
How to Install and Setup Wordfence Security in WordPress
Using security plugins along with better security measures for your WordPress CMS is only smart. WordPress’s popularity makes it ideal for hackers to try gain access to WordPress sites. That is why using Wordfence Security and Firewall plugin is a great choice to increase security of your installation.
Video Lesson for Installing and Setting Wordfence Security Plugin in WordPress
Wordfence Import Settings
386694919d5afa41ee9d165768b2389f5ac65376a16e3aed7454940e5bcca2e87370bc881867249490b1e9cd71d3d7b9cc1b7fbe8453bde253b9af3e11de266b96fb982dc9f831b6ac5d389474fb61df
How to Use Import Settings
In your WordPress Dashboard locate Wordfence plugin menu option > Tools > Import/Export Options
And then copy paste above code > Save changes
htaccess rules for WordPress
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR] RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if) [NC,OR] RewriteCond %{QUERY_STRING} (localhost|mosconfig) [NC,OR] RewriteCond %{QUERY_STRING} (boot.ini|echo.*kae|etc/passwd) [NC,OR] RewriteCond %{QUERY_STRING} (javascript:).*(;) [NC,OR]
How to Use htaccess rules for WordPress
First download and backup .htaccess file from your web server usually located in File Manager > public_html > .htaccess
Then, you should see something like this
# BEGIN WordPress # The directives (lines) between "BEGIN WordPress" and "END WordPress" are # dynamically generated, and should only be modified via WordPress filters. # Any changes to the directives between these markers will be overwritten. RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # END WordPress
CHANGE THAT to include .htaccess rules for WordPress Like This
# BEGIN WordPress RewriteEngine On RewriteBase / RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR] RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if) [NC,OR] RewriteCond %{QUERY_STRING} (localhost|mosconfig) [NC,OR] RewriteCond %{QUERY_STRING} (boot.ini|echo.*kae|etc/passwd) [NC,OR] RewriteCond %{QUERY_STRING} (javascript:).*(;) [NC,OR] RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # END WordPress
Save changes for .htaccess file to be updated
At this stage, visit your website to double check all is working. If its not, delete the changes you made (or simply upload your backup and overwrite .htaccess)
Force SSL Logins
WordPress provides rules through wp-config.php file where you can force ALL logins to do through https version your website. You should definitely use this option for better security of your WordPress CMS. Simply edit File Manager > public_html > wp-config.php to insert below code
Force SSL Logins
define('FORCE_SSL_ADMIN', true); define('FORCE_SSL_LOGIN', true );
WordPress Security
Because WordPress Content Management System is popular, hackers create scripts that look for security vulnerabilities in WordPress CMS built sites. Considering the importance of security means that you won’t wake up to a hacked WordPress site.
Other things to consider apart from using Wordfence security plugin for WordPress is that you can and should regularly update your passwords for
- WordPress Dashboard.
- Web Hosting Account.
- PhpMyAdmin Database
Then, depending on the website setup (as in WooCommerce or small business site) you could start looking in to paid version Auto Backup options such as:
- VaultPress
- UpdraftPlus
Website security is an ongoing process because hackers never stop exploiting WordPress built websites. These are only some of the methods for better securing a wordpress site.