Outside of driving traffic to your website security is probably one of the biggest concerns of all WordPress website owners, so in this video I’m going to show you how to set up WordFence – one of the top plugins for securing your self-hosted WordPress site.

The problem is that, because of how easy it is to use, WordPress is a big target for hackers.

Because it’s got such a huge target on it virtually all WordPress sites attract a lot of unwanted attention.

And if they’re able to compromise your site, you could be in for a huge mess and lengthy clean-up process where you have to call someone like me to come in and get things restored back to the way they’re supposed to be.

And if that happens your site can be offline and your brand reputation could be compromised because, when visitors arrive at your site, they’re seeing you’ve got a garbled mess (and that’s if they actually see anything at all).

So the stakes for making sure your WordPress site secure are high.

Part of having a WordPress site done the right way is making sure that you’ve got security covered. Wordfence will help you do that. This lesson covers getting Wordfence installed and get your basic configurations in place.

How To Set Up WordFence

Welcome back to the Building your WordPress Foundations series where we’re walking through and getting some stuff set up for you now on your new self hosted WordPress site. This time in this video, we’re going to be installing the security plugin.

Let’s go ahead and jump in. We’re going to go up here again and click on Add New to go to our option where we can go add plugins and where this time we are going to be looking for Wordfence.

This is one of the security tools that I recommend using on your website. It’s a really easy tool to use and does a great job of taking care of security for your website. This one right here, we’ve searched for Wordfence and this is the one that we’re looking for this one right here.

We’re going to go ahead. I’ve already got it installed. We’re going to go ahead and activate this one.

Now we are going to have it here in our list of options. It’s activated. As some of these plugins will tend to do, you will see that we’ve got this option up here to go ahead and click to configure our Wordfence options.

For this one, we’re going to go ahead and start over here. Let’s go ahead and click on the tab in the admin bar. For now, we’re just using the free option, but as you can see, you have a couple of different options here.

Generally speaking, the default options are usually going to be sufficient for what you’re trying to do on most new WordPress sites. As your site grows and as it becomes more complex with additional features and depending on your hosting situation, those things may change a little bit over time.

You may want to tweak the settings, but it’s good to know where these things are so that you can dig in and get what you are looking for out of this plugin.

What we are going to do here is just take a look at our notices up here. It’s asking if we want Wordfence to stay up to date automatically. We can go ahead and turn that on, no harm in doing that just make sure that whenever they roll out a new plugin version, or an update to the plugin that’s automatically updated.

We can leave that there. Then we’ll just take a look at a couple different things here that you have in terms of options.

Let’s go back up here. Now that we are in our Wordfence dashboard, we go ahead and click this to configure up here at the top. What this does is this takes your basic WordPress Wordfence protection and it elevates it to another level.

Basically, what it’s saying is, “Hey, we need to do some of this stuff to your code. We want you to create a backup before you do that.” Go ahead and download this file here.

It automatically detects what kind of hosting service that you have. If you are a tech person, and you know what you’ve got, and it is something different than what’s coming back, you can make that change here.

Generally speaking, this is going to be an easy recommendation to make. We’re going to go ahead and download the HTACCESS backup.

We’ve got that down in our browser down here, as we can see now. We’ll go ahead and continue here. Installation was successful, but it’s not taking effect.

It’s basically saying, you just need to wait a few minutes and then you can try refreshing the page. That’s fine. Nothing more that we really want to do here.

We’ll go ahead and refresh to see how that affects us. We’re okay for now. One of the things to pay attention with this is when you first install it, it goes through a learning process and basically what that means is it wants to look at what your traffic looks like. It wants to know where people are coming from, so on and so forth.

It will use this learning process for about a week, and then it’ll automatically switch to being fully enabled so nothing really big here to worry about.

We’re just going to take a look here what options that we’ve got down here. We’re going to leave the firewall options as they stand for this particular accordion.

We don’t need to do anything there. We’re going to like I said the default settings in most instances are going to be sufficient for what you’re trying to do. Now one thing here that I like to adjust is to make sure that the brute force protection is enabled and the settings are slightly adjusted.

We’ve got it turned on here. What I like to do is to just tighten things up. When you first install Wordfence, it’s going to be set to 20 and 20 and four hours and then four hours for the default settings.

I don’t like leaving it that open. Personally, I like to keep that a little bit tighter. I’m going to go ahead and tighten these down to five attempts and they get locked out.

It just tightens things up and keeps your site a little bit more secure than one other option that I add on this is checking this box here to immediately lockout invalid usernames.

Sometimes, if your site gets into this crosshairs of somebody that is trying to break into your site, they’re going to use all kinds of different usernames and password combinations.

If you remember back to one of the first sessions that we did, when we were installing WordPress, we said that we want to make sure that we choose something other than “admin” as our default username there. This is why because they are going to try to guess your password by running a script against it, or it could be just manual attempts.

So when you’ve got good usernames for yourself and anybody else that maybe associated with your site, it tightens up the security. Then if you select this box, any attempt to log in that is using an invalid username meaning that it’s not among those usernames that are already part of your user list on your site automatically going to lock them out.

I don’t have any problem with doing that. It’s making things a little bit more secure in keeping people out of your site that are trying to break in. The rest of these options here are pretty straightforward.

Like I said, you can use the default here for pretty much everything. Then if you’ve got a question about your site, and you want to just do a proactive scan, it will scan your site to see if there’s any malware or any issues that it’s finding.

You’ll also get notifications and Wordfence for outdated plugins and those kinds of things. You’ll want to make sure that you’re keeping up to speed on those things, too.

Wordfence is a great tool to make sure that you’ve got your site locked up tight. Like I said, the default options here for the most part are going to be easy to work with.

This is another one that as your site grows you’re going to want to dig a little bit more deeply into some of the more in depth and advanced features.

That’s really just going to depend on what your site is doing and what you’re planning on doing with it and how things are running. Make sure that you get the basics in place so that you can get your site up and running and that’s what we’re doing here.