Security is the most neglected part of a WordPress site life cycle. Many people recall it when it is too late when their sites are already hacked. You probably won’t be one of them so please take it really seriously. The WordFence Security plugin will fully protect your site against attackers and their malware software.
The plugin is available for free in wordpress.org repository. You can download it
or install directly from the WP Dashboard › Plugins › Add new panel.
Like all other plugins from wordpress.org site, when a new version of the plugin is available, you will be notified about it directly in your WP Dashboard.
As a good starting point, please check the How to Configure Wordfence Security Plugin for WordPress tutorial.
Security Good Practices
The Wordfence Security plugin gives you almost ultimate protection. If this plugin detects any potential security issue you will be immediately notified about it. But it can’t detect and solve all of them. Some are related to human nature, so we also strongly advise to stick to these rules:
- Keep plugins up to date
- Remove unused and inactive plugins
- Don’t give the admin access to anyone
- Make sure that users with access to your site have a correct access level
- Use strong passwords (Wordfence has an option to force your users to use strong passwords, use it!)