Just a quick pointer. If you're reading comments here and want to provide input on the video format/production/editing/quality/content, we're having a conversation about whether I should simplify the format a bit and generate more content over on our blog comments: www.wordfence.com/blog/2017/10/should-you-hide-wordpress-login-page/ So feel free to contribute there. Thanks! ~Mark.
Educational and good, clearly explained. Thank you. :) Had had my doubds about hiding wp-admin location and now I'm more convinced it does more harm/complications than good.
Thanks WF. I didn't know that changing the login URL is pointless. My issue with getting your premium version is that I have TONS of sites. They don't make me any money, so paying for premium on every site just isn't possible for me : (
This is my issue too. I develop for several smaller projects of a lower budget, so the extra protection is often not justifiable to them vs the cost it would take. I think there should be a bundle package that covers multiple, or infinite installations.
I would say that the free version should be adequate for most installations, I wouldn't fret over not being able to afford the premium version. The most important thing, IMO, is to keep your plugins, themes, and Wordpress core up to date, which is what the free version scans & emails are for. Every time you get an email from your Wordfence plugin saying that such-and-such a plugin or theme has a new version, you should update it right away. Or if your scan shows that a plugin has been removed from the Wordpress repository, look for a replacement right away.
for the premium version, let's say on my website, does it slow the load time having to check your main database before allowing them to reach my website? and what about legitimate customers who are assigned dynamic ip's with their ISP and if one ip happens to be in your database, how are false positive handled?
Our firewall rules execute before the WordPress code loads and before the DB connections are made. So it is super fast and does not talk to the database or generate queries. We rotate thousands of IPs in and out of our blacklist dynamically every day as they start and stop attacking. So false positives are extremely rare.
Technically the answer would be yes, it would slow down page loads. However, the amount of time that it would take to do checks before WP loads would likely be so minuscule that you’d never notice on your site.
If the free version of Wordfence locks out an IP address that has been attacking a site multiple times, does it get added to the premium blacklist as well?
Sound nice. But actually, attackers use automated systems to generate brute force, until they discover the complex custom username and can't be blacklisted because they use VPN, getting a new IP every time... thanks anyway.
That is covered completely by our plugin. See our documentation links below for all features: www.wordfence.com/help/firewall/brute-force/ www.wordfence.com/help/tools/two-factor-authentication/ www.wordfence.com/help/login-security/
As the video states, you don't need to and don't want to do that. Wordfence provides full and complete brute force login attack prevention: www.wordfence.com/help/firewall/brute-force/ www.wordfence.com/help/tools/two-factor-authentication/ www.wordfence.com/help/login-security/
It can't go on forever as there are a limited number of IP addresses anyone can use so the number of login attempts will always be limited. Wordfence has an extensive suite of tools to prevent brute force login attacks as outlined in our guides below: www.wordfence.com/help/firewall/brute-force/ www.wordfence.com/help/tools/two-factor-authentication/ www.wordfence.com/help/login-security/
![Felix "Unfair" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/Oswujxm2Ag0/mqdefault.jpg)
Just a quick pointer. If you're reading comments here and want to provide input on the video format/production/editing/quality/content, we're having a conversation about whether I should simplify the format a bit and generate more content over on our blog comments: www.wordfence.com/blog/2017/10/should-you-hide-wordpress-login-page/
So feel free to contribute there. Thanks!
~Mark.
Educational and good, clearly explained. Thank you. :) Had had my doubds about hiding wp-admin location and now I'm more convinced it does more harm/complications than good.
Nice video guys, very well made and clear communication. Keep up the great work
Very insightful perspective. Thanks for sharing.
You are welcome!
I love Wordfence!
Thanks, this was really helpful.
Very helpful thank you, you saved me time almost went into PHP to change URL..
Glad it helped!
Great video - thank you so much for sharing this :)
Glad you enjoyed it!
Very Helpful video, thanks for it :D
Great video.... Thanks for the information.
Thanks for more info about wordfence :)
Thanks WF. I didn't know that changing the login URL is pointless.
My issue with getting your premium version is that I have TONS of sites. They don't make me any money, so paying for premium on every site just isn't possible for me : (
This is my issue too. I develop for several smaller projects of a lower budget, so the extra protection is often not justifiable to them vs the cost it would take. I think there should be a bundle package that covers multiple, or infinite installations.
I would say that the free version should be adequate for most installations, I wouldn't fret over not being able to afford the premium version. The most important thing, IMO, is to keep your plugins, themes, and Wordpress core up to date, which is what the free version scans & emails are for. Every time you get an email from your Wordfence plugin saying that such-and-such a plugin or theme has a new version, you should update it right away. Or if your scan shows that a plugin has been removed from the Wordpress repository, look for a replacement right away.
for the premium version, let's say on my website, does it slow the load time having to check your main database before allowing them to reach my website? and what about legitimate customers who are assigned dynamic ip's with their ISP and if one ip happens to be in your database, how are false positive handled?
Our firewall rules execute before the WordPress code loads and before the DB connections are made. So it is super fast and does not talk to the database or generate queries. We rotate thousands of IPs in and out of our blacklist dynamically every day as they start and stop attacking. So false positives are extremely rare.
Technically the answer would be yes, it would slow down page loads. However, the amount of time that it would take to do checks before WP loads would likely be so minuscule that you’d never notice on your site.
If the free version of Wordfence locks out an IP address that has been attacking a site multiple times, does it get added to the premium blacklist as well?
Sound nice. But actually, attackers use automated systems to generate brute force, until they discover the complex custom username and can't be blacklisted because they use VPN, getting a new IP every time... thanks anyway.
That is covered completely by our plugin. See our documentation links below for all features:
www.wordfence.com/help/firewall/brute-force/
www.wordfence.com/help/tools/two-factor-authentication/
www.wordfence.com/help/login-security/
Don't forget to create strong password for your host login.
I'm getting lots of bruteforce attacks EVEN CHANGED LOGIN URLs, so i found it's pointless.
did you change wp-admin only or wp-login.php also?
As the video states, you don't need to and don't want to do that. Wordfence provides full and complete brute force login attack prevention:
www.wordfence.com/help/firewall/brute-force/
www.wordfence.com/help/tools/two-factor-authentication/
www.wordfence.com/help/login-security/
After they get locked out, they just change their IP via VPN and get more guesses. This can go on forever, so how is blocking IPs effective?
It can't go on forever as there are a limited number of IP addresses anyone can use so the number of login attempts will always be limited. Wordfence has an extensive suite of tools to prevent brute force login attacks as outlined in our guides below:
www.wordfence.com/help/firewall/brute-force/
www.wordfence.com/help/tools/two-factor-authentication/
www.wordfence.com/help/login-security/