A while back, I started using WPMUDEV’s Defender Pro plugin for security on all my WordPress sites. I made a decision this week to switch to WordFence. The conversation was forced on me, because I had a site using Defender Pro that was hacked. I do not blame Defender Pro for the hack, however, this hacking incident caused me to re-think my WordPress security strategy a bit.
Almost all of my sites utilize a server-based Web Application Firewall – the site that was hacked does not, as it’s on a different infrastructure from the others. Put simply: WordFence has a Web Application Firewall (WAF) built into the plugin, whereas Defender Pro does not. I don’t know for a fact that the WordFence WAF would have protected me in this case, but it’s very possible it would have saved the day.
For the record, Defender Pro does a fine job of scanning your site for hacked files – in fact, their scans are very comparable to WordFence’s scans. But Defender Pro does not proactively protect your site from malicious folks in real time. Since this most-recent hack, I even upgraded all my sites that do not have a WAF to the WordFence paid tier, which provides some additional real-time checks to keep the bad guys out of the site.
More posts from themightymo.com
How to fix the “Warning: Class ‘Automattic\WooCommerce\StoreApi\Routes” issue in WordPress + WooCommerce
Today when I visited a customer’s website, I saw an error similar to this: etc. After trying all sorts of troubleshooting, the solution ended up being simple. Download a fresh copy of WooCommerce from WordPress.org and FTP it up to the server, replacing the existing WooCommerce files. Problem solved. Isn’t that nice? Many thanks to…
How to CSS rainbow text
Here’s a bit of plain CSS that’ll create rainbow text on your WordPress site or anywhere, really.
How to Restore a Deleted Amazon S3 Bucket
I ran into a rather serious issue recently: a human on my team (me) intentionally (but accidentally) deleted an Amazon S3 bucket that was serving files to a WordPress site. The solution to the problem follows: Cry when you realize you cannot restore a deleted S3 bucket. Search your computer, your co-workers’ computers, your former…