How to Install and Setup Wordfence Security in WordPress

How to Install and Setup Wordfence Security in WordPress

 In WordPress

Using security plugins along with better security measures for your WordPress CMS is only smart. WordPress’s popularity makes it ideal for hackers to try gain access to WordPress sites. That is why using Wordfence Security and Firewall plugin is a great choice to increase security of your installation.

Video Lesson for Installing and Setting Wordfence Security Plugin in WordPress

Wordfence Import Settings

386694919d5afa41ee9d165768b2389f5ac65376a16e3aed7454940e5bcca2e87370bc881867249490b1e9cd71d3d7b9cc1b7fbe8453bde253b9af3e11de266b96fb982dc9f831b6ac5d389474fb61df

How to Use Import Settings

In your WordPress Dashboard locate Wordfence plugin menu option > Tools > Import/Export Options

And then copy paste above code > Save changes

htaccess rules for WordPress

RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR] RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if) [NC,OR] RewriteCond %{QUERY_STRING} (localhost|mosconfig) [NC,OR] RewriteCond %{QUERY_STRING} (boot.ini|echo.*kae|etc/passwd) [NC,OR] RewriteCond %{QUERY_STRING} (javascript:).*(;) [NC,OR]

How to Use htaccess rules for WordPress

First download and backup .htaccess file from your web server usually located in File Manager > public_html > .htaccess

Then, you should see something like this

# BEGIN WordPress # The directives (lines) between "BEGIN WordPress" and "END WordPress" are # dynamically generated, and should only be modified via WordPress filters. # Any changes to the directives between these markers will be overwritten.  RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L]  # END WordPress

CHANGE THAT to include .htaccess rules for WordPress Like This

# BEGIN WordPress RewriteEngine On RewriteBase / RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR] RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if) [NC,OR] RewriteCond %{QUERY_STRING} (localhost|mosconfig) [NC,OR] RewriteCond %{QUERY_STRING} (boot.ini|echo.*kae|etc/passwd) [NC,OR] RewriteCond %{QUERY_STRING} (javascript:).*(;) [NC,OR] RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # END WordPress

Save changes for .htaccess file to be updated

At this stage, visit your website to double check all is working. If its not, delete the changes you made (or simply upload your backup and overwrite .htaccess)

Force SSL Logins

WordPress provides rules through wp-config.php file where you can force ALL logins to do through https version your website. You should definitely use this option for better security of your WordPress CMS. Simply edit File Manager > public_html > wp-config.php to insert below code

Force SSL Logins

define('FORCE_SSL_ADMIN', true); define('FORCE_SSL_LOGIN', true );

WordPress Security

Because WordPress Content Management System is popular, hackers create scripts that look for security vulnerabilities in WordPress CMS built sites. Considering the importance of security means that you won’t wake up to a hacked WordPress site.

Other things to consider apart from using Wordfence security plugin for WordPress is that you can and should regularly update your passwords for

  • WordPress Dashboard.
  • Web Hosting Account.
  • PhpMyAdmin Database

Then, depending on the website setup (as in WooCommerce or small business site) you could start looking in to paid version Auto Backup options such as:

  • VaultPress
  • UpdraftPlus

Website security is an ongoing process because hackers never stop exploiting WordPress built websites. These are only some of the methods for better securing a wordpress site.

Recommended Posts

Leave a Comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

0

Start typing and press Enter to search

WooCommerce SEORankYa WordPress SEO Yoast