A while back, I started using WPMUDEV’s Defender Pro plugin for security on all my WordPress sites. I made a decision this week to switch to WordFence. The conversation was forced on me, because I had a site using Defender Pro that was hacked. I do not blame Defender Pro for the hack, however, this hacking incident caused me to re-think my WordPress security strategy a bit.
Almost all of my sites utilize a server-based Web Application Firewall – the site that was hacked does not, as it’s on a different infrastructure from the others. Put simply: WordFence has a Web Application Firewall (WAF) built into the plugin, whereas Defender Pro does not. I don’t know for a fact that the WordFence WAF would have protected me in this case, but it’s very possible it would have saved the day.
For the record, Defender Pro does a fine job of scanning your site for hacked files – in fact, their scans are very comparable to WordFence’s scans. But Defender Pro does not proactively protect your site from malicious folks in real time. Since this most-recent hack, I even upgraded all my sites that do not have a WAF to the WordFence paid tier, which provides some additional real-time checks to keep the bad guys out of the site.
More posts from themightymo.com
How to merge multiple .csv files via command line
Today I downloaded 29 csv files with tax information. I could import those files 1 at a time into WooCommerce, but wouldn’t it be nice if I could merge them first and then only import a single file? The unix command is simple – just navigate to the folder with all the csv files and…
15 Best WordPress Support and Maintenance Services for 2023: Ensuring Your Website Stays in Top Shape
Small business owners and non-profit leaders know that keeping your website secure, fast, and fully-functional is critical to success. Here’s the unspoken truth: You can either learn how to do all that tech maintenance and development stuff yourself, or hire someone else to do it. But let’s face it, doing it yourself isn’t always the…
How to Whitelist SEM Rush IPs in Cloudflare
Alright, I’m going to show you how to whitelist a set of IPs on CloudFlare. In our case we use SEMrush and we want to make sure the SEMrush has full access to our sites.