One of the facts which I have written about before, is that my blog is set up in a slightly customized way, with core PHP files that come from the Debian package manager, and which do not have permission bits set, so that the Web-server can write to them, but also with add-ons – aka plugin-ins – with permission bits set so that the server can. This latter detail is a great convenience for me, because it allows me to install plug-ins from WordPress.org, as well as to install updates to those, via means that are simple for me to operate.
What I have also written, is that this makes my overall security good, but not perfect. Theoretically, there could be a corrupted plug-in available directly from WordPress.org – even though in general, they do their best to vet those – and which I could install to my blog, without knowing it. Further, even if the plug-in contains no dirty code visible to WordPress.org, the way some of them work might depend on a Web-service from their author, and then that URL could be running some sort of suspicious scripts, let us say on yet another server.
And so a reasonable question to ask might be, of what use WordFence can be in my case. One of the types of scans which this security add-on performs, is a check of all my core files, against what the versions are with WordPress.org, not with Debian. And then this scan reports 58 deviations to me, without analyzing them, just because Debian has slightly different core-file-versions. It also checks my entire plug-in directory, scans all the plug-ins, etc.. But in reality, WordFence never reported any kind of anomaly in my plug-ins, because those are the WordPress.org versions.
In reality, much of this file-checking is not of great practical benefit to me, because my Linux machine also has directory attributes, that tell me on what date the files and folders were last modified. I can see that none of them have been tampered with, just using old-fashioned logic.
But WordFence also has the ability to turn certain scans off. So I have left it performing all the scans on my plug-ins – which I said the Web-server is capable of writing to – but have deactivated the scan of core-files, which have not been modified from their Debian versions anyway – and which I said the Web-server cannot write to.
Further, I find that WordFence has other capabilities, that are much more interesting in my case:
- A Web-Application Firewall, that can work 100% on my custom configuration,
- A log of successful log-ins. In the past, other security software could only report log-in failures to me. Because I am really the only user of my own blog, to be able to see that every successful lo-in came from me, is very reassuring.
- A front-side URL scan, which needs to be activated as not being the default. What this does is scan the actual HTML which my blogging engine outputs, not file-contents, and it checks any URLs against established lists of sites associated with malware according to a database, regardless of where those URLs finally came from. Thus, if ‘kxcdn.com’ was truly a malware URL – and I cannot even be certain it was – then WordFence would have alerted me to the fact that my blog was generating it somehow. Of course, by the time I had WordFence installed, that URL was no longer being generated anyway.
- Other security features.
So I would say that I am impressed with WordFence.