How To Secure Your WordPress Websites With Wordfence – Review, Setup Tutorial & Warnings

This videos can be all about Wordfence and
securing your website with Wordfence hi my name is Adam from were I make
WordPress videos for non-techies if you enjoy the content in this video please consider
clicking on that subscribe button and if you’d like video notifications there’s a little
bell off to the right of that and go ahead click on that and you too will let you know
when I have new videos so this is a video in a video series where I’m just talking about
WordPress security and the various plug-ins and methods to secure your WordPress websites
in the first video of the series I took a look at five different security plug-ins and
gave summit some of my shared some of my personal experiences using those plug-ins as well as
talked about the pros and cons of the ones that I have personally used and this video
to be about Wordfence and I have personally used Wordfence I don’t use Wordfence right
now now the reason is because I believe that iThemes Security which is also free is a much
better plug-in however I did commit to making this video because I know there’s a lot of
people that really like Wordfence and there’s deftly pros and cons with each so some of
it’s going to be up to you and what your preference is in him and he hit on some of these different
pros and cons as I’m walking through setting up and installing the plug-in so here it is
in the page for WordPress sorry for Wordfence a security and you can see it’s
got a massive amount of active installations which can be a good sign that’s definitely
a good thing now there are features in the plug-in that are only available if you pay
for the premium version of the plug-in which you can see on their websites and inside of
the plug and you’ll see there’s lots of little advertisements and things settings that don’t
really do anything because you need the premium version here I am on their website and as
I go through the tutorial you’ll see what is in the free version and what is in the
paid version so not to go through that right this moment but I do want to share with you
or looks take a quick look at how much this plug-in costs if you wanted the premium version
so I’m to go here and click on and get a premium and so your presented with this now it’s a
per site per year charge for Wordfence so when you click on the pricing you get this
option here to enter the quantity of sites that you wanted on in the amount of years
so Vince just one website and one year that you want to pay for its hundred dollars I
think that’s a little on the pricey side if you have three websites the price starts to
go down you get a 32% discount but now you’re looking at $200 and if you wanted to do multiple
years you get more discount so if you did two years it’s it you can get the point the
paid version of this is going to add up really quick this is in comparison to iThemes if
you wanted the paid version of that where there is a lifetime option its unlimited sites
and you’ll find that it’s very comparable to Wordfence so here we are I’m on a website
here him to go to plug-ins I’ve already downloaded by haven’t activated it because I want to
show you something that I don’t like about Wordfence and I want to show you the technical
side of it first so that you can visually get an idea because if you look at my first
video in the series I said that there is a performance hit on your website when you use
Wordfence it’s a little on the bloated side if you ask me so missing something technical
here this is a list of the tables that are in this WordPress website so WordPress is
taken up about the 12 of them which is on every single WordPress installation and we
have these three here these are the ones from iThemes Security so you can see iThemes Security
is adding three tables to the database now let me just do a quick refresh of this page
so that you can see this is how it is right now so have a total of 15 tables in the database
the let’s see what happens after I activate Wordfence some to go ahead and click on activate
it’s gonna take a sack because it’s adding a whole bunch of tables to this WordPress
installation right now and you can see it still spinning and going okay so I’m in a
come back to this to work as I really like how they have this year and I think if you’re
using this plug-in you might want to go through the tour now to go back here and so you so
we had 15, go ahead and click on refresh and you can see there’s a whole lot more tables
now in my WordPress database so went from 15 tables total now remember three of those
tables were iThemes so you get 12 with WordPress and then he got three with iThemes Security
and the minute I activated this plug-in right here you can see it jumped to an additional
24 tables that Wordfence creates in your WordPress database so this is why I was talking about
in the first video that if you want to use Wordfence is going to be at the expense of
performance of your website and this is just one indication of that and you can see it
right here with your own eyes all right so I really like how Wordfence has this tutorial
are so like a tutorial it’s a tour and the first thing is the pop in your email address
now I will say that one of things I love about Wordfence is that there a singular focus company
now a few years back they tried it came to attic caching features to Wordfence and that
didn’t work out and so they got rid of that and they just are staying with the one focus
which is security and I actually like that I like that they are paying attention to security
matters there’s a lot of great information on their blog I would definitely recommend
popping your email address in here even if you’re not using Wordfence to give them your
email address so that you can stay on top of WordPress’s security news so that’s very
good so I’m not going to go through the tour right now but I highly recommend it to anyone
to go through the Torah and the reason I like to go through this because for this tutorial
I’m to go straight to the different setting options so what if you first see is this option
right here that you have to go through this process to enable what they call a web application
firewall so you do need to go through and enable that and it’s actually a little tricky
so let’s just do that real quick, click on this button here that says click here to configure
and hear some information about an eminent and the torques I don’t want to go through
it right now so first you have to know some technical mumbo-jumbo on your server and I
can tell you right now most people I am you know this because I mean you just see a bunch
of acronyms here and you don’t even know what the heck it is off the top your head but anyways
you’re supposed to select one of these and then click on the continue button in this
is going to make it so this web application firewall will work for you so I am like if
I click on continue takes me to the next step and then it wants me to download the HD Access
file that’s a security related file on your web hosting account then click on continue
and then is supposed to turn this thing on so anyways you have to go through that process
so you have this new option here for Wordfence and you have these different options that
he gives you know most of the options are to be in the options link right here and but
I’m to start with the dashboard and one of the strengths of Wordfence is they have a
really pretty dashboard I mean I was talking about iThemes Security and they have no real
dashboard in the free version if you have the paid version there’s a dashboard I do
think they should add some kind of a dashboard on the free version so people can visually
feel like it’s working but that’s really all that a dashboard is is it visually feeling
that it’s working so when you see here all of this information half of it is trying to
sell you on the premium version which is totally cool I mean that’s the only way he can fake
money deftly not hate non-that so the half of this is showing use trying to get you to
they show you what you don’t get with the free version and the other half is just some
global information not necessarily on your website but also on the entire network of
Wordfence based website so it’s pulling a lot of this data in from their website now
I like dashboards but I think there was you know the problem with the dashboard as I don’t
think I’m to be looking at a security dashboard I am to look at sales dashboards analytic
dashboards from postcards and dashboards not really excited to look at a security dashboard
but it is pretty and I definitely think it’s a plus that there is this dashboard here so
now let’s move on so for someone to go to the scan option here now what the scan is
now there’s some premium version of the scan so right here it says that if they find some
kind of new vulnerability when you scan it on the free version you’re not going to suck
to be of the detect this this new threat they find because you’re using the free version
you have to pay or you have to wait 30 days to get these new threat signatures that they
can identify now I will say I don’t place a lot of value in the scan and it’s not to
Wordfence’s scan it any of these scans I just don’t put a lot of value in them is, like
if you had a PC computer and you you put in an antivirus and the scans like half the time
they don’t ever find the problem the virus and then the other times they can’t get rid
of it and then the other times it gets rid of it and it comes right back so I really
don’t put a lot of value in any of these scans that these plug-ins offer even the one back
comes with the paid version iThemes Security it’s never found anything I think the best
tools for prevention is prevention meaning you have a plan with having a good solid backup
off-site that you have access to and you know how to restore and then having some good best
practices in place so you can do a manual scan here this is definitely a plus if you
because it might make you feel like it’s doing something but if you look at the comments
or the support comments of Wordfence on the page you can see a lot of people
saying it’s not finding the problems so I don’t really put a lot of weight into it but
I understand it might make people feel better about it now you do a manual scan if you have
the paid version you can do a scheduled scan and then there’s options here of what it’s
going to scan as well so this is the scan and that’s just kind of my real world experience
with the scanning in general so now let’s take a look at the firewall now this is a
weakness in my opinion of Wordfence and here is the deal with the when the first video
I said one of the best features of a security plug-in is that it patches in to a shared
network of of IP addresses the band and so what that means is if I’m running the Wordfence
right here on this website and here’s a totally unrelated website just some other random people
the person has an installed Wordfence and then some trying to hack into there are websites
that that attacker info’s going to go into a network and then get pushed down to my website
and that’s this this shared network to have all these websites keeping each other secure
and that is huge now Wordfence kind of has that but they don’t really because in the
free version of the plug-in you get access to that database but it’s 30 days out of date
and so you so someone attacks website a and then they go to attack your website website
be you’re not going to benefit from that unless you have the paid version or it’s been 30
days but the reality is if some is trying to hack into a bunch of WordPress websites
the likeliness is in 30 days or to be using a different IP a different method something
different altogether so I kind of find that aspect of their application firewall kind
of on the worthless side now I could be wrong I don’t have hard-core data evidence to see
if the same attack is happening 30 days later are from the same IP at originating from the
same IP address and all that kind of stuff so that is actually negative here this is
up a positive with iThemes Security is its real time so if some attacking in the into
trying to hacking the site a and site bees immediately protected because that information’s
going to go up to iThemes and come down to protect you so unfortunately knowing I don’t
like about Wordfence is that they have the most popular security plug-in but they’re
kind of making you feel like you’re you might think that your website safer than it really
is when there’s other options out there that are at the same price level or less expensive
so iThemes Security’s free and then it it it it it will do a better job of keeping you
secure real time versus a Wordfence so anyways that is kind of is something that I don’t
like about this and I actually didn’t realize this you know I think the last time I used
Wordfence I had to take him off my sites because they slowed it down but the last time I used
the Wordfence I don’t think they had this restriction in place where I’m not going to
benefit from the network until after 30 days and then it’s pretty useless at that point
anyway so here are your brute force options lecture let me go back after you install it
you’re gonna want to go right here and you got this firewall status they recommend leaving
it in this learning mode for a week and so you could do that and if you remember hopefully
you do you come back and switch it to enabled and protected I think it would be smarter
of them to have it automatically switch to enabled and protected because most people
install some security thing and where it’s out of sight out of mind five minutes later
I’m not going to sit there and sell let me set a reminder to come in here a week later
and switch it so unfortunately a lot of people that might just install and activate Wordfence
or not even though their firewall isn’t as good as others are probably not benefiting
from it at all because they have to come in here later and enable it so that is the firewall
now they do have brute force protection and this is where you’re going to set those thresholds
a brute force is to prevent people from trying every username and every password some real
common ones to get into your website or even attempt to get into your website is not like
as always you have like good policy for protecting it your your your having good security policy
as far as the password strength and all that you’re not using admin or administrator for
your username your to be safe in that regard but still when you have that request and that
attempt happening it sows on your website because it takes away from the resources on
your web hosting account and it can be problematic by default they have very high thresholds
here so this is basically saying lock someone out after 20 failed login failures and here’s
another option after 20 forgot password attempts it’s like holy cow this should be much lower
I would maybe set them to five and if it’s your website and you’re the only one logging
in so it’s not one where you have other people login and you can even make this lower and
I would also increase these time periods so I would maybe increase this to the max to
a day and then increase this to a max as well so this is basically saying those five failures
are counted in a 24 hour. And if you are locked out your to be locked
up for 60 days I like to set mine up this way however I do have people logging in to
my website but if they have a problem and they keep putting it in and it doesn’t work
right though usually just reach out to me on my contact form and I can go in and help
them out so here immediately lockout valid for usernames you don’t want to enable that
one and if you wanted to add some usernames that your typical that someone that’s trying
to hack into your website would enter for them so they could be immediately banned you
can pop it in here is to be admin administrator your your the name of your website or something
along those lines because those are typically what would automatically use some of these
bots would do in order to try to hack into your website and any others rate limiter I
actually think this is a plus this is actually very cool basically if someone or theirs about
doing some suspicious things on your website you can immediately ban them or you can throttle
them down that means they’re going to be able to make requests on your website a lot slower
so it right here is like for instance if someone’s visiting a lot of 44 pages that’s when someone
goes to a URL and it’s not a valid URL that’s typically an indication that the looking for
vulnerabilities on your website so you could throttle that down so say if they make 10
the failures in the minutes then to go ahead and throttle them or block them I do like
that these options are here you can take a look at this and decide how you want to implement
this if at all I do like that you have these tooltips although I wish when you hovered
over it that there’d be a pop-up saying what it is and said you have to click on it it
opens up in a new tab it takes you to the Wordfence documentation that’s some some of
the stuff is really written in geek speak unfortunately so let’s take a look at blocking
the blocking options right here know what I do like about this is it’s letting you know
what is being blocked on your website right now I really like that this is there and you
can go here and you can also probably remove blocks right here you got these clear options
and you can manually pop someone’s IP address in the block them from your website I do do
this from time to time now the country blocking is actually very interesting I guarantee puts
a load on your website because it’s basically taking some’s IP address and then comparing
it upon known IP address schemes for these various countries and is very easy to get
around and it’s only a premium feature but you go here and you can block out certain
countries I personally don’t see a huge use of for this unless you’re being attacked by
some but it’s all game about so he is he think at around anyway so you know I’m sure some
people find value in it but there’s tons of ways to get around it anyway you got some
advanced blocking options here so you can pop in and block IP address ranges you can
block different computers based on hostname user agent referring website others there’s
all kinds of power that you have there and I do think that is a very good so just to
have this option in their live traffic this is what’s going to cause problems on your
website so I really don’t like that they have this enabled by default I would encourage
anyone to disable this to turn this off and also in the options I’m in a show you where
you can disable the logging feature and that’s where and whenever anything visit your website
it’s taken this information is tossing it in database was can happen is your WordPress
database is going to get massive and it’s going to get slower and that’s a guarantee
so essentially this is going to show you real-time website activity now this website that I’m
doing this installs on is on my local machine so as not to show me any activity unfortunately
but you would start seeing some activity here and now most of their websites activity is
really just a bunch of bots anyway I really only find value in this if your websites been
attacked but you know I just still find limited value in it then what are you going to do
okay ask yourself that this life you school but say your website was being attacked what
you gonna do then what what what snacks you could try may be manually blocking blocking
IP addresses of like that but anyways I would strongly say turn this off and it’s funny
they know it’s a problem because right here it’s telling you how much memory you set for
Wordfence to be able to use and how much is using and so there put in that there for a
reason someone go ahead and disable that and you really should do that as well now here
is the tools section of Wordfence as well and if these aren’t a lot of emerges advertisements
for the paid version so right here password auditing I’m not really fan of password auditing
I have it in iThemes Security and I’m not paying attention to that I do care for an
admin account on my website administrator right account has a good strong password so
anyways doesn’t matter yet to pay for this feature who is look up I don’t know who’s
going to log it in their WordPress website for who is look up you can do that on Go Daddy
name Chi pension faith websites I’m not going to be doing that in my WordPress website cell
phone signing is also caught two factor authentication I happen to find it’s a premium feature I
happen to find it the most annoying feature on the face of the earth I tried in turning
that on once and it makes life so inconvenient now if that I can understand for like a banking
type of online service where you need the most bulletproof security imaginable but I
just don’t feel that my website I need to go through that extensive level I have everything
else in place my website is nice safe and secure I don’t think I need to factor authentication
and I don’t think you need to factor authentication either then we got this diagnosed Gnostics
tab right here it’s going to give you some info that you can send to them and this is
what I where I discovered how many tables that this plug-in adds because when you go
here let me scroll down you right here chose to skip showing a list of all the tables and
so I’m seeing WordPress tables and it’s all Wordfence Wordfence Wordfence remember I showed
you in the beginning it adds about 24 tables to your database which is almost double what
you would have actually that is double what WordPress gives you by itself okay so then
we got the options here and I’m in a rep type this whole review and you might be surprised
what I say at the end so here is a default API key that you gets and here’s a bunch of
options now most of these you’re going to just want to leave the default but we want
to take a look at some of the ones that our performance related for sure so for example
enable a live live traffic view this is unchecked because you saw that I turn the feature off
but if the future was on this would be checked because it needs to what is on a need some
place to store all that visitor information and it’s going to slam it’s going to slam
your database you just want to make sure that there is unchecked there’s a common spam a
few feet I will actually why do I even talk about it’s a premium feature but there’s other
plug as I do that anyway to help reduce comment spam and here’s a couple other little checks
that are actually really good to have but you have to have the premium version of it
as well okay enable automatic scheduled scans this is interesting because just a moment
ago we saw the scans as scheduled this scan is only in the paid premium version but were
not getting that notice right here that this is just a premium all actually I’m sorry the
the premium thing is above the checkmark I was just assuming that it’s below the check
mark so you’re getting the common spam filter in the free version and not getting the spammer
ties the checking your IP address and you’re not getting the scan so right here I like
that when a plug-in has this option this checkbox will allow allow a Wordfence to update itself
in your WordPress installation this is pretty good if you have one of those sites were you’re
not really on top of it are paying attention to it so right Harry McKenna want to put your
email address and and this is where alerts are to be sent to now where they do a great
job is in the alerts options here so go ahead and up popping your email address right here
and then let’s scroll down here and take a look at these alert options so some of these
you’re definitely going to not want to so this is going to let you know you probably
want this one is if Wordfence is automatically updated that’s a good one if EMF Wordfence
is the activity you can leave that on the one that you don’t want is right here alert
when an IP address is blocked what people realizes the minute you put a WordPress website
on the Internet there’s bots that are going to start trying to log into a just an automatic
thing you leave that on your to get all these emails it’s just not worth it so definitely
disable that in as well as this one if someone gets locked out from failing to log in properly
you can go ahead and uncheck that now you can leave this notification on if you want
to know when someone is requesting a loss password if you wanted and right here this
will let you know and that’s good to leave on as well when someone actually logs and
that has administrator rights and so there’s couple more options here this was really nice
you can choose the maximum amount of email alerts you want per hour so zero is unlimited
and either second to be so many with the different options that we just selected so you can leave
this at zero if you wanted I do like that you can just get an email summary if you want
right here so you could probably uncheck these options there and just get that email summary
and you can do that daily or weekly it’s up to you next we have some live traffic view
options Yorty know my opinions on that what it’s gonna do to your website here’s what
you can choose to include when it actually does a scan of some of these are actually
kind of nice but they probably don’t fit most of us is so is saying is scan your theme so
to compare your theme to what’s on the latest download on my problem is most
of us are really getting our themes from were probably buying it directly or something
maybe theme for Sir direct vendor like Beaver Builder or Divi so but those are nice if you
have everything from the WordPress repository Sears and more options for what to scan you
can go ahead and leave those all enabled with the checkmark and then here some additional
options right here and it’s up to you I would go ahead and read the information and documentation
to see if you actually want to enable that or not alright so here’s our rate limiting
which is an option that we saw in the firewall but you also have it right here that we also
have our thresholds for failed login attempts right here and then we have some notification
options the hear some more premium options that you don’t get access to but I do like
this updates needed so you’ll get notifications for that when you’re in the dashboard Wordfence
but your to get it when you log in your WordPress website whether there’s updates available
so here’s where you can white list your IP address is in some of that specific stuff
as well these are and want to leave by default but you might want to also enable this hide
WordPress version it’s up to you some people say that if the look and see the WordPress
version you’re using then they can know what vulnerabilities exist if they exist on that
version but if you’re keeping WordPress up-to-date you don’t even need to worry about that check
this out okay so now or in the home stretch you which is awesome and sure you’re happy
about that right here is how much memory can Wordfence use and they obviously have this
year because there is performance problems with this plug-in and tell you when you actually
click this it takes you to their did their document site and they say that you know Wordfence
is going to have trouble in affordable hosting so if your web hosting services like under
10 bucks you’re going to probably run into some trouble performance issues but if you’re
spending 30 bucks 100 bucks or whatever per month you’re probably not can have any problems
with Wordfence but probably it down those pricing levels anyway the host already has
some kind of proactive service so right here is one of my favorite favorite features and
I wanted show it right now it’s is delete Wordfence tables and data on deactivation
so you see here were I have 39 tables now because of Wordfence will at least they give
you this option you can click on here and you can then delete it have Wordfence deleted
if you disable Wordfence this is actually something that all plug-in and theme creator
should add themes don’t typically add tables adjust plug-ins and I do like that they have
that so I want to demonstrate that right now so you can see I’ve got these 39 tables on
him to show you 39 tables a minute go here I’m going to deactivate it’s going to take
a moment to to deactivate I’m in a go here and I’m in a do a refresh in your to see this
go back down to 15 that’s because with that checkbox you can fully get away from Wordfence
and fully get it off your website all that would be left is going here in then deleting
the plug in files itself it’s going to go ahead and remove all those tables all that
data all that blowed in your WordPress websites database it’s going to get rid of all of that
now you might think all this guy Adam he hates Wordfence after you just listen to me for
the last 20 minutes kind of point out all of its flaws and you know what I think it’s
important to just have some security tools on your website so I’m not heat on Wordfence
I’m happy for the over 2 million people that are securing their website with it I do believe
that you get better security out of the free version of iThemes Security and I also believe
that iThemes Security is a better value for your money if you did want to have the paid
version of one of these tools if you had Wordfence the paid version of Wordfence on three websites
you could already have purchased the actually for websites you could already have purchased
the full version of iThemes Security that has unlimited installs and lifetime updates
where with Wordfence on year to Juergen have to pay up again so I mean I’m not opposed
to paying money to keep something safe and secure however this is a situation where there’s
definitely a better free option available and there’s definitely a better paid option
available as well so if you didn’t see my iThemes Security video I would encourage you
to go and take a look at that Intel me what you think about that you can also see the
first video in this video series I should just put a link down below to the to the playlist
I have links to everything down below a link to Wordfence you can just go to
also leave a link to iThemes Security if you did purchase iThemes Security through my link
I’m giving you access to my security training course on my websites normally $99 I’m given
that for re-so let me know what your experience with the Wordfence is and I also want to invite
you to kind of critique me a little bit you know I’m trying not to be so harsh but try
to speak the truth in these videos so you think I’m being too hard on Wordfence I want
to hear from you down below I deftly want to give everything a fair shake I am an opinionated
person and I like opinionated people I want to give everything a fair shake what is your
experience with Wordfence have you used it has it covered your butt and if you’re deciding
on a security plug-in after this video which one do you think that you would want to install
on your website so anyways thanks for watching this video I appreciate having you on the
channel and I’ll see you in the next one

29 thoughts on “How To Secure Your WordPress Websites With Wordfence – Review, Setup Tutorial & Warnings

  1. Hi Adam. Thanks for this. I have been using WordFence loyally for I'm not sure how many years. I was not aware of the performance hits which will probably have me changing to the iThemes one. Also, I'd recently started using Sucuri as well as I learned there would not be a problem with that, though preventing overlap of functions. Though now I realize thats probably not a good idea? One of the things I do when I start a website is put security on there first. I do all my WordPress installs manually, renaming table prefixes to something other than wp_ I discovered when I use to use a WP install script on the host that sometimes I'd get an error with plugins when updating them. I don't get that since installing manually several years ago.

    Thanks for you great videos 🙂

  2. Hi Adam, Thanks for the
    informative videos. I've been using Wordfance for a long time. But
    thanks to you, I now know why my site is slower than comparables. I
    have now switched to IThemes. It have now also a dashboard!
    there is an option for SSL. But I already have SSL, so I stay away
    to prevent conflicts. I already have an Easy SSL plugin that does the
    job. And twice the same function can never go well.
    Thanks again
    and keepup the good work!

  3. I don't understand. Didn't you say in another video that you don't like Wordfence because it makes the websites too slow?

  4. Hi Adam! Thanks for the the great video. I'm going to take a much closer look at the iThemes Security plugin. I would like to offer a correction on this video though. In the firewall settings you talked about the Learning Mode. You said that it would be good if they added a way for learning mode to automatically change to the Enabled mode. It already has this feature. While in Learning Mode you will see just under the drop-down a line that there is a check-box option to automatically switch to Enabled mode on a specified date. It is automatically checked and set to do so in a week's time. Just thought I'd point that out. You can see it in your video, and I've been using WF for a couple of years so I know it's there. Everything else is great info though.

  5. I went to check out the links you said you'd leave in the section below the video, but there was only one link to iThemes Security. Is that the link I would use to get the paid version and have access to the free training? Or do I need to go to your website?

  6. Hi Adam, good review as always. I look forward to testing iThemes again, but wanted to pick up on a couple of things mentioned here.

    1. the free version does auto scan. All my sites scan daily
    2. I'm not sure that having extra tables has a negative affect on performance. Better keep logs and settings away from the main post tables. yes it feels like bloat, but really I think it's quite an efficient and responsible way to do this
    3. right with you in live view. I always turn it off
    4. I've been running speed tests with gtmetrix with WF enabled and disabled, but calls to the database and load time remain the same. I've tested on 5 sites so far. Would be good if someone were able to pinpoint what it is in WF that kills site speed.

    Thanks again Adam!


  7. Hi Adam, quick unrelated question… I am using the GeneratePress LMS child theme that you had created for you and there is an updated version of the regular pro version available. Do I / can I keep using your version or do I need to go with the std pro update? Thanks, you're awesome!

  8. Around 21:35 made me laugh Adam… "say you are getting attacked… what are you gonna do then?". Great point!
    I've definitely experienced issues with wordfence… Performance and never ending notification emails.
    I've invested in iThemes on your advice, and also I'm going to partner it up with BBQ Firewall pro… Go check that one out.
    I use sucuri cloud firewall a lot, but not all clients can afford it. So ithemes and BBQ is the best combo I have found to do as food a job as a client can afford. Good host is essential too.

  9. Thanks, Adam! I didn't know about the live traffic performance issue. I turned that off and retested my site on Google PageSpeed and got an immediate bump in my score. I'll be looking into iThemes.

  10. before i scanned my site was infected totally.then i had reset and build new site coz it is new no problm for reset. then i scan my site again from many of the online site scanner also with sucuri, sitll shows me site is infected what do i do now ? if i scan my site from from wordfence shows not found any issue but from online scanner shows warlware found. there is no anymore plugin also. what is the problem ? i have got in problm.anyone can help?

  11. Hi Adam,

    I personnally use iThemes Security Pro as well, though there are some features of WordFence that I like… Just a quick note: around 15 minutes you spend 40 seconds talking about the fact that WordFence should automatically switch from "Learning Mode" to "Enabled and Protecting"… Well, it DOES… You see below a checkbox that is checked by default that says "Automatically switch to Enabled Mode on " and then I guess the date is one week later…

  12. I don't think you are being "too harsh" at all. It's a great thing when someone who knows what he's talking about tells what he really thinks…saves us all a lot of trouble. Great video here…thanks for all the detailed descriptions…one of the best things was near the end when you pointed out the "Delete Wordfence tables and data on deactivation" option. I was sitting here wondering how to get rid of all those tables when I would be deactivating Wordfence later today…and now I know. Thanks so much;.

  13. Some feedback from a non so tech background… I took some of you advice however the Itheme was found to be causing many issues with 404 errors on valid address from IP which was not blocked either. Its cause many of the pages not to be available for and also some to display funny on their browser some reason and that also caused those IP to be blocked due to the rules in place. Since this was an issue which I can't explain why the plug in stops certain valid link I installed the the WF which so far has worked ok

  14. With wordfence firewall, do you have to do anything with that file you downloaded 7:26 ? I'm not sure even what to select?

  15. Hi Adam. Can u please suggest me which is the best security plugin wordfence or ithemes. I have a confusion of choosing among these two plugins.

  16. Take a look at – you can use it in conjunction with free WordPress security plugins. It is a great free script. One thing it does, for example, it adds country blocking. Something you would need to pay for with Wordfence.

  17. Hello !
    I have some issues. I have deleted the files from wordfence and now my website is not working. how to restore those files?
    I will be very thankful to you if you help me

  18. Hi Adam. I'm currently using wordfence on a membership site, but considering the switch to ithemes after watching this video as I have definitely noticed a significant slowdown on my website. My biggest concern is what else should I be doing to fully secure my website being that it's a membership site like yours? What other measures have you put in place other than ithemes?

  19. So many features in Wordfence and definitely an impact on site load speed. Seems necessary though, a good chunk of the traffic on the site I just built was coming from Russia and China and there is a region filter in Wordfence (pretty sure it's the paid version though.)

  20. Hi Adam, I have the free version of Wordfence on one website and the free version of ithemes Security on the other. Wordfence has many features I find useful. By the way the 'Web Application Firewall Status' starts with 'Learning Mode' as you stated but 7 days later it goes automatically into 'Enabled and Protecting'. The feature where you can make blocking 'Permanent' is of great use to me. 'Whois Lookup' is also very important – if someone has been blocked I want to know their IP address and domain name… I have read about Wordfence slowing down websites. Wordfence DOES NOT slow my website down. Anyone can do a search on 'PageSpeed Insights' and find out whether their pages are being slowed down or not: Deactivate Wordfence and check the pagespeed. Leave it deactivated for a whole day and check pagespeed again. Re-activate Wordfence and check pagespeed. I am on premium hosting ($35/ month)… Wordfence (free version) works well for me. Cheers,

  21. Wordfence screwed up all pictures I had uploaded, they wouldn´t show on the site anymore, even when I tried to upload new ones.
    Thankfully I had backed up my site before installing.

  22. Yeah man I had the unpaid version for my first blog. It's still being build but it got hacked. I was taking a class that instructed to use Wordfence the unpaid version. Based on this I will not be using the paid version.

Leave a Reply

Your email address will not be published. Required fields are marked *