Websites are lucrative targets for hackers and malware. Many are not protected sufficiently and don’t have a backup plan in place. As WordPress is the most widely used website system on the internet, it is the most significant target, and vulnerabilities are continually being sought out.
High-end security can be expensive, so I want to show you how I blocked 1,596 attacks on one WordPress website (ours) in just one month without spending a cent.
Most small businesses are unwittingly subject to attacks like this against their websites every day, costing money in website defacement, ransomware and most commonly, an impact that goes unnoticed: additional server resources required to keep a website online, and the site potentially going offline.
Tool 1: Cloudflare Free Edition
Our first tool protects your website by blocking potential threats before they can reach your server.
Cloudflare provides a type of free content delivery network with other features included that helps protect and speed up your website. Paid editions and paid upgrades are also available. The free version does, however, include the Cloudflare firewall, a tool that can help to block attacks on your website. This tool sits within the Cloudflare network and attempts to stop potential threats before they reach your site. They do this by analysing the traffic, where it is coming from and coordinating that data with threat data from around their network. This month, they blocked 482 threats to our website.
The signup and configuration process is straightforward, but you do need to be comfortable changing your domain name DNS settings or have someone on your team who can do it for you.
Sign up at www.cloudflare.com
Tool 2: The free Wordfence plugin.
Our second tool protects your website by blocking threats that have reached your site.
Wordfence provides extra protection for WordPress in both a free and premium plugin. Their free plugin includes a firewall that can help protect your website from more attacks than you knew existed. One caveat though is that it does put extra load on your server, mainly while the malware scan feature runs, so you will need to assess when the best time is to run malware scans or whether to disable them and focus on the other protections it provides.
The free plugin gives you:
- Web Application Firewall: This helps your website to block attacks. It’s a wall around your website that uses Wordfence’s global attack database to detect and thwart various kinds of attacks on your site. The free version does not include any new attack types identified within the last 30 days, but still gives you miles more protection than not having it at all.
- Malware Scanner: Helps to detect malware that got through to your website and can help you to remove it, however, it doesn’t include the premium scan.
- Brute-force potection: Blocks users who have too many failed login attempts in a short time period.
For me, the Wordfence Web Application Firewall blocks the majority of attacks. In this one month alone it prevented 1,114 attacks. So even if you only use the firewall, it gives you a massive boost in protection.
You can get the Wordfence plugin from the WordPress repository here.
Can these tools completely protect your WordPress website?
In short, no. The goal here is to protect your website from as much as possible. You can read more in this blog post about other things you can do to protect your site. At TerraMedia, we offer a service called Web Shield. This service includes site protection, backups and a malware recovery guarantee that ensures if there is an attack on your website and we can’t get it back online, we’ll build you a new website.