Wordfence Setup Tutorial & Firewall Settings (Free version)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey how's it going Alex here from idea spot and in today's WordPress tutorial you're going to learn how to set up the wordfence security plugin so wordfence is an extremely popular wordpress security plug-in and it includes a free firewall which is what makes it quite popular I don't know of many other ways to get a free firewall on WordPress besides by using word fence but the configuration for most cases is pretty easy but in some cases it requires a few extra steps so if you're interested in getting your word fence firewall all configured and optimized keep watching so the video is divided into sections most people will only really need step one the standard automatic installation most cases that's going to work just fine straight out of the box then I've included a section on how to set up the two-factor authentication that adds an extra layer of security on to your WordPress dashboard log in so you can log in using a phone or a tablet and use a code in addition to your password and then I've got extra steps three and four so most people are not going to need these step three is for some cpanel hosting services where you need to do a manual setup to get the firewall optimized properly and then step four for nginx you need to restrict access to use it any if your server runs nginx and so often on VPS setups you'll need to do that by yourself and get that configured properly but I have links in the description to each section if you're interested in a particular section you can just jump straight to that section but anyway let's get started first thing we do is go to plugins and add new from our WordPress dashboard I've just gone ahead and search for the word security and here you can see all the most popular WordPress security plugins straight away you'll notice that wordfence is by far the most popular 3 million active installations now that is because wordfence has a very very generous free version on their plugin the other ones don't give you many features in the free version the Pro versions give you more features but this one it includes quite a lot of free things so I'm gonna go ahead and install that one then just click activate so as soon as you click activate you'll get this little pop-up here you'll have to put your email address in there so it knows where to send security notifications to you don't need to sign up for the newsletter though so you can click know there and you can check this box to agree to the terms click continue here if you've got the premium version you can put your license in here we're just going to use the free version just because I'm going to demonstrate the free version is quite fully featured so just click no thanks there so now once we're all installed and activated let's go to the word fence option here in our menu it's going to take us on a little tour you can read these little tour guide points and click Next and then once we've done that it is going to ask us to optimize the word fence Web Application Firewall so here we just need to click to configure and we will get a little pop-up here and it's going to ask us to optimize the word fence firewall so hopefully it's going to auto detect your server config it's going to ask you to download a backup of your htaccess so just go ahead and click that and just in case anything messes up you can restore it I've never had a problem so it's pretty simple and then just go ahead and click continue so it says nice work the firewall is now optimized so hopefully that worked out ok for you sometimes you have to wait a few minutes for it to actually start working and be optimized but you may need to refresh this page but hopefully it works out straight away straight out of the box if you're still having issues I've got some further config later in the video like I mentioned before but for now I'm just going to take you through all the options and the login security and get everything set up so hopefully the fire will optimize just fine straight out of the box and then we can just can't here so let's enable the auto-update just go ahead and click that one the next step we can just go ahead and click all options so from here it will work just fine out of the box with all the options left on default the one I do like to change is the email alert preferences because it does like to send a lot of email notifications I don't really need a notification every time I administer signs in it's only if I'm signing in from a new place that I'd like to be notified and equally non admin user signs in only from a new device or location and that'll cut down the number of notifications the other one you could change if you like after a while maybe you could change this to maybe medium or high scan results it might depend on what which plugins you're running what kind of scan results you get I might actually go ahead and look at doing a scan as soon if you you've installed it it's gonna take you on a little tour through the scan features you can go ahead and read those but you can start your first scan and just click that one it is configured to automatically scan it'll do a quick scan every single day and every three days every 72 hours it'll do a full scan of your whole WordPress install so pretty nice for a free version to just do that on a schedule so here it goes it's just ticking away this is a fresh version of WordPress so it shouldn't take too long to scan this website but there we go we can see going through everything it does malware content safety password strength vulnerabilities it goes through and scans your whole website so that's done the scan turned out okay we can go back to all of our options and actually have a look at the scan options so the basic scan type options I love to leave it on standard you can drop it down to limited or bump it up to high or maybe even customize it but the standard one is the best and it's not going to come up with too many false positives if you're really concerned about something you're worried about a certain plugin or something use the high sensitivity one it's going to come up with probably come up with a few false positives and you'll have to do diagnostics and figure things out but the standard one is going to work good for 99% of users so I just leave it on that scheduling with the free version you don't have a choice like I said it's going to scan every 24 hours and do a complete scan every 72 if you've got the premium version you can set to manually scan as you wish but like I said earlier you can basically leave all these settings on default and it's gonna work just fine the one thing I will cover here is the two-factor authentication so the first time we click login security it's going to take us on a little tour of wordfence 2fa that's two-factor authentication so that's where you use your mobile phone or tablet and you run a little code generator and every time you log into your admin on your WordPress dashboard besides putting a password in you can put the little code from your phone so it gives you an extra layer of security against people trying to log in to your dashboard so go ahead and click the tour you can whitelist individual IP addresses you can add a recapture on there so robots can't try to login to your page you don't really need to do any of those but I do really like to use the two-factor authentication only for administrator you might be able to add editor if you want if you've got editors on your website you might want them to use it as well but for most cases you're just gonna have an administrator so let's go back to 2002 factor authentication here if you've never used a two-factor authentication system before I'd be surprised but the two apps that I like Google Authenticator and of--they I like of--they because it gives you a option to add a pin number on the app if you've got other people using your phone or tablet it's nice to have a pin on the actual app and it gives lots of nice little icons for each security so you can use that for your Facebook in year G mail and Amazon all those things can use two-factor authentication as well so orthey or maybe Google Authenticator just download one of those onto your phone or your tablet use the camera on your phone or tablet and scan this two-factor authentication code in also save these recovery codes if you've got these recovery codes it doesn't matter what happens to your phone or your tablet you can still get back into your site with one of those codes so once you've done all that you scan that into your phone you've got the code generating on and say authy and you've got that number popping up after you've scanned that you can type that number in there and then you click activate and then every time you log in it's gonna ask you to enter the code from your phone and you'll be able to log into your WordPress site more securely with those passwords and codes in combination that's why it's the two-factor authentication if worse comes to worse and you lose your phone and you lose all these recovery codes you can always just go back into your file manager through your hosting and just rename the wordfence plugin and then it will disable the two-factor authentication and you can get back into your site normally anyway so there's that option as well in an emergency so let's head back to our dashboard now this basically wraps up the tutorial for most of us most of us will have had our wordfence all configured the fire will be working just fine and you will be good to go so give the video a thumbs up if it's been helpful so far and don't forget to subscribe because I'm gonna be covering some more wordpress security issues in the next few videos so stay tuned for those for those of you who still need a little help getting that firewall working if you've still got a little optimization message that you need to fix keep watching because I'm gonna cover how to fix that on a lot of cPanel hosts where you need to manually change those PHP settings so keep watching if that's the case the first example I'm going to give is how to do this through the SiteGround control panel okay for SiteGround the process is slightly different and I've just set up a temporary site here on site ground and I'll take you through the process so we go into plugins and we're gonna install word fence same as we did before then we click activate we'll get the pop-up to get the notification email address just fill that in say no there and check that box click continue and just say no thanks here for the free version okay that will be all installed and activated now go over to your word fence menu in the dashboard there okay now it's gonna say it'll take you on a tour but you can just close that off so it will now say optimize the word fence Web Application Firewall so this is the bit that's a little bit different we click here to continue okay now for site ground it actually recommends changing this one to manual configuration so so that's a manual configuration you can go over to the word fence Help section and there is a section here called optimizing the firewall so that's a word fence comm slash help scroll down to here alternative hosting provider setups for optimizing the firewall and there it's going to show you sy create an other similar hosts that use the cPanel so we have to follow these instructions here it's going to say manual configuration and then take note of the autopen file path display it so basically we go here click continue and that also that's working and there we go we've got that auto prepared file path here so the best thing to do here is probably just copy this because you're gonna need that later I'm just going to copy that and then put it into a notepad and I'll use that a bit later so I'll just hit close there okay so now let's go back to our instructions to set this up so take note of the auto prepare file which we just did and go to your site see panel and click PHP very we'll manager icon so this depends on the exact version of cPanel that your host uses but we're gonna be using site ground obviously it's a site ground account go to your site tools site tools will take you here go down to devs and you've got PHP manager sitting there and you've got PHP variables tab there so go ahead and click that you're going to scroll down you probably need to hit load more once or twice before you can find that I'm just going to try and find this auto prepend file so just find that auto prepend file value there so now I'm just going to click Edit on that value and we can just get unnoted and get the path that we've got before from the wordfriends setup so just copy that I need to copy the apostrophes we just want the path with the the PHP file name there I'm gonna just paste that in there and hit confirm so that'll take a second then we'll get our little success message and all up append file is now linked to our word fence with PHP alright so now if we go back to our actual firewall page here you'll probably hit reload and there we go the the message has gone away so that means it's it's all setup protection level is now set to extended protection so that means our firewall is all working and this is this has gone ok all we have to do now is yes let's enable the auto update and now we're pretty much good to go from here all of your options and your login security settings you can use the same methods that we've followed already in the video and just apply them here on site ground the only difference was that for site ground like we just saw the firewall optimization process was just that little bit different but hopefully I've managed to help you get through that thumbs up if you found that helpful but anyway let's continue on with the video for those of you using a CPA shared hosts but it's not like granite something else you can follow a similar process just follow those steps on the wordfence help and you can click here it has screenshots that demonstrate the steps so a normal looking control panel will look something like that you just have to find that PHP variables manager usually that's in your on the front of your C panel somewhere you just have to scroll until you find that PHP variables manager and then just follow the steps on the wordfence help screenshots they're so similar process you're just linking it to that wordfence where path but that isn't particularly difficult but you just have to be aware of it if you're getting those issues during the firewall optimization process the other thing worth noting is the word fence a firewall optimization process for page lis and kin stir again those are a little bit different and they're detailed on the same word fence help file so if you're using one of those just go through and follow those instructions and just be aware of that just to get your make sure the configure is all set up properly and the last thing I'm going to go through here is hiding user in E if your server runs nginx so you can get to that same thing through optimizing the firewall it says hiding the user in efu server runs nginx this will come up during the actual firewall optimization I'll just go through that as a demonstration now okay so I've just set up a temporary website on an engine X server and just installed wordfence and activated it so under wordfence in the dashboard we've got this pop up to say optimize the wordfence web application firewall so we'll just click here to configure and here we're going to have this pop up for optimizing the wordfence firewall and it's going to detect nginx here so so here is where it explains that it's going to create that user any and you're going to need to restore access to it and there has instructions on our documentation site I'm going to open that in a new tab so that takes us right where we were before it's a matter of editing the nginx Khan's file and putting that little bit of code in so let's go back here and let's click continue so that will actually set up a little bit of the process and we click close but we still have to change that user any file so it's still going to have that pop up message here and when you click the configure it's going to still say the same thing so user dot ini' it needs to be restricted so here now we've got a chance to backup I use it in E so go ahead and download that backup and then let's hit continue again and there we go we've got a successful installation and we'll hit close so now let's go ahead and do that configuration file that they recommended so if you're using a virtual private server a VPS you can find this and your next conf in your nginx conte folder if you're using shared hosting that uses nginx you might just have to email your support or raise a support ticket just send them a link to what you're trying to do and they can sort that out for you pretty easily but if you're running your own VPS I'm gonna just show you how you would add this code in so nginx you'll find that here under etc slash nginx nginx conf so you just go SSH or SFTP into your server and find that file go ahead and download it it'll look something like something like this just scroll down to the bottom of that conf file and then go and grab that little bit of code pop that here so just copy that code and then just paste it onto the bottom of your nginx conf file go ahead and save that and upload it into your server and replace the old one or just edit it live with on your ssh and do it that way either way will be fine so once we go back to our word fence dashboard for our nginx setup you will find that everything's working ok now and I'm just going to enable order update for this one as well so that wraps everything up so we covered standard install we covered install on site ground or with cPanel install and we covered a little bit about nginx there so I mean I hope you hopefully you've managed to get a wordfence all configured properly and running because it is a pretty cool little security plugin for WordPress it's just there is a little bit of configuration to it this turned into a fairly technical video so hopefully it was helpful and hopefully you got where you needed to be by the end of it here but anyway I'm going to be covering some more about WordPress security over the coming weeks so hit subscribe if your going to be interested in that but otherwise I'm gonna be coming out with more wordpress tutorials in the future so thanks for watching and I'll see you next time
Info
Channel: IdeaSpot
Views: 15,232
Rating: undefined out of 5
Keywords: wordfence setup, wordfence security plugin, wordfence security plugin tutorial, wordfence 2fa, wordfence two factor authentication, wordfence tutorial, wordfence firewall settings, optimize wordfence firewall
Id: sBnUE0QqyPE
Channel Id: undefined
Length: 21min 8sec (1268 seconds)
Published: Thu Mar 05 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.