So I installed the Wordfence Plugin yesterday to see if it could help with a few spam referrer, spam comment and rogue crawler issues I’ve had recently.
So what is Wordfence
“Wordfence is the Leading Cyber Security solution for WordPress. We provide a Complete Anti-Virus and Firewall Package for your WordPress Website including Two Factor Authentication, a Firewall incorporating Machine Learning and Tools to help Recover from a Hack.”
After installing and generally getting the feel of the plugin I decided to run the Scan option that comes as part of the plugin, the scan took about 5-8 minutes to run, the scan covered these various parts and processes run by my WordPress Blog and at the same time searched for any Malware that might have found its way into or been injected into my site
WordPress core, theme and plugin file signatures
List of known malware files from Wordfence
Core WordPress files against originals in repository
Comparing open source themes against WordPress.org originals
Comparing plugins against WordPress.org originals
Scanning for known malware files
Scanning file contents for infections and vulnerabilities
Scanning files for URLs in Google’s Safe Browsing List
Scanning posts for URL’s in Google’s Safe Browsing List
Scanning comments for URL’s in Google’s Safe Browsing List
Scanning for weak passwords
Scanning DNS for unauthorized changes
Scanning for old themes, plugins and core file
At the end of the scan
Wordfence provides you with a list of all files that may be compromised or have been changed from the original install, and low and behold it found a few on mine, one that particularly annoyed me was some lines inserted into my index.php file that related viagra and the canadian pharmacy.
Thankfully Wordfence spotted this and gave me the option to replace the compromised file with an original untouched copy, so no nasties hidden in it, just the simple click of a mouse button and the problem was resolved.
I’m liking this plugin alot after that, the other things I like about it is the simplicity in being able to block IP addresses of spammers and bogus crawlers, the plugin has a live traffic option that allows you to see who is accessing your blog, what exactly they are looking at, what there country and ip of origin is and most importantly whether they are a human or just another bot/crawler, its then just another click whether you block their ip or not.
There’s also a Whois Lookup included and the option to have alerts sent to your email address if any of the following occur:
Critical Problems
Alert Warnings
Alerts when Wordfence Automatically Blocks an IP addresss
Alerts when someone is locked out from Login
Alerts when the “Lost Password” form is used
Alerts when Admins or Non-Admins sign into the blog
It even has a built in FireWall which can be used to block fake crawlers.
I’d suggest if you have a wordpress site you install this plugin, even if its only to give your site the once over, which was initially my intention, but after playing about with the various options of the plugin and seeing what information the plugin can offer on visitors to my site, I do believe I’m going to keep it installed.
So I installed the Wordfence Plugin yesterday to see if it could help with a few spam referrer,… http://t.co/VZ9O0JLZTY