Home

Our Services

Our experience

Blog

About us

Contact Us

Blog

WordPress plugin tutorial (complete tutorial with installation)

Hamid Nataj

February 20, 2025

11:27 pm

No answer

Securing your WordPress website is essential in today’s digital world. A basic measure to protect your site from malicious attacks is to take the help of WordPress security plugins, the best of which is the Wordfence plugin.

Wordfence is a widely used and popular plugin that offers relatively good protection capabilities for your site’s security. For example, it helps block malicious traffic and provides tools with which you can monitor the security status of your website.

In order to benefit from all the features of Wordfence, the plugin must be set up and configured properly. In the following sections of this tutorial, we will introduce you to the simple steps to install and set up the Wordfence security plugin.

How does Wordfence protect a WordPress site?

Wordfence is a WordPress security plugin that helps you protect your website from security threats such as hacking, malware, and DDOS brute force attacks. This plugin is also a website application firewall that filters all your website traffic and blocks suspicious requests.

The basic Wordfence plugin is free, but it also has a premium version. This version gives you access to more advanced features such as country blocking, updated firewall rules, scheduled scans.

Installing and setting up the Wordfence security plugin
Let’s see how to install and set up Wordfence for maximum security.

First, you need to install and activate the Wordfence plugin from the WordPress repository.

Once activated, the plugin will add a new menu item called Wordfence to your WordPress admin panel, which will take you to the plugin settings dashboard.

The dashboard section shows an overview of the plugin’s security settings on your website; you will also see notifications and security statistics such as recent IP blocking, failed login attempts, total blocked attacks, etc.

How to Configure and Configure the WordPress Security Plugin
Wordfence settings are divided into several sections. The default settings in this plugin work for most websites, but you should still check these and change them if necessary.

Scan your site with Wordfence
The free Wordfence plugin automatically runs a full scan on your WordPress site every 24 hours, and you can also scan manually. However, the premium version allows you to schedule scans on your site.

To get started, go to the scan section from the Wordfence menu in the dashboard and click the start new scan button.

Wordfence will now start scanning your WordPress site files.

This scan looks for changes in file sizes in the core WordPress and plugin files. It also looks inside the files to detect suspicious code, backdoors, malicious URLs, and known malicious patterns. Typically, these scans require a lot of server resources to run, so it’s best not to run other heavy tasks on your site at the same time as the scan.

The good news is that Wordfence is reasonably efficient at running scans. The time it takes to complete the scan depends on the amount of data and the server resources available.

The progress of the scan will also be shown in yellow boxes on the page. Most of this is technical information, but you don’t need to worry about it. Once the scan is complete, Wordfence will show you the results.

If suspicious code, malware, or corrupted files are found on your website, the scan results will display and recommend actions you can take to fix them.

The Wordfence scan results section has buttons for “Delete All Deletable Files” and “Repair All Repairable Files.” These buttons allow you to either delete all files or repair all files.

Next to each error report, you can click “Details” for more information or “Ignore” to ignore it.

Configure your firewall in Wordfence
Wordfence provides you with a PHP-based firewall.

The Wordfence firewall offers two levels of protection. The basic level, which is enabled by default, runs the firewall as a plugin; this means that the firewall loads with the rest of your WordPress plugins. This method of protection is also useful, but it misses out on security threats that are designed to be detected before your WordPress theme and plugins load.

The second level of protection is called Extended Protection. At this level, Wordfence runs before the WordPress core, plugins, and themes, and as a result; offers much better protection against more advanced security threats.

To set up and configure the Wordfence firewall, go to Wordfence » firewall from the settings section of your dashboard and click on “Manage Firewall”.

Under the “protection level”, select “optimize the wordpress firewall”.

Wordfence will then run a few tests in the background to identify your server configuration. If you know that your server configuration is different from the one Wordfence has chosen, you can choose a different one.

Next, Wordfence will ask you to download your current .htaccess file as a backup and proceed to the next step.

Wordfence will now update your .htaccess file and allow it to run before WordPress.

You will then be redirected to the firewall page, where you can select the extended protection level.

There is also a learning mode button in this window; enabling this option means that since the installation of Wordfence, the plugin tries to learn how you and your users interact with the website to make sure that it does not block or block legitimate visitors and after a week it changes to Enabled and Protecting mode.

Monitoring and blocking suspicious activities using the Wordfence plugin
Wordfence shows a comprehensive and useful report of all requests made to your website. You can access these reports by going to the tools menu from the Wordfence settings and the Live Traffic tab.

Here you can see the list of IPs that requested different pages of your website and the response and reaction of Wordfence to these requests. As shown in the image; Wordfence can correctly identify requests from bots and suspicious IPs. By clicking on each of these requests, you can take the following actions:

Block the IP to restrict access to your site by suspicious IPs.

Run a WHOIS search on them.
Find out more about recent requests from this IP address by using the “View Recent Traffic” option.
So this way you can block IPs individually or even entire networks in this. Additionally, you can manually block suspicious IPs by going to Wordfence » firewall and clicking on the Blocking tab. This is where you can set blocking rules based on IP address, country, or custom pattern.

After entering the IP address and the reason for blocking, click on “Block This IP Address” to apply the rule.

Advanced Settings of the WordPress Security Plugin
Wordfence is a powerful plugin with very useful tools. To check them, you can visit the Wordfence » All Options page.

In this section, you can change the settings for sending notification emails, settings related to brute force attacks, additional firewall settings, login protection settings, and more.

Summary
Installing a security plugin is one of the must-haves for WordPress sites. Even in its free version, WordPressfence can provide decent protection for sites with moderate traffic. We hope this tutorial has helped you learn how to properly install and configure the popular WordPressfence security plugin on your website.

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact us

Contact us now and get advice.

Facebook Twitter Youtube Linkedin

Contact

With Us

We are always ready to hear from you! If you need advice, have a question, or are looking for a solution to develop your website, just contact us. The WebChi team will respond to you as soon as possible and provide you with the best solutions.

Our address

Tehran, Hengam St., North Ghaffari St.

Contact number

021-91099416

Webchi 2024, All Rights Reserved ©