Even People Claiming Wordfence Security Will Protect Your Website Don’t Believe That
Recently someone posted on Reddit looking for a better alternative to the Wordfence Security plugin:
For years I used Wordfence and it was okay(ish), but I would like to try something different with better security.
The top voted response was claiming that there isn’t a better available plugin:
Wordfence is currently the best available. What makes you think it needs “better security”? There’s a reason it has over 4millions installs.
Being popular doesn’t mean that it provides the best protection. If people are using the plugin because it is popular, then the popularity wouldn’t be based on the security provided, but the popularity. Considering that this person isn’t citing any evidence that it provides the best protection, but is citing its popularity, is a good indication that the popularity isn’t based on providing the best protection. But it turns out that person doesn’t believe that Wordfence Security provides much protection.
The original poster responded in part that they had gotten hacked multiple times while using Wordfence Security:
Well, I mean in the past my websites were compromised a few times despite using CF and WF, but it was mostly my fault.
In response to that, the person claiming that Wordfence Security is the “best available” responded curiously:
re getting hacked – yeah, WF can only protect you so much. It will tell you what needs updating, but it won’t do it for you – you need to be very on top of things: keep updated at all times and don’t use plugins that aren’t actively maintained (and no nulled software). It also can’t protect you from zero day or unknown vulnerabilities.
There isn’t anything mentioned in that, which is actually protection provided by Wordfence Security. Telling people to update software isn’t protection. You don’t need a plugin to tell you need to update software, WordPress will already do that. Worse still, WordPress can automatically update software, which Wordfence Security doesn’t do.
More problematic is this claim:
It also can’t protect you from zero day or unknown vulnerabilities.
Wordfence Security actually has a capability to do that. It just doesn’t work well, possibly because Wordfence sells access to firewall rules, so providing good protection in that situation would remove much of the need for those rules.
For those looking for a plugin to protect against zero-day vulnerabilities, our firewall plugin is designed to provide as much protection as possible against those. In our testing, it provides the most protection against those, but the free NinjaFirewall plugin will provide significantly more protection than Wordfence Security as well.