Yup. That’s all-caps in the title. And for good reason … actually, two good reasons. One, over the course of 2016 WordPress installations became the number one target of professional cyber-attacks. WordPress had long been the favourite target of the script kiddies, basement crackers, and other sorts of amateur slime but over the past 12 months the big players started turning their attention to the platform as well. Two, WordFence is the shit.
If you have an installation that runs WordPress in any shape or form – whether it’s the platform for your entire web presence, just the blogging component of a larger site, or anywhere in between – you need to harden it now. Not tomorrow, not this weekend when you are taking a break from surfing porn, not next week after you run it by yet another committee. It’s free* (as in beer), it works, and it’s stupidly easy to use … either start it up and forget about it until it tells you that you need to do something, sit down and tweak the crap out of it, or split the difference and get it started as is for now and tweak it later. The choice is yours.
You can download it for manual installation here, or you can look under the Plugins – Add New section of your WordPress dashboard for an automated install. Just get it. You’ll thank me later.
*NOTE: There IS a “pro” version that requires a subscription. And if you are an enterprise user of WordPress it is money well spent – I would encourage you to upgrade to the pro version right away. But for everyday “hobby” bloggers, the free version works extremely well, and is probably all you need.