Protect your websites with the best WordPress security available.
Introduction
Wordfence is a WordPress-based plugin that offers its users enhanced security for their WordPress sites through several different forms of protection. The plugin provides endpoint protection and claims to offer better protection than similar cloud-based services.
At the time of writing, the plugin’s main website boasts that its services blocked over 12 billion malicious attacks within the last 30 days.
The service’s main offerings come in three main parts: WordPress Firewall, which runs an endpoint Web Application Firewall; WordPress Security Scanner, which scans a WordPress site’s files for malware; and Threat Defense Feed, which actively updates to provide Wordfence with new information on malicious signatures and IP addresses.
What Sets Wordfence Apart
Wordfence’s main selling point is that the plugin runs as an endpoint firewall and claims that this allows the plugin to offer better protection than cloud-based firewalls.
Wordfence’s website explains that the firewall leverages user information in over 85% of its firewall’s rules, whereas cloud-based firewall services do not have access to user information. In addition, the plugin uses end-to-end encryption. It operates before WordPress is even opened, meaning that the firewall can block attacks before they can reach the user’s site.
Wordfence is a rule-based firewall, meaning that it uses a system of rules to discern and protect sites from would-be attackers. The explanation given through the Wordfence website elaborates that the plugin boasts a forensic team devoted to actively creating new rules for the Wordfence firewall to protect its users. Wordfence’s servers also aggregate data obtained from these blocked attacks, which helps identify new attacks and allows Wordfence’s forensic team to identify and protect its customers’ sites before these attacks occur.
Free Plan Limitations
Wordfence offers a free community version of the plugin’s security-based offering through the Plugins section of the WordPress website.
The free version offers many of the same features as the plan’s premium versions, though some critical aspects of Wordfence’s premium offerings are absent from the free version.
Extended features like the premium plan’s access to Wordfence’s support systems and country-specific blocking are excluded from the free version, as well as having access to less frequent scans through the malware Security Scanner.
Most notably, the free version does not feature access to the plugin’s Threat Defense Feed and real-time updates to the Wordfence blocklist. Instead, the free version’s blocklist is only updated periodically every 30 days.
Unfortunately, this 30-day delay also applies to the WordPress Security Scanner’s real-time malware signature updates.
The free version also does not include the plugin’s ability to check if your site has been blocklisted for malicious activity or spam by other websites.
Features
Wordfence’s main features break down into four parts: The plugin’s WordPress Firewall, WordPress Security Scanner, the Threat Defense Feed, and Wordfence Central. WordPress Firewall is the plugin’s primary offering, serving as the advertised endpoint rule-based firewall, offering protection against malware and brute force attacks while not breaking encryption and without the chance to leak data.
The WordPress Security Scanner runs frequent scans on its customers’ websites, searching for malware, spam URLs, and more. The scanner also offers repairs for changed files and checking for vulnerabilities and closed plugins.
The Threat Defense Feed is Wordfence’s touted real-time protection service, gathering data from attacks and allowing the plugin to create new rules and block malicious attacks quickly.
The Threat Defense Feed features a team of engineers who constantly update the plugin’s blocklists and identify new attacks, allowing it to protect its users before attacks can happen. Wordfence Central offers customers a centralized database to maintain their security across multiple sites.
Pricing
Wordfence’s premium options operate on a per-license, per-year basis, with premium users paying a yearly fee based on the number of licenses bought. The site’s pricing plans feature discounted rates for users to purchase multiple licenses with higher discounts for larger purchases.
The plugin’s initial offerings come in at $99.00 per year to buy a license for one site. When purchasing licenses for 2-4 sites, the plugin offers a 10% discount per site, with each license being priced at $89.10.
The value increases with each increment up to 15 or more, where customers gain a 25% discount, bringing the price per license to $74.25.
Wordfence also offers initial purchase discounts of 10% for users who purchase two years of the service and 20% for users purchasing three years of service.
The plugin also offers a separate WordPress Site Cleaning Service that comes packaged with a one-year subscription to Wordfence Premium, priced at $490.
Conclusion
Wordfence aims to offer its users a security system that claims to have a clear advantage over cloud-based security systems. The plugin’s main selling point is its endpoint firewall, boasting protection that can stop attacks before the malicious entities reach a user’s site.
The firewall is accompanied by a complete security system that frequently scans sites for malware and other malicious content, as well as a constantly updated IP blocklist and real-time updates to the firewall’s set of rules.
Wordfence is popular among WordPress users, receiving very positive reviews on WordPress’s user forums, and boasts a user base of over 12 million.
iThemes Security Pro offers a similar suite of protective services for users who want to protect their WordPress sites. The plugin provides many of the same protective services as Wordfence, such as protection against automated brute force attacks, two-factor authentication, and more.
iThemes Security Pro also allows its users to set designated trusted devices and offers access to its “Brute Force Protections Network,” a community of websites monitoring malicious IPs and websites.
The plugin’s 2FA features integration with services like Google Authenticator and Authy and e-mail and backup codes. iThemes Security offers a limited free version, and premium plans for one website start at $80 per year.
Sucuri WordPress Security & Scanner is a security-based plugin that promises a suite of features to allow customers to protect their WordPress sites.
The plugin is free and offers some basic protection, but the main point of it is to integrate with the Sucuri cloud based Web Application Firewall (WAF).
This differs from Wordfence in that Wordfence is an application level firewall, so running within the WordPress application, as opposed to Sucuri's cloud based WAF that would run on Sucuri's servers, and intercept traffic before it gets to your WordPress application.
Sucuri offers several different pricing plans based on both the efficiency offered and the breadth of features, starting at $199 per year per site for the plugin’s Basic package.
Comments