How to Secure Your WordPress Website with Wordfence.

Why are you looking for this article? Maybe your website has been hacked. Sometimes, you want to protect your website from hackers before being attacked. So you might need some better security plugins for your WordPress website. With this article, you can learn how to secure your WordPress website, Wordfence setup, and firewall settings. Before that, with the below details, you can get a better idea about how essential good security plugins are.

According to these statics, you can understand how important about secure your website. Use so many security plugins; finally, I stopped with Wordfence. So I’ll show you why I recommend this plugin for you and how Wordfence setup and use it for your website. Let’s get into the topic.

What is WordFence? Specialty of WordFence

WordFence is a full-featured firewall for WordPress, which was launched in April 2016. As a firewall, it protects web applications. So sometimes, it calls Wordfence WAF( web application firewall).

Wordfence provides primary security functions is

  • Malware scanning
  • Brute force protection
  • Two-factor authentication
  • Country blocking

And much more.

According to their data, in the Last 30days, they block total attacks


And Malicious IPs Blacklisted is,


So Wordfence is a viral WordPress security plugin, and it includes a free firewall which makes it quite popular. I don’t know how to secure your WordPress website with a free firewall except for WordFence.

I’ll show you how to set up the Wordfence security plugin step by step. The configuration for most cases is pretty straightforward. But in some cases, it requires a few extra steps. So if you’re interested in getting your Wordfence setup firewall all configured and optimized, let’s go to the next section.

WordFence Setup process

Standard auto-install (most configurations)

Most people will only need the standard automatic installation. In most cases, that will work just fine straight out of the box.

The first thing we do is go to,

Plugins > Add new > Search > Wordfence > install


You’ll notice that Wordfence is the most popular 3 million active installations. That is because Wordfence has a very generous free version of its plugin. The other security plugins don’t give you many features in the free version. The Pro versions give you more features, but the free version includes many free things.

Then click activate.

So as soon as you click activate, you’ll get a little pop-up. You’ll have to put your email address in there. So it knows where to send security notifications to.

You don’t need to sign up for the newsletter, though. So you can click no there, and you should check the check box to agree to the terms and click continue.

wordfence setup

You can put your license in here if you’ve got the premium version. If you are using the free version, click no thanks there. So now, once we’re all installed and activated, let’s go to the word fence option.

wordfence setup

It will ask us to optimize the wordfence Web Application Firewall. So here we need to click to configure. And we will get a little pop-up, and it’s going to ask us to optimize the word fence firewall. So hopefully, it’s going to auto-detect your server config. Also will ask you to download a backup of your “.htaccess.”

wordfence setup

So go ahead and download the file just in case anything messes up, you can restore it. And click continue.

wordfence setup

Let’s enable the auto-update. And scan as soon as you’ve installed it.

wordfence setup

It is configured to scan automatically. So pretty nice for a free version to do that on a schedule.

Two Factor authentication

I will cover here is the two-factor authentication. So the first time we click login security, it will take us on a little tour of Wordfence 2FA.


That’s two-factor authentication. So that’s where you use your mobile phone or tablet and run a little code generator. And every time you log into your admin on your WordPress dashboard, besides putting a password in, you can put the little code from your phone. So it gives you an extra layer of security against people trying to log in to your dashboard.

I do like to use two-factor authentication only for administrators. You might be able to add editors if you want. So let’s go back to Two-factor authentication here. If you’ve never used a two-factor authentication system before, use two apps which are Google Authenticator or Authy.


I like Authy. Because it gives you an option to add a PIN on the app if you’ve got other people using your phone or tablet. Just download one of those onto your phone or your tablet. Use the camera on your phone or tablet and scan the two-factor authentication code.


Also, save the recovery codes. If you’ve got these recovery codes, it doesn’t matter what happens to your phone or tablet. You can still get back into your site with one of those codes.

Authy setup

So once you’ve done all that you will get the number. That you can type in section 2,” enter cord from authonticator app”. Then you click to activate, and then every time you log in, it’s going to ask you to enter the code from your phone. Now you’ll be able to log into your WordPress site more securely with those passwords and codes.


In this article, I try to explain how to secure your WordPress website with Wordfence, and how to install Wordfence and setup. Also, use its firewall and protect your website from hackers. Also, you now know how important security plugins are to your website and better to use Wordfence for your site. If you have any questions, please feel free to comment below.


More from this stream