Join us in helping millions of WordPress Installs stay secure. Keep up to date with Updates from the Ghost Security Blog.

Wordfence – Security plugin for WP sites – a review

One of the more frustrating tasks for WordPress webmasters is when a site gets infected with malware or other nasties and the webmaster has to go through and clean up all of the mess. Many times this means combing through a bunch of the php files, finding the ones that are corrupted and deleting the malicious code by hand.

The alternative to this is to take a big scrub brush the database and getting the offending entries out there. But that has its limitations as well.

Wordfence offers a plugin to remedy that. Not only does it detect corrupted files , malware and other nasties, it also warns you proactively when a file has been modified via email. So I tried it out on a number of sites that were infected that clients wanted me to clean up. Here are my results to date:

1) It is EASY to install and use. No messy configuration. I really liked this part about it. Scanning was easy and it was simple to see which threats were critical and which were not.

2) One downside is that in order to clean the plugin folders and check them against the repository, you need the PAID version. This was a pain for me as I have many sites under my control, but if you have one or two sites, this should simply be a part of doing business. Do NOT attempt to cut corners and go with the free version though. You will be sorry…and reinfected. 😉

3) Be CAREFUL in deleting files. One of the sites I was cleaning had an old theme that was pretty well messed up (putting it nicely). The plugin gave me the option to delete the file INSTEAD of reverting to the old themes original files. No bueno. I deleted it and then had to find the old files to replace the missing ones.

4) On the Paid version they need to have a way to mass clean multiple items. I get why they don’t, see #3 above, but they really need to do this for sites that have hundreds of corrupted files, it would greatly speed things up.

OVERALL The plugin is awesome. I love the ability to receive emails that inform me when there is a security task to be done. It is WORTH the money if your site is worth the time. #justsayin.


ManageWP Adds security analysis to its service


The WordPress management platform has continued to add new features to allow people managing many WordPress installs simultaneously to have a dashboard that monitors traffic, updates plugins, and performs many of the routine maintenance tasks that web folks hate to do with a click of the button.

When you right click on a site in ManageWp, here is what you see:


When you click the Security Scan option, ManageWP does a scan on your site and displays the results. So you can see the following:


Security report (No threats found):

Blacklisted: No
Malware: No
Malicious javascript: No
Malicious iFrames: No
Drive-by Downloads: No
Anomaly detection: No
IE-only attacks: No
Suspicious redirections: No
Spam: No

For those managing multiple sites, this is a handy service.

Using Exploit Scanner (the Plugin) to scan for malware

One of the plugins that I like best for security on WordPress sites is Exploit Scanner. (It is in the repository). The first thing is that it is easy to use. All you need to do is install it and then go to Tools>>Exploit Scanner and then run the scan. You will see a list […]

Continue reading...

Tim Thumb Exploit continues to plague WordPress sites

One of the things that continues to plaque WordPress sites is the Tim Thumb exploit. For many, their theme providers or theme framework builders solved this problem for them. Here is where it gets more difficult. For those on an older theme that it NOT maintained, you need to check and see if your site […]

Continue reading...

Getting beyond “Keep your WordPress Up to Date”.

OK, so if you have gone beyond the very basics of WordPress and installed more than a site or two, you kinda know the importance of keeping things up to date. That is what updates are for is to fix things like security flaws and holes in the system. Pretty simple right? Well, yes and […]

Continue reading...