• Tiếng ViệtTiếng Việt
Theo dõi
Lucid Gen
  • Digital Marketing
    • Email Marketing
    • Facebook
    • Google Ads
    • Zalo Marketing
  • Website
    • SEO
    • Website measurement
    • WordPress
  • Technology
    • Computer tips
    • Mobile
    • Utilities
  • Review
  • Marketing tools
No Result
View All Result
Lucid Gen
  • Digital Marketing
    • Email Marketing
    • Facebook
    • Google Ads
    • Zalo Marketing
  • Website
    • SEO
    • Website measurement
    • WordPress
  • Technology
    • Computer tips
    • Mobile
    • Utilities
  • Review
  • Marketing tools
No Result
View All Result
Lucid Gen
No Result
View All Result

Lucid Gen › Website › WordPress › How to set up Wordfence Security Premium plugin

How to set up Wordfence Security Premium plugin

Chia sẻ và hướng dẫn Wordfence Security Premium

Chia sẻ và hướng dẫn Wordfence Security Premium

10
SHARES
879
VIEWS
Chia sẻ bài viết lên Facebook

Every day, Lucid Gen has about 200 attacks when looking through Wordfence’s report. However, I am completely assured under the protection of Wordfence because I am using the Premium version with full advanced security features. If you are looking for a security plugin for WordPress then do not skip this article. I will guide you how to use Wordfence Security Premium in detail, and also share how to activate Premium for free.

Related posts

  • How to set up Contact Form 7 to connect to Google Sheet
  • Delete unused thumbnail images and disable automatic image creation in WordPress
  • Anti-copy website image with a simple code
Table of contents
  1. What is Wordfence Security
  2. Wordfence Premium Features
    1. Free Edition Features
    2. Premium features
  3. How to activate Wordfence Security Premium
    1. Activate Wordfence Security Premium
    2. Update new version
  4. Wordfence Premium User Guide
    1. Turn on the firewall and configure website protection
    2. Login page security
    3. Scanning for malicious code
    4. Use other tools
    5. Configure email notifications
  5. Note when using Wordfence Premium
    1. Handling errors when moving hosting
    2. What to do when you are blocked by Wordfence
  6. Conclusion

What is Wordfence Security

Wordfence is a product of Defiant – is the world leader in WordPress security. This plugin features firewall and malicious code scanning for WordPress websites.

Wordfence is always up to date with the latest firewall rules, malware signatures and malicious IP addresses needed to keep your website safe.

In addition, this plugin also integrates 2FA (2-Step Verification) and a set of other extra features. Wordfence is the most comprehensive WordPress security solution today.

Wordfence Security – Firewall & Malware Scan

Wordfence Premium Features

Free Edition Features

  1. Firewall – Firewall
    • Web Application Firewall – Web application firewall: this feature helps to protect your website against attacks and hackers from outside. Keep it short, but its use is the most important.
    • Brute Force Protection – Brute Force Attack Protection: protects your website against classic attacks, which is to try millions of different usernames and passwords to detect your login information.
    • Block – Block IP: you can add any IP to your website block list, you can also add rules to automatically block.
    • Rate Limiting – Limit access and steal content: this feature has 2 good points. The first is to block crawlers (crawling bots) to prevent your website from being scanned and content stolen. The second is to prevent bandwidth attacks or DDOS, for example, bad guys access your website in a short time, consuming resources and slowing down your website, making users have a bad website experience friend.
  2. Scan – Malware scan : scans all files on your website for known malicious code, backdoors, shells and other types of malware on Wordfence data
  3. Tool – Other supporting tools
    • Live traffic – View real-time traffic: you can see which country the most recent visits come from, are users or bots. However, we just need to focus on the hits that Wordfence blocked. Like Lucid Gen blocking about 50 IPs a day.
    • Whois Lookup – Check your IP or domain information: this easy-to-understand feature is available on many networks, ignored.
    • Import / Export Options – Import and export Wordfence settings: if you have many websites that need to use Wordfence, you just need to configure it properly and then export the settings to another website, less effort to start over.
  4. Login Security – Login security
    • 2-step verification: a very necessary feature nowadays, I have introduced in the article how to enable WordPress 2-layer security .
    • reCAPTCHA: helps to determine if the logon is a robot or not, does not allow the login to try continuously, also has anti-Brute Force effect mentioned above.

Premium features

  1. Premium of firewall
    • Real-time Firewall Rules – Auto add firewall rules: Wordfence’s firewall uses firewall rules to identify and block malicious access to your website, protecting you from WordPress attacks and the latest security holes.
    • Real-time IP Blocklist – Self-blocking IP according to Wordfence’s blacklist: block IPs that regularly attack WordPress websites, help protect website and increase website performance (ie, save resources for bad guys).
    • Country Blocking – Blocking IP by country: feature is according to Lucid Gen is best of Wordfence Security Premium features. Block countries around the world from accessing login page or your entire website. It’s great if I block all countries (except Vietnam) from accessing the login page.
  2. Premium of malware scanning
    • Real-time Malware Signatures: automatically detects malware on your website in real-time, just like other anti-virus software on your computer, detects malware that it blocks and reports immediately.
    • Spamvertising Checks: check if your website has “Spamvertis” (which is the term that says advertising bad content through spam) or not.
    • Spam Check: check that your website’s IP is generating spam.
    • Blocklist Check: check if your website is in the list of blocking domain names.

How to activate Wordfence Security Premium

After downloading Wordfence, do not activate the plugin, but follow this guide to activate the Wordfence Security Premium key first.

Activate Wordfence Security Premium

You use the File Manager on hosting or use the Edit plugin feature on wp-admin to edit the wordfenceClass.php file.

wp-content/plugins/wordfence/lib/wordfenceClass.php

Go to the 2005-2009 line (later versions may differ slightly) for the following lines:

		// Sync the WAF data with the database.
		$updateCountries = false;
		if (!WFWAF_SUBDIRECTORY_INSTALL && $waf = wfWAF::getInstance()) {
			$homeurl = wfUtils::wpHomeURL();
			$siteurl = wfUtils::wpSiteURL();

Then add these lines right below the row:

			wfConfig::set('isPaid', 1);
			wfConfig::set('keyType', wfAPI::KEY_TYPE_PAID_CURRENT);
			wfConfig::set('premiumNextRenew', time()+31536000);

The end result will look like this:

		// Sync the WAF data with the database.
		$updateCountries = false;
		if (!WFWAF_SUBDIRECTORY_INSTALL && $waf = wfWAF::getInstance()) {
			$homeurl = wfUtils::wpHomeURL();
			$siteurl = wfUtils::wpSiteURL();
			wfConfig::set('isPaid', 1);
			wfConfig::set('keyType', wfAPI::KEY_TYPE_PAID_CURRENT);
			wfConfig::set('premiumNextRenew', time()+31536000);

This is an overview of the activation process of Wordfence Security Premium.

Kích hoạt Wordfence Security Premium
Activate Wordfence Security Premium

Update new version

When you want to update to the new version and still keep Wordfence Security Premium, follow these steps:

  • Step 1: You deactivate Wordfence.
  • Step 2: You update Wordfence to the new version.
  • Step 3: You can re- activate Wordfence Security Premium as instructed above.
  • Step 4: Re- enable the Wordfence plugin and use it as usual.

Wordfence Premium User Guide

Lucid Gen will now walk through Wordfence’s most prominent (essential) features. Some other miscellaneous settings I did not mention in this article is because it is not so important, when you have time you can research more and customize as you like.

After activating the plugin you will receive this message, enter your admin email, select NO to not receive Wordfence newsletters, check the agreement with the terms and click Continue.

Hướng dẫn Wordfence Security Premium
Guide to Wordfence Security Premium

When entering Dashboard, click No thanks in the message asking if you want to automatically update the new version or not. How to update must be manual as the instructions above.

Bạn nhấp vào No thanks để không tự động cập nhật
Click No thanks to not automatically update

Turn on the firewall and configure website protection

Turn on the firewall

Option 1: The first time using Wordfence, you will see the message “To make your site as secure as possible, take a moment to optimize the Wordfence Web Application Firewall” click CLICK HERE TO CONFIGURE . Then, you click DOWNLOAD and CONTINUE button to complete.

Option 2: Click on Firewall on the left menu, on the right, go to All Firewall Options and then click OPTIMIZE THE WORDFENCE FIREWALL button . Then, you click DOWNLOAD and CONTINUE button to complete.

Hướng dẫn bật tường lửa Wordfence Security Premium
Instructions to turn on the firewall Wordfence Security Premium

You have turned on the firewall. But when using it, Wordfence will leave Web Application Firewall Status in Learning mode , you just leave it to learn, it will jump through Enable and Protecting .

Đã bật tường lửa cho Wordfence Security Premium
Enabled firewall for Wordfence Security Premium

Configure Brute Force Protection

  • Lock out after how many login failures: Block IP after many failed login attempts, this item I will leave 1-2 times because we are real admin, there is no reason to log in wrong many times.
  • Lock out after how many forgot password attempts: Blocking IP after sending password request many times, I will keep it 1-2 times .
  • Count failures over what time period: The total number of times is counted in what period of time, I leave 1 day to be stricter (choose maximum).
  • Amount of time a user is locked out: How long will the user be locked out of IP, I choose 2 months (choose maximum).
  • Immediately lock out invalid usernames: Block IP immediately if anyone logs in with these usernames, enter the names that everyone thinks, remember not to enter your username.
  • The rest of the options: these are not important, you should turn them on.
Hướng dẫn cấu hình Brute Force Protection Wordfence Security Premium
Instructions for configuring Brute Force Protection Wordfence Security Premium

Configure Rate Limiting

  • How should we treat Google’s crawlers: How you handle content crawlers (bots that scan Google content), you choose Verified Google crawlers will not be rate-limited . Google scans freely to get indexed quickly. The other bots we will handle with the options below.
  • If anyone’s requests exceed: if the user or bot exceeds the number of hits, I choose 120 per minute then block it (120 pages per minute then block IP).
  • If a crawler’s page views exceed: if the bot exceeds the existing number of pageviews, I choose 120 per minute then block it .
  • If a crawler’s pages not found (404s) exceed: if the bot exceeds the number of non-existent pageviews, I choose 60 per minute then block it .
  • If a human’s page views exceed: if the user exceeds the existing number of pageviews, I choose 120 per minute then block i t.
  • If a human’s pages not found (404s) exceed: if the user exceeds the number of pageviews that do not exist, I choose 60 per minute then block it .
  • How long is an IP address blocked when it breaks a rule: How long will the IP be blocked, I choose 1 month (maximum level).
Hướng dẫn cấu hình Rate Limiting Wordfence Security Premium
Rate Limiting Wordfence Security Premium Configuration Instructions

Login page security

If you follow this guide of Lucid Gen then make sure the bad guys can’t attack Brute Force too. Because they have not managed to get into the login page, IP has been blocked. If you can access the login page, you have reCAPTCHA so you cannot detect the password, and add 2-step verification. Maybe by the time they go down the hole, they can’t get in this way.

Hướng dẫn bảo mật trang đăng nhập với Wordfence Security Premium
How to secure login page with Wordfence Security Premium

Block countries

In which country you live, only that country can access the login page, the rest of the countries will be blocked. For example, if you live in Vietnam, you will do like this.

Click Blocking on the left menu, on the right you select Country, check Login Form , click Pick from list (choose from the list). Then, click the Block all button above, scroll down to find Vietnam to quit and click the Update block button .

Hướng dẫn chặn quốc gia (country blocking) Wordfence Security Premium
Guide to country blocking (country blocking) Wordfence Security Premium

Block by URL

The bad guy in a foreign country no longer matters, but what about the bad guy in your own country. Just do it this way and you won’t have to worry.

The logic of this section: bad guys often try to access your login page using the default URL easy to think of as wp-login.php, login, admin, dangnhap, dangnhap … Then you will change The login page URL becomes a URL that no one can think of, only you know. Then, you set Wordfence to automatically block bad guys from trying to access predictable URLs like the ones above. When they are blocked, how can they try it again, every time they persevere, they have to change IP, with this difficulty, they will give up ^ _ ^.

Step 1: You install the WPS Hide Login plugin to change the login URL.

WPS Hide Login

Let’s change it into a funny URL that no one can think of. For example url-no-anyone-doubt, it is true that the URL no one came up with ^ _ ^.

Thay đổi URL trang đăng nhập WordPress bằng WPS Hide Login
Change the WordPress login page URL with WPS Hide Login

Step 2: You go to All Options in the left menu to find the Advanced Firewall Options section. Please paste the URLs that the bad guys easily guess into the Immediately block IPs that access these URLs section.

Danh sách này là ví dụ cho bạn nhé
/wp-login.php
/wp-login
/dang-nhap
/dangnhap
/login
/admin
Hướng dẫn chặn theo URL trên Wordfence Security Premium
Instructions to block by URL on Wordfence Security Premium

Turn on 2-step verification for login

I recommend that you enable 2-factor security for any account that is important to you on the Internet. In the past, this feature was the year in Wordfence Security Premium, I added it to the regular version later.

Click Login Security on the left menu, then use Google Authenticator to add the 2-step verification code to your device.

Hướng dẫn bật xác minh 2 bước trên Wordfence Security Premium
How to enable 2-step verification on Wordfence Security Premium

Turn on reCAPTCHA login

Having reCAPTCHA will make it difficult for bad guys to detect your password, if you have configured the Brute Force Protection strictly like you, you can also ignore it, because reCAPTCHA is not currently compatible with the sites. using Woocommerce.

Step 1: To use reCAPTCHA feature, visit Google reCAPTCHA page to create an account. You choose reCAPTCHA v3 offline.

Đăng ký reCAPTCHA v3
Register for reCAPTCHA v3

You will use this Site key and Secret key to fill out Wordfence.

Mã reCAPTCHA v3
Mã reCAPTCHA v3

Step 2: You go to Login Options on the Wordfence menu, on the right you select the Settings tab, scroll down to the Enable reCAPTCHA on the login and user registration pages section, then check the box and Paste the key and Save .

Hướng dẫn sử dụng reCAPTCHA của Wordfence Security Premium
Wordfence Security Premium reCAPTCHA user guide

Scanning for malicious code

When using this section, you will ask Wordfence to scan or schedule to automatically scan. When there is a problem Wordfence will list below, you just follow that and fix the error only. However, you don’t have to fix all the problems, you can ignore them for your own reasons.

In this section, you only need a little configuration, click Scan Options and Scheduling .

Hướng dẫn sử dụng quét mã độc của Wordfence Security Premium
Wordfence Security Premium’s Manual for Malware Scanning

Go to the detailed installation page you configure as this tutorial:

  • Scan Scheduling: since we are using Wordfence Security Premium, you have the right to schedule scans at your disposal. I will have Wordfence scan late at night so that it won’t affect performance during hours with lots of access.
  • Basic Scan Type Options: You choose the highest level of High Sensitivity.
  • Performance Options: You check Use low resource scanning to scan slowly without rushing to keep good website performance.

As for the Advanced Scan Options section, paste the following 2 lines into the Exclude files from the scan that match these wildcard patterns (one per line) so that Wordfence will ignore the file you have edited to activate Premium.

wp-content/plugins/wordfence/lib/*
wp-content/plugins/wordfence/lib/wordfenceClass.php
Hướng dẫn sử dụng Scan của Wordfence Security Premium
Wordfence Security Premium Scan User Guide

Use other tools

The features in the Tools section are unimportant, but they are also less helpful for you in some cases.

View and install Live traffic

Usage: sad to watch and play, seeing any man deliberately attacking the web many times, then click the block button handy.

Setting:

  • Traffic logging mode: access log mode, you should choose SECURITY ONLY so that Wordfence only logs for malicious access that is blocked. If you leave all the traffic on will cause the website performance to decrease significantly and we do not need to record what normal traffic does.
  • Amount of Live Traffic data to store (number of rows): the number of rows of logs is saved, the lower the number of logs, the less resources your server will use.
  • Maximum days to keep Live Traffic data (minimum: 1): the number of days to keep the diary, I leave it 7 days, you can keep it more depending on your purpose.
  • Other options: not important, leave it as is.
Hướng dẫn sử dụng Live traffic của Wordfence Security Premium
Wordfence Security Premium’s guide to use Live traffic

Use Whois Lookup

You can paste the IP or domain website to check the information. Just like any other Whois site.

Hướng dẫn sủ dụng Whois của Wordfence Security Premium
Wordfence Security Premium Whois User’s Guide

Export and import Wordfence settings for other websites

This feature is quite handy when administering multiple WordPress websites. You only need the best configuration for a website and then export its installation code to import to another website.

Hướng dẫn xuất nhập cài đặt Wordfence
Instructions for import and export to install Wordfence

Configure email notifications

Make sure your website has SMTP to send the email. You configure as you do to receive only important alerts, monthly aggregate reports. That will help reduce your email.

Hướng dẫn cài đặt email cho Wordfence Security Premium
How to set up email for Wordfence Security Premium

Note when using Wordfence Premium

Plugins when using will also sometimes have problems. I see the 2 most common problems when using Wordfence are errors when moving hosting and accidentally you are blocked from your website.

Handling errors when moving hosting

You open the File Manager on your hosting to update the new / home / username / public_html / path for the following files:

  • .htaccess
  • .user.ini
  • wordfence-waf.php
Hướng dẫn xử lý lỗi khi di chuyển hosting của Wordfence Security Premium
Instructions on how to handle errors when moving hosting of Wordfence Security Premium

For example, if I edit wordfence-waf.php file, the way to see the new path and replace the old path will be like this, copy above and paste downwards.

Thay thế đường dẫn mới vào rồi lưu file
Replace the new path and save the file

What to do when you are blocked by Wordfence

  • Option 1: You enter an administrator’s email on the blocked notification and send a request to open the blocking IP address. Then, check your email and follow the instructions to unblock your IP address.
  • Option 2: You can turn on 4G to change the IP address and login again.
  • Method 3: You use File Manager on hosting to change the name of the Wordfence folder (public_html / wp-content / plugins / wordfence), the plugin will automatically deactivate, after you log in and then you can rename the message. Wordfence entry and re-enable it.

Conclusion

With this Wordfence Security Premium tutorial, I believe that your website will be absolutely secure, if you don’t use unknown plugins, there is nothing to worry about securing your WordPress website.

Have you used Wordfence yet? Leave a comment below to let me know and support you!

Share4Pin2Share1

Leave a Reply Cancel reply

I will review and reply to all comments within the day. Please feel free to leave your comments on this article!

Your email address will not be published. Required fields are marked *

You will probably need it

Cách viết chữ in đậm trên Facebook và FB chat
Content marketing

How to write bold text on Facebook and FB Messenger

18/10/2020
0

How to write type on Facebook, write in bold, italic on Facebook, change the FB font on status. 100% of...

Read more

Recommended for you

How to create and use a Google Ads MCC account

18/10/2020

How to enable Profile picture guard for Facebook in 2 ways

18/10/2020
Cách cài đặt trọn bộ Adobe cho Mac vĩnh viễn

How to install all Adobe for Mac for permanent use

18/10/2020

How to create multiple Merchant Center accounts in 1 Gmail

18/10/2020

How to enable 2-factor security for WordPress using SMS and Authenticator

18/10/2020

Lucid Gen

Một blog chia sẻ về digital marketing, linh tinh về công nghệ và những gì có thể bạn cần mà tác giả biết.

Phát triển bởi một người thích viết blog
Trần Ngọc Minh Hiếu

Thống kê thời gian thực đã có 63 Bài viết và 1,940 Bình luận

Tiết lộ: Website này đã có quảng cáo. Không có tiền thì viết làm sao.

Recent Comments

  • Minh Hiếu on How to merge multiple Excel and CSV files into 1 sheet
  • Nguyenthoa on How to merge multiple Excel and CSV files into 1 sheet
  • Minh Hiếu on How to merge multiple Excel and CSV files into 1 sheet
  • Nguyenthoa on How to merge multiple Excel and CSV files into 1 sheet
  • Minh Hiếu on How to hide all files and icons on the Mac desktop

Image sources

Lucid Gen edits images from the following sources: Freepik, Unsplash & Pixabay.

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

  • About
  • Contact
  • Terms and policies

© 2019 Lucid Gen with by Minh Hieu DMCA Protected

No Result
View All Result
  • Digital Marketing
    • Email Marketing
    • Facebook
    • Google Ads
    • Zalo Marketing
  • Website
    • SEO
    • Website measurement
    • WordPress
  • Technology
    • Computer tips
    • Mobile
    • Utilities
  • Review
  • Marketing tools

© 2019 Lucid Gen with by Minh Hieu DMCA Protected