Fourteen years ago, a WordPress site of mine was attacked. The URLs on the website were pointing to pages offsite that were full of spam. I was looking through all of my articles, both pages and posts, and couldn’t find any problem. This is when I leaned about Google Webmaster Tools. It’s been rebranded in recent years as Google Search Console. Still, it has information to help you deal with this kind of attack.
Wordfence is a plugin I’ve been using since the attack. Nothing has breached my sites since then. It’s the first plugin I install, when I put up a new WordPress website.
In their newsletter, I received this morning, they say:
Over the past week, there were 104 vulnerabilities disclosed in 103 WordPress Plugins and no WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database by the Wordfence Threat Intelligence Team.
The team also deployed 1 new firewall rule that provides Wordfence Premium, Wordfence Care, and Wordfence Response customers with enhanced vulnerability protection. Wordfence free users will receive this protection after a 30 day delay.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence User Interface, Vulnerability API, Webhook Integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the Vulnerability Database API to receive a complete dump of our database of over 20,000 vulnerabilities and then utilize the Webhook Integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
You can install the Wordfence plugin by clicking on plugins in your sidebar and install new. Type in Wordfence. Besides Wordfence, you’ll also see Wordfence Assistant. It’s a good idea to install it as well. If you get locked out of your site, it will help you get back in by sending an email to the administrator, which would be you if it’s your WordPress.