Thoughts on Wordfence?

[animalstyle]

I just installed Wordfence on my authority project. Don't know much about the plugin other than it's very popular, has a big market share, and paid features which means its kept up-to-date and I can only then assume its not too crummy.

The plugin seems very feature heavy which has me concerned.

Previously I had some simple protection on the login page, but nothing too advanced. Looking for wordfence to be a strong, proactive method of preventing hacks, brute force attacks etc. Not scared to pay either -

Anyone use it? Any comments, good bad or otherwise?

 

[Darth]

I used to use Jetpack just to get their bruteforce protection but recently switched to WPS Hide Login which seems much more light weight.

 

[nigeb]

I use Wordfence on a few of sites. Overall it's a pretty good security plugin, but like you said, it's getting very bloated with new 'extras' added up all the time.

A couple of things I don't like.
- Email notifications by default are ridiculous. Seems like you receive an email every 5 mins, which means you ignore all of them and miss the important stuff.
- Regular Wordfence scans of the Wordpress theme and plugins are disabled by default. I've seen several sites of friends infected with malware, running Wordfence. If scans are scheduled you're notified the index.php, function.php (or whatever's been hacked) varies from the WP repository. But with the default settings, your site sits there serving up malware and your none the wiser.

 

[Tucky]

I use it on every site, it uses many ways to keep hackers out and the free version is more than adequate. You do need to configure the notifications but it's only a couple of checkboxes to untick. I posted about their new GravityScan the other week https://www.buildersociety.com/threads/gravityscan.3090/ but for some reason there were no replies

 

[SeoReborn]

@animalstyle
I don't know about wordfence, but I use BulletProof Security Pro for all my sites. Its not failed me.
On top of what you mentioned, any changes to files without your permission is quarantined automatically, allowing you to delete, edit or autorestore. The support from the owner is nothing short of excellent. He spent hours with me trying to get it work on my site (it was my servers problem.).

https://wordpress.org/plugins/bulletproof-security/