Not much is sure in life except death, taxes, and website hacking attempts. Fortunately, in addition securing your WordPress site with sophisticated passwords, there are security plugins that can offer additional levels of protection.
One of our favorite security plugins is Wordfence (www.wordfence.com – the full list of features can be seen at this site). Wordfence offers a number of security benefits such as:
- Geo Blocking. For many law firm websites, traffic from Russia and China make up a significant portion of website visits (to get an idea about the percentage for your website, check out your traffic statistics on Google Analytics if you have this installed). Unless there is a reason for people in these countries to be visiting your website, likely all this traffic is from bots attempting to either add comments to your website for links, or from evildoers attempting to hack your site.
How does Wordfence help?
With the paid version of Wordfence ($39/year), specific countries can be blocked based upon IP addresses assigned to countries. When an attempt is made to access a site from a blocked country, users are not able to see the site itself, or to access the URLs pertaining to the site (including those for required to log into the CMS).
While country blocking may not work with 100% certainty, it can help to significantly reduce potential threats.
- Site Repair. If your website has been hacked, you’ll likely need to restore the files that been changed. Wordfence offers a tool to identify changed files, even if a previous backup of the site has not been made.
- Selectively Block and Manage IP’s and also Brute Force Attacks. Brute force attacks consist of attempts to gain access to protected portions of a website through means such as guessing login and passwords by automated means. Not only can tremendous damage be done if the attack is successful, even unsuccessful attempts can cause a site to go down (or become significantly slowed) due to the significant number of server requests being made.
- Block Fake Googlebots.
- Machine Learning. When other Wordfence users have become subject to an attack, Wordfence can block the IP’s of the attacking site from attacking your site.
- Source Code Verification. Wordfence runs scans that seek to ensure the validity of both WordPress core files as well as open source themes and plugins.
- Spam generation detection. Often hackers inject viruses into a website, not for the purpose of destroying website functionality, but rather to cause the site to generate thousands of e-mails to others containing malicious code.
Wordfence offers both free and paid version. For $39/year for one site, I would suggest the paid version. If you wish to purchase licenses for more than 1 site or for multiple years, please check the appropriate discounts (scroll down to the bottom of the page.
Notifcation – We are not affiliated with or in any way compensated by Wordfence.