We’re not going to go into everything we do for security for our clients’ WordPress sites, including Wordfence security. But beyond keeping plugins, themes and WordPress versions current, here are a few of the things we do every week, sometimes more often:
- Monitor admin logins – and if questionable, contact the login.
- Monitor “improper” efforts to access
- Block IPs and/or countries if Wordfence reporting indicates it should be done. (This has to be carefully done not to block legitimate traffic, particularly with country blocking.)
- Check failed login efforts to ensure that the IP matches previous positive login efforts
If you have Wordfence, these are simple processes that can provide some comfort in the legitimacy of activity on your site. We have caught a couple of stolen clients’ admin logins in the past, and depending on our client, we’re active in blocking country IP ranges. If you don’t have business in Russia, why allow the traffic?
Different WordPress sites have different Wordfence-related needs. Online transactions, varying levels of logins, and plugin usage can create additional monitoring levels.
This is why we use the premium version of Wordfence on our clients’ sites. The free version provides some of the tools we find prudent to have for each site, but we feel we need the fuller set available at the premium level.