WordPress is a very well-known open source website builder, worldwide up to 40% of websites using WP to buildThis leads to a lot of unscrupulous people focus on WordPress want to do some damage or hacking and other actions, so wp security than other site building system is low. The site must be installed firewall plug-ins, good security measures!
In fact, the most powerful Wordpress security plugin is the paid version of Sucuri, which has a CDN-level firewall. However, it does not have a GPL version, the original version is very expensive. iThemes Security and All In One WP Security are also good, but the features are not as powerful and comprehensive as Wordfence.
Wordfence is the most suitable for the public, the most cost-effective, the most comprehensive, one of the best protection of security plug-ins. You can limit the number of login attempts, limit the frequency of crawler crawling, block fixed IPs, regional access, block malicious access, enable 2FA login verification function, etc. Maximum security!
What is GPL plugin
WordfenceIt is a GPL licensed product and is safe and legal. Click to learn what isGPL AgreementClick to learnWordPress official website about GPL. Simply put using the GPL license plugin/theme source code open source sharing, can be legally free to change, use, distribution.
Notdomestic cracked version, purchased directly from abroad, without modifying the source code. ByVirustotal Antivirus VerificationandWordfenceSource code audit. All source code plug-ins we use to build our own sites, used in multiple sites for many years, safe, stable and reliable.
This site installed the plug-in, the following chart is Sucuri scan results
Wordfence update method/record
This plugin can be updated online in the background, and update directly by clicking Update when there is a new version.
Wordfence Premium Download Purchase Terms
This site plug-in purchased from foreign sites, the purchase price is4.99 USD/pcIt is valid for 2 years. Diamo unified selling price of 19 yuan / piece, valid for life, and spend a lot of energy to create the use of tutorials also provide manual question and answer service, absolutely worth the money. The plug-in is only for learning and exchange research, virtual products are reproducible, once sold no refund, please move to the detailsTerms of Service.
Diamo for the purchase of users to provide after-sales service, plug-in use any questions please leave a message in the comments below, there will be answers to questions.
How to install/enable Wordfence
Install the downloaded installation package directly to enable the plugin.
Installation method 1: Upload and install
Find and click on "Plugins" > "Install Plugins" in the left menu bar of the website background, then click on "Upload Plugin" in the upper left corner, upload the downloaded zip installation package and click on "Install Now", after installation, click"Enable Plugin"Complete the installation.
Installation method 2.FTP installation
Unzip the plug-in package, put the unzippedFoldersUpload it to the plugins directory (xxx.com/wp-content/plugins).
Find and click on "Plugins" > "Installed Plugins" in the left menu bar of the website background, find the plugin in the list of plugins, and click "Enable".
Configuring the firewall
After installing the plug-in, a prompt will appear at the top of the site as shown below, and the firewall will need to be configured before it can be enabled. Click the "Click here to configure" button.
In the red box 1 below, select "Manual Configuration" and click Continue.
If it's managed hosting or something like that, it should be activated automatically after following the above diagram. If it is Nginx you will be prompted to install auto_prepend_file = '/www/wwwroot/xxx.com/wordfence-waf.php'
Take the pagoda panel for example, inside the PHP management > "configuration file", about 698 lines to find"auto_prepend_file ="This content, supplemented with the code of the interface prompt later'/www/wwwroot/xxx.com/wordfence-waf.php' (This code is just an example don't copy and paste directly!) Then refresh the pagoda panel memory, go back to the site background to refresh the page cache, advanced firewall has been enabled (showing 100%).
Enable 2FA secure login authentication
2FA is a double-factor authentication, which requires a verification code when logging in (no need to go over the wall) and functions similar to a bank U shield or an electronic password. It is recommended to turn on 2FA secure login verification to greatly improve security.
Click on "Login Security" in Wordfence on the left side of the backend, and then click on "Settings" at the top. Here you can set what role you want to enable 2FA secure login authentication, and choose whether you want to make login authentication mandatory or free (Optional). Generally, only your company's back office administrator and so on will enable secure login, customers and so on are not recommended to open.
Click on the check box below and tap "SAVE" to save. This will require verification the first time you log in to your new device, and no verification for the next 30 days.
Click on " at the topTwo-Factor Authentication"Enter the binding authenticator interface. Phone first go to Google Paly or Apple Store to download Google Authenticator software (below), if you can't open the Google Store click this linkDownload Android APK installer.
Back to Wordfence's "Two-Factor Authentication"interface (below). Open the just-installed Google Authenticator software, click on the software at the bottom right corner of the colorful circle + sign, select "Scan QR code", scan the Wordfence interface in the QR code to complete the site binding. At this time, Google Authenticator will display a line of information: Wordfence (xxx.com), click "Click to reveal PIN" will display a 6-digit verification code, enter the red box in the figure below "ACTIVE". .
You will be prompted to download the recovery key, click on it to complete the binding. The recovery key can be used as a backup solution to log in to the website without the verification code, so keep it safe.
The next time you log in, you will be prompted to enter 2FA Code, open the cell phone authenticator software, enter the 6 digits inside the software and click "Log In" to log in. Check the "Remember for 30 days" box and you won't need to enter the verification code when you log in to the same device within 30 days.
In the left WordFence > Tools > Import Export options, in the "Import Wordfence from other sites using tokens option configuration "box, enter the following string of numbers (token), press the import configuration will import our preset general settings, and then you can modify them one by one according to their needs as appropriate so as to save time. Next to each setting option with a circle question mark, click will enter the official website has a detailed explanation, here but not too much explanation, do not understand and then leave a message in the comments below.
Frequently Asked Questions
1) If the scanning process is paused and the following chart is prompted, it is generally because the server is busy and the scan times out.
1- Change the max_execution_time inside the PHP settings to 1000 or more in the pagoda panel.
2- In wp-config.php in the root of the website add define('WORDFENCE_SCAN_FAILURE_THRESHOLD', 600); Tap Save .
3- In Wordfence Plugin > "Scan" > "Scan Options and Schedules" (middle position on the right).Scan level select "high sensitivity"Find the "Performance Options" setting and change the maximum execution time to 25. Find the "Performance Options" setting and change the maximum execution time to 25. Check the "Use low resource scanning" box if the server configuration is very low, otherwise don't check it.
After operating the above 3 steps refresh the page point rescan should return to normal.
2) If you encounter the inability to save the article or some plug-in settings. It may be blocked by security plug-ins, turn on learning mode to solve the problem. Click Wordfence > "Firewall". The red box below indicates "blocking complex attacks", which proves that it is not in learning mode.
Select Learning Mode, check Auto Enable, and select an auto enable date. Tap "Save Changes" in the upper right corner.
Go back to the firewall and show "currently in learning mode"
3）After scanning, you may find many problems marked in yellow (below), indicating that the code of some files of the plug-in is different from the source file, but it is within the safety range, in most cases you can directly click "Always ignore", it is recommended to check the code differences and operate according to the situation.
This is usually caused by updating the plugin/theme and the code of the latest version is a bit different from the code of the previous version. Another reason is that the GPL or cracked version of the plugin is used, and the source file is written to the license key to activate or some code is added to block the verification step or something.
Click on "View the differences"You can view the codes with differences.
For example, the figure below shows a comparison of the file differences, the left is the source file, the right is the new file, the red background part means that the new file has less code than the source file. From the figure below, you can see that the new file has a few lines less CSS code (9-23 lines). css code does not affect security and so on, you can click "Always ignore".
The orange background below indicates that the new GPL plugin file is partially different from the source code, the new file adds "PAID CURRENT" to bypass the plugin activation verification, the file is safe and can be accessed by clicking "Always ignore".
The green background part indicates that the new file is new code than the source file, the code means that the secret key key expires after 365 days, also to bypass the plugin activation verification, the file is safe to click "Always ignore".
If the problem is marked red, there is a high probability that it is hung and the file needs to be deleted/restored. It depends on which file has the problem and what code has been added to it. If it's a file like readme, delete it directly, if it's a file like index.php, login.php, etc., download a brand new wordpress installation package and extract it, paste the corresponding file inside to overwrite the file that was hacked.
Share a case of Malicious Redirects that appeared a few days ago when a customer's website was hung, just for your reference.
A 2C customer's website was hung, the backend login page and all the frontend pages automatically jumped to the website below, and it was impossible to log into the backend. Two other websites on the same server were also involved.
The backend login is controlled by the wp-login.php file, the login is not up the first time to the root of the site to check the source code of this file, found that more than ten lines of malicious code was added. I copied wp-login.php from the health site and overwritten it, and the login page returned to normal.
The home page is controlled by the wp-index.php file, go to the root of the site to check the source code of this file and found that it is also hung, copy the wp-index.php file from the health site to overwrite it, the page opens normally and no longer skips.
Scanning the entire site using the WordFence plugin resulted in.
Prompted wp-load.php with a virus, compared with the source file of the health site found that 107 lines were added to the malicious code, delete all the added code.
Tip wp-content/plugins/wordfence/readme.md virus, check the latest plug-in installation package source file found that there is no such file, and the readme file is generally descriptive file does not have the function can be deleted, so directly delete this file.
After dealing with the threat and then scanning the whole site with WordFence, it suggests that the files cached by Wp Rocket have viruses, which should be cached when the cache is regularly updated with toxic files. Go directly to the Pagoda panel to delete the entire cache folder and let the cache plugin re-cache it.
Scan the whole site again with WordFence, prompting security and threat removal. Immediately change the backend login address, login username and password.
Review of this incident should be one of the customer's website login and password is too simple to be cracked, the customer initially find someone else to build a good backend to engage in their own website unsuccessful to find us to deal with, others casually set him a 4-digit administrator login name, did not install the firewall plug-in ....
Many scanners on the Internet automatically scan websites for vulnerabilities, enumerate login backgrounds and the like, and then hang mining programs or Trojan horses to jump to gambling/virus sites. Background login address must be modified not to use the default address, user name and password as complex as possible to set. It is recommended to install security plug-ins such as WordFence can greatly enhance the security of the site, but also to increase the 2FA security login verification.
WordPress many plug-ins are often exposed to major security vulnerabilities, even the well-known Elementor plug-in has been several times exposed to serious security vulnerabilities, the official emergency release of a new version to fix. Try to install a relatively high visibility plug-ins / themes, code is generally more standardized, the team behind the strength of reliable. Plugins, themes must be updated to the latest version in a timely manner.