WordFence is vital for self-hosted WordPress instances.
I’ve been hosting WordPress websites for a long time. This blog I migrated to WordPress in 2004. I had experience with it running San Diego Blog which started on B2 and I converted to WordPress in Summer 2004. So I’ve been hosting WordPress a long time. There’s a reason the software is popular. It’s free, flexible, straightforward to customize, theme, improve, update.
This ease-of-use has brought ubiquity. So much so I attended Creative Mornings San Diego the other morning and one of the sponsors was WordPress. The short description of WordPress included the tagline “powering 25% of websites.”
Ubiquity has made WordPress an extraordinarily attack surface area for hackers. (Like Windows has been for a long time! Yay?!) I’ve seen hacks against user accounts, against the upload feature, I’ve seen worms, and DOS attacks and everything in-between. An absolutely vital tool for me has been WordFence. They’ve done a great job on the free version of the tool. I feel like the paid version is a bit too pricy for my own usage, but WordFence version 7 has been a great update already. This blog has had some targeted SQL injection attacks as well as some suspicious user creation behavior directed at it that WordFence alerted me to and thwarted successfully.
I run several other websites and having WordFence do this kind of work and keeping me up to date keeps my mind at ease.
ArtLung : Suspicious Activity: “An admin user with the username backup was created outside of WordPress” ~ 22 Feb 2018
February 22, 2018 6:00am