Lessons: 13Length: 1.6 hours

Next lesson playing in 5 seconds

  • Overview
  • Transcript

3.2 Installing and Configuring the Wordfence Security Plugin

In this lesson, I'll show you how to configure the most popular WordPress security plugin to secure your site and warn you of any problems.

Related Links

3.2 Installing and Configuring the Wordfence Security Plugin

Hello, and welcome back to this TutsPlus course on essential WordPress Plugins. In this course, we're going to install and configure a security plugin. The plugin we're going to use is Wordfence. But we won't be getting it from this site, we'll be getting the free version of it from the plugin directory. So in my site, I've gone to the Add Plugins screen and I've done a search for security. And here's Wordfence which comes up first. It's the most popular WordPress Security Plugin. I click on the Install button. Wait for that to install. And then when that's done, I click Activate. And that will activate the plugin on my site. So I'm now instantly taken to a setup screen. And if I wanted to, I could also go to this Wordfence item in the admin menu and set things up from there. So first, and this is important, Wordfence will need to know where to send security alerts. Because what any security plugin will do is tell you if there's an issue on your site, so that you can go into the site and fix it. The plugin can't fix everything for you, it often can't fix things. The idea is that it tells you what's going on and warns you if there's a problem. So I'm gonna put my email address in, and then I'll click on Continue. And you can opt to sign up for the mailing list if you want to. So I'm then taken to another screen where I'm given the option to enter a license key if I've got the premium version. And I haven't for now I'm using the free version for this course, so I click No thanks. My plugin is now activated. So let's go into Wordfence and then the dashboard will be opened. So, I'm getting a tutorial when I start off, and it's showing me around the site and click on Got it, to show that I have got it. Obviously you might want to spend a little bit longer. And there are a few configuration options here. So let's start by configuring the Wordfence Web Application Firewall. So what this will do is it will download a backup of HTAccess and it will add some lines to the HTAccess file that will help with security and with the firewall. You don't need to worry about the detail of it. You just need to do what it told you to. So I'm downloading my backup HTAccess. And the reason that's important is that because if there is any problem when it rise to that file, you need to be able to restore that from your backup. So only do this if you have access to the files in your sight. So I click to Continue. I'm now getting a screen telling me change haven't taken effect yet but they might take a little bit of time because I might be caching or there might be something else slowing things down. In my case I know it's because I've got a cache that is set up by my hosting provider. So I've clicked on Purge Cache up here. So I'll dismiss that now. And I'm gonna go back to the Dashboard, because this is the most useful screen and the one that you'll be using the most. So here It's setting up the firewall, it's going to scan my site for me automatically and notify me when things are wrong. There are no notifications at the moment because I've just set it up. I can use these tools to have a look at what's going on in my site right now, I've got help documentation I can use. So if something does happen to my site, this can help me to fix it. And I've then got global options. So let's take a look at those options. So I can also access that by it via the all option down here. So let's take a look at some of the things that I can customize with these options. So my customization here, I can display additional menu items. I'm gonna do that I've got some general options, I can automatically update Wordfence when there's a new release. Which is a good idea because you want your security plugins to stay up to date. I've got some options with regards to Wordfence IPs. I'm gonna stick with the recommended option hiding the WordPress version at the bottom of the screen. And if I click on the little question mark here, it gives me some tips as to why you might do that. Now, it says here we generally recommend you do not enable this anymore. So I won't enable that I won't hide the WordPress version. Again, let's take a look at code execution for uploads directory. That will put an additional HTAccess file in your uploads directory, which prevents any PHP code in that directory from executing. So if you want you can add that as an extra layer of security. Pausing live updates when the window loses focus saves on server resources. So that's something that will make your site run more smoothly, so you should keep that on. And you've got other options that you can take a look at here. And again, they're giving you links so that you can find out more about them. I won't go through all of them in detail here, you can take some time to play with them. To be honest, I've used this plugin on many sites, and I've never actually changed any of the options from the defaults. Down here we have an Activity Report. So it can send you an email summary once a week, which mine does. I very rarely need to do anything with it, but it's useful to have that. So I made a few changes here. So I'll click on Save changes. Then let's have a look what else we've got. We've got tools here. So I can see Live Traffic. I can do a Whois Lookup on an IP address. So somebody accesses my site using an IP address I can use that saves me go into a Whois site. And I can export my options to another site if I want to. There's also these diagnostics, which I can use for troubleshooting if I want to. So for example, if I was working with the support team at Wordfence, I could send them these diagnostics and that could help them to identify anything that was happening that was wrong with my setup. So let's click on the scan option down here. I can manage the scan settings here, and I can start a new scan. So let's do that. Let's run a scan on the site. So that will take a little while to run. So I'll wait for that to finish running, and then I'll show you the results. And as you can see, it's working it's way through these items in the list. Some of these here you have to upgrade in order to get access to them, so you have to buy the premium version. I've already got some exclamation point here, so there's always gonna be something up, and here are my results. So there's an unknown file in WordPress core. So let's take a look at the details of that public.pem. So what I can then do is go and take a look at the files. See if I can identify what that is. So the first thing I would do is find out what this P-E-M suffix is. Because I've never heard of that. And I'm certainly not aware of one normally being in the core directory. Now it might be that's something that's been added by my hosting provider, so I need to check that and check what it does. And it could be that I raise a ticket with my hosting provider to find out from them if they know what it is. If not, I can simply delete it by clicking on Delete file here. I've also got a txt file here. And that's called public.txt. So I'm gonna take a moment to take a look at these files, and then identify if I need to keep them. So I've investigated those files, and I don't need them. I think they're a hangover from a previous installation of WordPress or previous set of files. So I'm going to delete each of those, and then those are gone from my results and everything is okay. So those file changes if I was to do another scan would come up okay. So that's how you can run a manual scan using Wordfence. Now, obviously, Wordfence will scan your site in the background and will email you if there are ever any problems. And that's where the power of a security plug-in comes in. So if you get an alert from your plug-in, it will tell you what's gone wrong, what the problems are, and will give you tips on fixing it. And if you can't work out how to fix it, you can take a look on the Wordfence website and there is support there, there are people you can ask. Now obviously, the level of support that you'll get will be enhanced if you get the premium version. So that's how you install and configure the Wordfence security plugin. In the next part of the course, we'll move on to looking at something that we touched at in this part, which is Site Performance. See you next time, and thanks for watching.

Back to the top