How to Configure Wordfence Security Plugin for WordPress

Wordfence security plugin is a complete Anti-Virus and Firewall package for your WordPress install. It not only protects your site from many possible attac

Origen: How to Configure Wordfence Security Plugin for WordPress


Wordfence comienza comprobando si su sitio ya está infectado. Hacemos una exploración del lado del servidor profunda de su código fuente comparándolo con el repositorio de WordPress Oficial de la base, temas y plugins. Entonces Wordfence asegura su sitio y hace que sea hasta 50 veces más rápido.

Wordfence seguridad es 100% libre y de código abierto. También ofrecemos una clave de API de primera calidad que le da soporte Premium, País bloqueo, Análisis programados, Auditoria contraseña e incluso compruebe si su dirección IP del sitio Web está siendo utilizado para Spamvertize. Haga clic aquí para inscribirse para Wordfence premium ahora o simplemente instale Wordfence libre y empezar a proteger su sitio web.

Puede encontrar la documentación oficial en y nuestras preguntas frecuentes en nuestro Portal de soporte en También estamos activos en nuestros foros de soporte de la comunidad en si eres uno de nuestros usuarios libres. Nuestro sistema de tickets de soporte Premium está en Obtener información acerca de la seguridad de WordPress en

How to Configure Wordfence Security Plugin for WordPress

Wordfence security plugin is a complete Anti-Virus and Firewall package for your WordPress install. It not only protects your site from many possible attacks, but also keeps you off Google’s SEO blacklist and help repair a hacked files, even if you don’t have backups. It also include a  features like login brute force protection, hiding your WordPress version number, blocking fake google crawlers and many other security enhancements.

Powered by their cloud scanning servers based in Seattle, they maintain a pristine copy of every version of WordPress core, plugins and themes ever released  in the WordPress repositories  to quickly verify your files against the originals. They also keep a cached copy of Google’s Safe Browsing list that is updated in real-time and used for your scans.

Of the security plugins i’ve used, wordfence has become my favorite security plugin when it comes to securing a WordPress site. I install it on all of my sites and it’s quiet easy to configure. It has an average rating of 4.9/5 on the WordPress repository, with over 1.8 million downloads.

Click here to see how Wordfence protect WordPress sites in Real-Time.

Here are some of the important features of this plugin:

  • Compare core WordPress files against originals in repository.
  • Compare plugins and open source themes against originals.
  • Scan files outside your WordPress installation
  • Scan your site for the HeartBleed vulnerability
  • Scan for known malware files
  • Scan file contents to see if they contain a malware, trojan, virus, backdoor, known dangerous URL or known vulnerability.
  • Scan files, posts an comments for URLs in Google’s Safe Browsing List
  • Scan for weak passwords
  • Scan DNS for unauthorized changes
  • Checks your disk space to prevent DDos attack.
  • Checks for out of date themes, plugins and core files

Brute-force log-in protection:

  • Locking out users after a specified number of failures are detected.
  • Immediately lock out invalid usernames.


  • Immediately block fake Google crawlers.
  • Blocks anyone that accesses your site too quickly.
  • Block anyone who is generating page not found errors too quickly.

Other Options:

  • Hiding WordPress version

The free version of Wordfence will automatically scan all the files and database tables of your site once a day and alert you via email  if there has been an intrusion. Upgrading to paid version of wordfence gives you two factor authentication (sign-in via cellphone) and country blocking, which are both effective ways to stop brute force attackers in their tracks.

Configuring Wordfence settings

Basic Options

  • Once installed, go to your Wordfence options in the side menu and enter your email address to receive alerts.
  • Uncheck Enable Live Traffic View. Live Traffic View is a nice feature that lets you see the real time activity of your site, but it causes a slow down in page load time, particularly on a high traffic site.
  • How does Wordfence get IPs: From the drop-down menu, select “Use PHP’s built in REMOTE_ADDR…” which is the recommended option for most cases.

Advanced options


Live Traffic View

  • No changes.

Scans to include

Under Scans to include, select all options.

Firewall Rules

In the “Firewall Rules” section, you can set different rules for humans and crawlers who are trying to misuse your site. If someone breaks one of your rules, you can either “block” them or “throttle” them, which temporarily limits their access with an SEO safe 503 (come back later) HTTP message. The firewall rules must be set carefully based on the type of traffic. If you don’t know much about it,  just leave the settings alone.

Please note that these are only suggestions. You can even tighten up security by lowering the values on firewall rules.

Here are some tips for setting up firewall rules:

  •  If you choose to limit the rate at which your site can be accessed, you need to customize the setting or your site.
  • If your users usually skip quickly between pages, you should set the values for human visitors to be high.
  • If you are aggressively crawled by non-Google crawlers like Baidu, you should set the page view limit for crawlers to a high value.
  • If you are currently under attack and want to aggressively protect your site or your content, you can set low values for most options.
  • In general wordfence recommend you don’t block fake Google crawlers unless you have a specific problem with someone stealing your content.

Login Security Options

Other options

  • Whitelisted IP addresses that bypass all rules: Don’t touch this option unless you have a static IP address that never changes.
  • If you’re participating in the WordFence security network, wordfence will immediately block any attack originating from an IP address that has attacked other WordPress sites.
  • Click Save Changes.

Run the scan

  • Under the Wordfence menu, go to the “Scan” and start your first security scan.

Once the scan is complete,  address the issues it finds which will appear at the bottom of the page.

If you run into trouble or have questions, please visit Frequently Asked Questions (FAQs)  for more information.


Acerca de UniSoft-AleBo

La tecnología a tu alcance Asesorías Científico - Metodológicas
Esta entrada fue publicada en Capacitación, Diseño Web, Servicios, Softwares, Web 2.0. Guarda el enlace permanente.


Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de

Estás comentando usando tu cuenta de Cerrar sesión /  Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión /  Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión /  Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión /  Cambiar )


Conectando a %s