Just recently I witnessed a sad story from a blogger. The latter explained how he had been the victim of an attack, which totally transformed his blog into a spam site. He made the mistake of neglecting the security aspect of his blog because according to him “ his blog is not that popular to be un target ».

Those who think they are safe from all attacks because their blog is not popular, are very wrong. For hackers, it makes no difference whether you are popular or not, the most important is to create traffic to their malicious sources.

We must all agree that'there is no ultimate solution, However we can put together a set of measures preventive, and that's exactly what we'll do in this tutorial.

Have you ever heard of WordFence ? It’s a Plugin which scans the source code of your WordPress installation, in order to detect an incompatibility with the original source code, in order to detect infections. It also performs other tasks, such as blocking blog access to certain IP addresses among others.

wordfence-présenetation-of-plugin

I will show you how to use this plugin, in order to improve the security of your blog. If you do not understand some points, the online form comments are available.

How to download and configure WordFence

WordFence is a Plugin available on WordPress.org, so you can directly install it from your dashboard. You can also have it as a zip file.

After installation, activate it. You will notice a new icon on the left side menu of your dashboard (and tooltip welcome, which you can close).

wordfence menu

We will start by making our first configurations, for that, access au submenu « Options ».

enter-to options

You need to know that some features of the Plugin require a pro license. 

Two main sections are available: Basic options et advanced options. I will only explain the options you need to modify.

Configuring basic options

The very basis of your protection is the activation of the firewall (Enable FireWall). Therefore, all attacks conducted on your blog, will be blocked as far as possible, and an activity report will be recorded.

You can receive this report by email, hence the need to register one or more addresses Email (Where to Email alerts).

Depending on the probability of attacks, you can adjust the level of protection you want to apply to your blog. 

You should know, however, that depending on the levels, more restrictive measures will be taken, so don't be surprised when browsing your blog will be a little more difficult. (Security Level).

In order to prevent difficult navigation, WordFence needs to recover the good IP addresses of different users (How Does WordFence get IPs). So you have the possibility to define the method with which WordPress identifies each user.

You can choose:

  • The classic option " Use PHP's build in REMOTE_ADDR...» (to use for a start)
  • Two simple advanced options Use the X-Real-IP... » et « Use the X-forwarded-for HTTP...»
  • The last option allows you to use IP address discovery with CloudFlare.

dune-added-email-address-for-alerts

Advanced options configuration

The first section of advanced options is for alerts. From this location you can set the conditions under which you want to receive an alert (assuming you have registered a valid email address).

If your site experiences recurring minor attacks, you might not want to receive an alert every time (In the form of mail). You must therefore determine the number of alerts sent per hour (Maximum Email alerts by hour). The value 0 is " Unlimited ».

options-and-alert

The section of Live Traffic View » (live overview of traffic) does not need to be configured, the basic options are sufficient.

In the section " Scans to includes » (scans à carry out)you will notice that only scans of  plugins and themes are disabled. Indeed, scans are performed with reference to a source. For themes and plugins unofficial, the detection of an intrusion into the source code can be difficult.

If your WordPress installation has backup files, I think you can exclude them from scan.

options-scan-Activated

The section " FireWall Rules »Allows you to determine actions to take when an event occurs. In particular, you can limit access (throttle it) or block these (block it) :

  • When the number of requests from any user exceeds a defined number per minute
  • When the number of requests made by robots (crawlers) exceed a defined number per minute
  • When the number of requests made by humans exceeds a defined number per minute
  • When the number of requests made by robots with an 404 result exceeds a defined number per minute
  • When the number of requests made by humans with an 404 result exceeds a defined number per minute

In some cases, your blog will be visited by fake Google Robots, you can also block their access directly.

rules-apply-to-firewall-wordfence

The section " Login Security Options Allows you to determine some rules that apply during the connection: 

  • For example, you can require administrators and editors to use passwords away (default value) or to all users without exception (In strength strong passwords)
  • Define that after an unsuccessful login attempt the login page is blocked for a user (Lock out after how many login failures)
  • Set password recovery attempt limit (Lock out after how many forgot Password Attempts)
  • Define how long unsuccessful attempts are counted (Count failures over what team Period)

The section " Others options »Allows you to define some options specific to the execution of the Plugin WordFence, among others:

  • The memory used by the latter
  • The maximum duration of a scan

Now that we have proceeded to the configuration of the Plugin, it's time to see how it works.

Presentation of the different features of WordFence

How to perform a scan (analysis) and correct mistakes

To analyze your blog, you need to go to the location " WordFence >> Scan ». Click on « Home a WordFence Scan » to start the analysis. You will be able to see the details of the analysis and of course take action to remedy it if there is a problem.

presentation-how make-a-scan-on-wordfence

At the end of this analysis, you will be able to access the report and see in detail what is going or not going on your blog. The analysis will also cover the themes and plugins that need to be updated. On every detail, you will see the solutions available to you.

How fix-a-mistake

How to view your site traffic

With the traffic, you can see exactly who (What IP address) and from which country your blog is visited. This will also allow you to have an eye on the pages that each user visits and by therefore, you will be able to detect a suspicious activity yourself.

To view your blog traffic, you need to go to the " WordFence >> Traffic ».

When you activate the option " Your Site Activity Real Time ”, Your blog activity will be recorded in real time. From this interface, you will be able to block an IP address or a network.

log of traffic

How to manage blocked IP addresses

All blocked IP addresses are available from the " WordFence >> Blocked Ips ». From this location also, you can block an IP address.

You can also access IP addresses that do not have access to the login page (IPs That are  locked out from login) and IP addresses that have been blocked after a recurring visit to the site (IPs who Were recently throttled for Accessing the website too Frequently).

adreses-ip-it block

How to restrict access to your blog

WordFence gives you the ability to determine which countries are not authorized to visit your blog. Although this is quite unlikely, it is a measure that could allow you to control the origin of your visiteurs.

For other unauthorized countries, you can display a message or redirect the message to a specific page.

You can even restrict access to certain services on your blog, redirecting unauthorized countries when they enter a URL specific (Advanced Country Blocking Options).

how block-some-country

How to program analyzes

To avoid having to perform analyzes yourself, you can program these by taking into consideration the schedule below. However, you must activate the programming by choosing the option " Manually schedule scans using calendar below ».

how to program-a-analysis

Advanced IP address blocking

Blocking options allow you to block an IP address range (IP Range)You can also block users with a specific signature (User Agent)Maybe you won't need it, but you can add a reason for the blockage.

Options de-blocking Advanced

Before we leave

I did not present some features, because either the default configurations did not need to be changed, or they required license for.

That's it for this tutorial, I hope it helps you to better secure your blog. Do not hesitate to comment or share it on social networks.