The whole world has heard about Donald Trump’s plan to build a huge, physical wall (not a Web Application Firewall) between the USA and Mexico, should he become president.
However, while that proposal has a multitude of problems and will be easy to thwart, as the strangely appropriate protest photo shows,, when it comes to putting a wall around your WordPress site to keep it safe, things just got easier.
The sometimes frustrating process of staying on top of new updates to WordPress and plugins is a necessary evil (much better than using static systems that never update and become increasingly vulnerable each hour) and in the last week it has brought us some goodies.
I’ll cover a few of the WordPress enhancements next week but today I want to explain a security notice some of you might be seeing if you have the Wordfence security plugin installed.
What does Wordfence do, again?
Wordfence is one of those important plugins that monitors your WordPress website for suspicious or malicious activity and slams the door shut at the first sign of trouble.
We use Wordfence in most Baker Marketing WordPress websites because we believe it is one of the most elegant and efficient solutions out there.
In its latest update, it has prompted site administrators to ‘take a moment to set up the Wordfence Web Application Firewall’, and this has given rise to some confusion and grumbles.
It is a good update and it is easy to apply. I am about to explain why and, of course, if you are a Baker Marketing client, just sing out and we’ll arrange to apply it for you and take a quick look through the rest of your site at the same time.
What is a Web Application Firewall?
The Wordfence team does a good job of explaining its Web Application Firewall here but I have cut it down even further to the headline facts:
- Basic WordPress Protection: Just by installing and activating Wordfence, the firewall is ON and kicks into action once WordPress has loaded, to defend your site against nasty attacks.
- Extended Protection: With this new update, Wordfence’s firewall kicks into action BEFORE WordPress itself is loaded. This means if there were nasties or bad code in WordPress itself or in some plugins that might load before Wordfence, they will now come up against the fiewall, rather than being able to slip in before security arrives.
The set up process is pretty straightforward, requiring you to:
- click a button to start it
- click to download a backup of your htaccss file to your computer (a chief security file for your site)
- apply the enhanced protection
- check for a confirmation message or follow instructions to wait a few moments for completion
This is one of those small but important things to pay attention to and, unlike Donald Trump and the other US presidential campaign characters, I won’t be changing my mind and saying the opposite thing tomorrow 😉