database Connection in WordPress

    How to Fix the Error Establishing a Database Connection in WordPress

About the Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi. Trusted by over 1.3 million readers worldwide.

The Ultimate WordPress Toolkit

9 Comments

Leave a Reply
  1. Shaxid Rahman says:
    Apr 17, 2020 at 8:03 am

    Thanks for your great explanation. It’s really easy to understand the process! I really appreciated.

    Reply
    • WPBeginner Support says:
      Apr 17, 2020 at 11:08 am

      You’re welcome, glad our guide was helpful :)

      Reply
  2. Dilshad says:
    Feb 3, 2018 at 5:00 am

    can i use maxcdn and wordfence? does wordfence application level firewall disturb maxcdn?

    Reply
  3. Achmad says:
    Sep 3, 2017 at 11:59 pm

    Can I block blog traffic from unwanted boots using wordfence?

    Reply
  4. Anondi says:
    Jul 15, 2017 at 4:18 pm

    Hello,
    I have used wordfence in my wordpress site (version 4.5.9),but it’s firewall maybe blocking google bot for crawling because after submitting sitemap it’s showing that error(Network unreachable:http error 503).what can be settings for this issue?

    Reply
  5. Anand Kumar says:
    May 2, 2017 at 5:30 am

    Thanks for guiding us

    Reply
  6. Sue says:
    May 1, 2017 at 1:39 pm

    I am confused as to why the you would even compare the paid Sucrui firewall to the free Wordfence firewall. Going one step farther why even compare them at all, when the main focus according to the title of the article is how to set up and install Wordfence in WordPress.

    It is sad as the only reason I can think of is that you make a referral few with Sucrui as your review article plainly states. I think you would need to add this here too to be in compliance with proof of affiliation.

    Reply
    • Editorial Staff says:
      May 2, 2017 at 9:20 am

      Hey Sue,

      Sucuri and WordFence are both security solutions and rather popular ones. We have gotten several emails through our contact form asking how to use Wordfence and how does it compare to Sucuri (the product that we use and recommend). Like all articles on WPBeginner, this one was also user suggested.

      We only recommend products that we use ourselves (Sucuri is one of them). A lot of WordPress companies have an affiliate / referral program. As a WordPress publisher, we use those referral links instead of naked regular links, so we can avoid having to sell ads on the website with tons of tracking scripts. The revenue earned allows us to continue providing free WordPress resources for the community.

      Having that said, we only recommend products that we use ourselves or would use if needed for a specific use-case. At WPBeginner there are thousands of pages, and there is a FTC disclosure link at the bottom of every page.

      Reply
      • Sue says:
        May 2, 2017 at 5:34 pm

        Thanks for your explanation. Make sense now why the comparison even though the Sucuri firewall is a paid feature.

        Reply

Leave a Reply Cancel reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

Over 1,320,000+ Readers

Get fresh content from WPBeginner

Featured WordPress Plugin
All in One SEO
Improve website SEO rankings with AIOSEO plugin. Learn More »
How to Start a Blog How to Start a Blog
I need help with ...
Starting a
Blog
WordPress
Performance
WordPress
Security
WordPress
SEO
WordPress
Errors
Building an
Online Store
Useful WordPress Guides
    • 7 Best WordPress Backup Plugins Compared (Pros and Cons)
    • How to Fix the Error Establishing a Database Connection in WordPress
    • Why You Need a CDN for your WordPress Blog? [Infographic]
    • 30 Legit Ways to Make Money Online Blogging with WordPress
    • Self Hosted WordPress.org vs. Free WordPress.com [Infograph]
    • Free Recording: WordPress Workshop for Beginners
    • 24 Must Have WordPress Plugins for Business Websites
    • How to Properly Move Your Blog from WordPress.com to WordPress.org
    • 5 Best Contact Form Plugins for WordPress Compared
    • Which is the Best WordPress Popup Plugin? (Comparison)
    • Best WooCommerce Hosting in 2021 (Comparison)
    • How to Fix the Internal Server Error in WordPress
    • How to Install WordPress - Complete WordPress Installation Tutorial
    • Why You Should Start Building an Email List Right Away
    • How to Properly Move WordPress to a New Domain Without Losing SEO
    • How to Choose the Best WordPress Hosting for Your Website
    • How to Choose the Best Blogging Platform (Comparison)
    • WordPress Tutorials - 200+ Step by Step WordPress Tutorials
    • 5 Best WordPress Ecommerce Plugins Compared
    • 5 Best WordPress Membership Plugins (Compared)
    • 7 Best Email Marketing Services for Small Business (2021)
    • How to Choose the Best Domain Registrar (Compared)
    • The Truth About Shared WordPress Web Hosting
    • When Do You Really Need Managed WordPress Hosting?
    • 5 Best Drag and Drop WordPress Page Builders Compared
    • How to Switch from Blogger to WordPress without Losing Google Rankings
    • How to Properly Switch From Wix to WordPress (Step by Step)
    • How to Properly Move from Weebly to WordPress (Step by Step)
    • Do You Really Need a VPS? Best WordPress VPS Hosting Compared
    • How to Properly Move from Squarespace to WordPress
    • How to Register a Domain Name (+ tip to get it for FREE)
    • HostGator Review - An Honest Look at Speed & Uptime (2021)
    • SiteGround Reviews from 4464 Users & Our Experts (2021)
    • Bluehost Review from Real Users + Performance Stats (2021)
    • How Much Does It Really Cost to Build a WordPress Website?
    • How to Create an Email Newsletter the RIGHT WAY (Step by Step)
    • Free Business Name Generator (A.I Powered)
    • How to Create a Free Business Email Address in 5 Minutes (Step by Step)
    • How to Install Google Analytics in WordPress for Beginners
    • How to Move WordPress to a New Host or Server With No Downtime
    • Why is WordPress Free? What are the Costs? What is the Catch?
    • How to Make a Website in 2021 – Step by Step Guide
Deals & Coupons (view all)
WP Business Reviews
WP Business Reviews Coupon
Get 15% OFF on WP Business Reviews plugin for WordPress.
wpDataTables
wpDataTables Coupon
Get 20% OFF on wpDataTables WordPress plugin for tables and charts.
Featured In
About WPBeginner®

WPBeginner is a free WordPress resource site for Beginners. WPBeginner was founded in July 2009 by Syed Balkhi. The main goal of this site is to provide quality tips, tricks, hacks, and other WordPress resources that allows WordPress beginners to improve their site(s).

Join our team: We are Hiring!

Site Links
  • About Us
  • Contact Us
  • FTC Disclosure
  • Privacy Policy
  • Terms of Service
  • Free Blog Setup
  • Free Business Tools
  • Growth Fund
Our Sites
  • OptinMonster
  • MonsterInsights
  • WPForms
  • SeedProd
  • Nameboy
  • RafflePress
  • Smash Balloon
  • AIOSEO

Copyright © 2009 - 2021 WPBeginner LLC. All Rights Reserved. WPBeginner® is a registered trademark.

Managed by Awesome Motive | WordPress hosting by SiteGround | WordPress Security by Sucuri.