Wordfence Security Plugin Tutorial - How To Secure Your Wordpress Website πŸ˜ŽπŸ”’

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
getting hacked sucks I've been there once where I woke up one day and there was a big you got hacked by no the hackers name and it was there was music and everything it was bad so I take this video I'm gonna talk about wordfence kind of give you the general oversight of some of the settings and just explain how the plugin actually works now wordfence is actually the number one most recommended security plug-in in the WordPress repository with more than three million active installs now second place would be I things but I'll have a second video on I themes now all guys security is the most important thing I can't trust it enough because all of your hard work can get deleted like that by some guy who's just who's just who's just out to get you for no reason I've been there and people try to hack my website all the time it's just how it goes in word WordPress so say this video I'm actually gonna go ahead and walk you through the word friend settings to just kind of give you the overview of it's even talked about the pro version isn't worth it or not well let you decide so school over here to my demo website flotsam tour comm where people have been trying to hack it and I have proof I have proof of it so right here you'll go to plugins and you'll go to add new and you can just go ahead and install this plug-in if you've never installed it in fact if I go to popular right here it should actually pop up on the front page right here as far as security goes so it looks like right here it's wordfence and again this is the most trusted security plugin for WordPress I think also because it offers the most and there's one key feature about this plug-in that other plugins offer in the pro version but this one you can get it for free and it's actually a pretty helpful feature so once you install the plug-in over here under wordfence you'll see your new dashboard you'll have all these new options such as firewall scan etc now with this right here you can go ahead and scan your entire website and you can also it manage the firewall excetera etc they'll also talk about notifications now in this specific websites I scanned it and there are some files that are potentially potentially malware and they're very commonplace in the WordPress I guess you want to say there's certain file you see those files generally there malware so right here I'll go ahead and check out the issues of the skin now when you scan your website it can take anywhere between a few minutes to an even an hour so mine took around 30 minutes once I scanned it and they basically just gave you little things to look at so malware scan file changes passwords shrinks etc so right here they're saying WP feed is a critical issue and this appears to be malicious now they feed along with there's one more it's like WP v HT D or something like that it's usually known for being malware so we're defense is actually detected it and told me about it so what I can do here is I can actually go ahead and delete the file and fix it so that's really helpful because you're gonna come across files that you're looking at saying what is that file a hint they're not your files but these people out there they put these files int into your into your WordPress websites to get information maybe it's a key logger or maybe it's something that doesn't belong and that you really need to get the hell out of your server and also right here they give you they talk about plugins that are no longer available so here you can see that this plug-in right here is no longer being supported and this is very important because if there's a plug-in that's no longer that was removed and that's no longer supported that plug-in can have vulnerabilities because again it's no longer so no longer supported so it can have a lot of vulnerabilities for people to hack in on the back end and it happens to a lot of plugins it happen to very social media plugins it happen to manage WP it happens to a lot of plugins so getting rid of old plugins is essential you need to get them out of there especially if it's no longer being supported because they can have a lot of vulnerabilities and that leads to back-end waste to your website where people can hack and do all sorts of really annoying stupid things but here you can see that they're just saying this file type doesn't belong this one right here is actually a malicious one as well and what you can do here is just go ahead and just do a Google search saying okay I have this file right here I might be using it I'm not really sure maybe I should do a search on it on on the internet and see what other users are saying now this file right here and this all right here are known to be malicious so I should probably delete these files they're known in the community for being malicious but then again you might want to go ahead and check it out etc here it's just giving you other little notices saying that some of your subscribers have a very easy password maybe you want to go ahead and change it and then these right here are just update some of these are just something that are you know not to series the critical ones are something that you might want to look out for so in that regard were defense is really helpful it kind of gives you an insight on what to look out for let's take a look at the actual the firewall right here so that was the scan so when you scan your website it's gonna notify you of things to look out for and everything else this right here is the firewall so this is basically things that you might want to look out for so if you have a lot of people trying to log in all the time generally that would be considered something to look out for with the pro version you can actually go ahead and black list a lot of these IPS right away right here you can actually block by country now that is specifically for that premium version and that actually is really helpful because let's say for instance you're an e-commerce website you might want to block a lot of other countries that have no interest in your product and if they were to buy something you don't ship over there you know that can be really annoying also for GDP are the the Communists the the communists thing they're doing over there in Europe you might need to block some of those countries because we don't want to comply with GDP our I don't want to comply with GDP our I don't care what your up says it's like you know what do then I mean a lot of websites like those news media outlets they've all blocked Europe because they don't want to comply with GDP arms so they just says okay we're just gonna block you and if your continues to do this whole crazy thing over there they're gonna have a lot of problems with YouTube eventually because YouTube is in the tops of blocking them as well but let's not get off-topic here so here they're just they're just basically saying that you might want to upgrade to premium because actual this rate your again is a premium feature where the firewall it did in every 30 days but with the premium version it's updated instantly so that is something to consider but you can just kind of get an oversight of you know if someone's trying to log in on your websites that the firewall is actually there to help you can do rate limiting which is actually very very very helpful because what this is gonna do is it's actually going to we'll talk more about this actually a little bit later when we talk about all options that's actually in the all options setting I don't want to get off too I don't want to get all over the place here but definitely a firewall and scan are very helpful you can see right here that they're letting us know of things to look out for next we have tools so tools right here is live traffic and we can see what they're trying to login damn it so these people are all trying to hack my website they're all trying to hack me right here you can see that they are trying to login with - to be P - login so there's quite a bit of them you know now that actually might be people that are actually trying to login to their shop page so not necessarily trying to hack so if these people are hitting a rate limits which is they are they're entering the wrong information all the time we might want to throttle them I'll talk more about that setting in just a bit but here you can just get an overview of where your traffic is going what are they doing so if they're going on pages or they're trying to access certain things that they're just not supposed to get rid of them block them here we got people from Bangladesh trying to login we got people from United States Morocco Egypt South Korea Bangkok that's probably me and then India Frankfurt it looks like right here we have the same user all the time I'm not that's something - something to consider but it's actually from different IPS which is very interesting very interesting except for these ones right here let's say we have three users but that's just something to look out for and also if you want to know more about that person you can go ahead and look up that IP and if that person is known for having malicious attacks that you can go ahead and ban that person you can also go ahead and import and export these same options etc and then this right here is diagnostic setting so this is something you can go ahead and check out and look out it looks like my site's being so slow but that's something you can go ahead and take a look at right here we're gonna go to login security oh we're gonna go to we're gonna go to tools I think we're on tools right now yeah tools and next we're gonna go to login security now this is one of the only features that wordfriends offers that other companies don't because this is actually available in the free version now I themes and other various company to offer this same feature however it's in the pro version so two-way authentication so what that means is that you'd have to get your phone and you'd have to scan the bar with your phone then that would be the only way to log into your website so if you lose your phone unfortunately you can have the codes right here now I probably need to go ahead and after this video I'm gonna have to change these codes again because once someone finds your codes guys they can actually log into your websites and that would not be cool so if you ever lose the if you ever lose your phone they give you backups as far as recovery codes so various websites offer that so if you lose like your phone you can use the backup codes so login so that's just an additional way but I find that this feature is really helpful because I don't like the fact that you only have a password you know but with two-way authentication that actually is a big layer security in fact on my youtube channel I actually have two-way often in keishon so if someone does figure out my password after that they then have to actually they'll have to actually enter the key from my text messages so that's what YouTube gives us and that's the only layer of protection we have so I have to use it because I don't want someone to just guess my password and they guess it I need some I need some more security damage you know so two-way authentication is a huge plus as far as security goes and this is available in the free version of wordfriends so that is something to check out next we're gonna go to all options which is the last section right here so right here is your word fresh license we're fence license which is this is free and then right here we have some other various options and then right here we have some general word fence options and generally you probably want to go ahead and leave this checked I would not have this check right here because I never like auto-updates never never never never because sometimes a plug-in that isn't compatible with that other plug-in can cause conflict so don't update unless absolutely necessary right here we have other various options but these are just kind of optional like hide WordPress version etc so at that point I'm gonna leave those blank right here dashboard notifications you can go ahead and leave those I think that's pretty self-explanatory email preferences you can go ahead and get notified if someone's trying to hack into your website or if there's this very suspicious behavior which happens quite a bit activity reports which is really really cool so they're gonna go ahead and just give you a general overview of everything that's going on on your website and they'll email to you once a week which I find is very helpful especially with customers if they want to know hey you know is this being hacked or whatever here you can whitelist services which is also another really cool feature because manage WP actually gets blocked a lot so they actually have a specific setting for manage WP in fact I use manage WP my WordPress web hosting so or my WordPress web hosting competition so that again is really cool now this one right here is actually pretty important so brute force protection so this is probably the most important options in the actual settings right here so this right here is basically when people start to actually try to log in on your website so this can cause a very big cost for concern because at that point it's saying okay well people are trying to log into my website that's an issue so right here we have lock out after how many failures so I'm gonna say you know maybe after 10 after 10 tries I don't want people to be able to log in for another 4 hours because at that point or six hours who's at that point I don't know if it's a bot or not so now you can go ahead and say 20 which I think 20 is the default but maybe 10 something like that because it's up to you at that point you know but then again if it's a real person they're gonna email using hey man you locked me out of my website or I can't my account and you'd have to actually go ahead and let them back in in the settings tab for our users right here right here lockout after how many passwords attempt so after they fail their password attempts after 20 times you're gonna go ahead and lock them out of their accounts so that's something that would you would probably want to consider right here you have enforce strong passwords now this can be very annoying but then again it also helps people not get hacked so you ever been to a website where it's saying your password isn't strong enough dude and it's so irritating but it forces you to make a really long password and that actually helps people from not getting hacked as much so I would probably have that checked as annoying as that is over here you have just some other various options right here right limiting now this right here is actually the same thing as brute-force attack so again these are probably some of the more important settings and these settings right here would probably help you from getting DDoS attacked it would probably have you from getting DDoS attacked and it also helped your server from not getting overloaded because when you get DDoS attack unfortunately it uses a lot of resources and that's the actual whole point of a DDoS attack is to exhaust your resources on your server so your actual hosting company is gonna say hey man something's going on in your website so let's take a look at these right here so right here I'm gonna go ahead and block the fake Google crawlers and this is actually beneficial from scrapers so the scrapers are are basically scrapers can be anything they can be plugins they can be other websites that can be scripts and what they're gonna do is they're gonna try to steal all of your content away on your website and they're actually gonna try to rank from your keywords on your blog post and everything else and we're gonna try to rank for on their websites so by having this option sets you can actually prevent that in fact there is a plug-in on envato markets that will actually that's actually designed to actually steal content from other websites in fact let's go ahead and call them out let's take a look here so this plug-in right here the wordpress automatic plugin this is a scraper right here and this is specifically designed to steal content from other web sites and the best thing to do would be to have that little checkbox checked because that's gonna actually prevent it from stealing your content and now this plug-in it's I don't know that they're they're kind of saying it's not stealing contents but it's designed specifically to steal content so this right here is an example of a scraper so this right here is going to take posts from almost any other WordPress website automatically so what you'd want to do here is you all want to have that checked because that'll prevent those from stealing your content so right here are some very important settings so if any one request exceeds 30 per minute then block it now the reason why we're gonna do that is because 30 requests in a minutes is a lot and generally people who are doing that are probably not humans they're probably scripts they're probably bought so at that point I'm gonna say if someone's actually trying to have at least 30 requests in two minutes that probably is not a human being and I'd probably want off my website so I'm not actually gonna go ahead and block it now right here if a if a crawlers page exceeds five per minutes then block its because at that point the crawler might be malicious the caller might not be genuine the crawler might be doing something that I don't know and personally Google actually only crawls it once or twice so if they're doing more than five per minutes at that point I would consider just to block it's right here if a crawlers pages not bound for for exceed I would just go ahead and leave that if a human's page if a human's pageviews exceed 15 per minutes then throttle it so what that means is basically saying if you have a visitor on your website and they're just going through pages two pages of pages at that point they're not engaging on your website and they're actually becoming problematic because they're taking too many resources on your server so if they're just going through 15 pages if they're going through 15 pages in under a minutes that's very spammy and that's very unlikely and at that point I would not even consider that person a human so at that person I'm gonna throttle it I'm gonna protect myself and my resources by saying look man you're going to my website way too fast I don't know what you're looking for what you're doing but you're not really engaging in my website and you're not participating and looks like you're doing something else so at that point I want to throttle them and then right here if a humans page not found four four exceeds we can just leave that as unlimited because actually I'm not really even sure about that because if they're hating four or four errors all the single time maybe you want to go ahead and throttle them so maybe if they're hitting ten per minutes then throttle it now again that could be your problem because maybe you have broken links so that's why I kind of want to just say unlimited unfortunately but if you have a website that's fully optimized and that's how it should be then maybe you'd want to go ahead and do something like a 10 per minute or something like that because if they're getting that many four or four errors I don't know what they're doing on your sites and I would you know want to protect myself and just say look man then we're gonna follow you because I don't really know now throttle means just to slow them down just to use very little resources for that particular IP address and then right here we have why this in URLs where you can go ahead and whitelist specific URLs because sometimes using third-party plugins and your site will actually block it and that's very common place even your server might block its and if you actually whitelist an IP address it'll actually help that IP or service get through companies like um WP engine I had problems with their IP address when I was actually using my best web hosting competition so it does happen sometimes this right here is a premium feature which you can go ahead and block certain countries from visiting your website and there is a lot of reasons to do that so if you do want to purchase the pro version that's something to consider and then right here like word fretts choose to scan my websites you can go ahead and let them scan it's right here we have different options we have limited scan standard scan high sensitive and now also keep in mind that when you use these scans it's going to take a lot of resources on your server so just keep that in mind so you'd wanted to go ahead and scan just sometimes guys don't scan every single day because that could use a lot of resources depending on how big your website is so just be be mindful about the scans don't get too crazy about it the right here a bunch of default options and I think that most of these are self-explanatory and are pretty good here we have performance performance options now due to the fact that I don't know how many resources your server can handle I'm just gonna go ahead and skip the performance and the and the advanced scan and then right here we have tool options which are basically just exporting exporting importing exporting and then also right here login security options are available for login options page so you can go ahead and mess around without if you choose to do that now in general these are just basically some options that you'd want to have checked and checked on a wordfriends I think is one of the optimal ways of defending your website against against intruders their scam is actually really really helpful on my skin it found actual heart or I found malware and then you can go ahead and also manage your firewall to you know to prevent brute-force attacks and also just to make sure your viewers I'm sorry your visitors aren't doing anything weird like they're not going to a bunch of four or four pages maybe they're looking for a specific login page I don't know you know but that but it's just good to have this plugin because you kind of protect yourself from other malicious content also if your site does get hacked and fortunately remember this this plug-in right here it'll go ahead and and get rid of malicious files and everything but if there is a trojan or if there is a script that's actually embedded onto your site or if someone's injected any malicious content the plugin unfortunately can't fix that so this right here again is just trying to prevent it and delete some files but if you have fully been hacked wordfence actually has a service where they'll go ahead and help your website get unpacked and a small fee I think it's like 150 bucks or something like that $179 and that's actually really helpful because WordPress actually has all the data already to fix your site and if you were to take your data to another company they usually don't want to work with that and they want to do their own independent audit so I think that's in conjunction with wordfence they can actually fix your site which actually makes it really really convenient so again I hope hopefully this video was helpful wordfence is by far one of the best security plugins out there I think that if you're running a website I think it's a great plugin to have now a year ago when I was using it it did slow my website down and that was because it was using too much resources at the time but I think by now they've actually fixed that and I think that you won't see us your site get too slow when you actually run it on your website because they have actually optimized it because I again a year ago it was slowing down my website so I will say that about this plugin but if you don't want it if you don't want to use wordfence I will be having a small video on I themes as well and I themes is an additional plugin and I would only recommend these two plugins I would not recommend this plug-in right here because I mean would you really want to trust your website with tips and tricks you know like tips and tricks that name right there is just and look at this person of word pressures are using I mean look at this version that version of over there is like super old that is like five years ago they're not even updating their page what are they doing over there but again I hope this video is helpful again let me know if you have any questions or something that I missed or if you just want to go ahead and voice your opinion about wordfence my name is Darrell Wilson and I will see all of you party people later
Info
Channel: Darrel Wilson
Views: 36,435
Rating: undefined out of 5
Keywords: wordfence security plugin, two way authentication, wordpress, wordpress plugin, wordpress security plugin, best security plugin for wordpress, wordpress security, wordpress security tutorial, wordfence plugin, wordpress security tips, wordfence security, how to secure wordpress website
Id: KEWORGRSNHo
Channel Id: undefined
Length: 23min 42sec (1422 seconds)
Published: Tue Feb 18 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.