Here is an easy way of monitoring your WordPress site against hacking attacks. Every minute hacking bots attempts logging-in to your WordPress site and when they get successful in doing so, they edit your WordPress files (generally WordPress theme files) then add their Affiliate links and sometimes illegal and harmful programs.
Wordfence Security is a free enterprise class security plugin that includes firewall, virus scanning, real-time traffic with geolocation, blocking tools, Login-Logout information and more.
It scan check your WordPress Core, Theme and Plugin files and detects even if a single line of code is modifies or added. If you are unaware of such type of editing made in your site files then you can easily restore that particular file to original one in just a click. The plugin is compatible with both WordPress Single and Multisite Installations. Simply Install and activate it then visit its options page and start monitoring your WordPress install.
The plugin also provides you option to get notification emails for login attempts and other activity on your website. You can limit login attempts, set auto block IP after given number of login failed login attempts and there are tons of options and features with an easy user interface.
Wordfence Security Features:
- Scans core files, themes and plugins against WordPress.org repository versions to check their integrity.
- WordPress Multi-Site (or WordPress MU in the older parlance) compatible.
- Wordfence Security for multi-site also scans all posts and comments across all blogs from one admin panel.
- Premium users can also block countries and schedule scans for specific times and a higher frequency.
- See how files have changed. Optionally repair changed files that are security threats.
- Scans for signatures of over 44,000 known malware variants that are known security threats.
- Scans for many known back doors including C99, R57, RootShell, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx and many many more.
- Continuously scans for malware and phishing URL’s including all URL’s on the Google Safe Browsing List in all your comments, posts and files that are security threats.
- Scans for heuristics of back doors, trojans, suspicious code and other security issues.
- Checks the strength of all user and admin passwords to enhance login security.
- Monitor your DNS security for unauthorized DNS changes.
- Includes a firewall to block common security threats like fake Googlebots, malicious scans from hackers and botnets.
- Rate limit or block security threats like aggressive crawlers, scrapers and bots doing security scans for vulnerabilities in your site.
- Choose whether you want to block or throttle users and robots who break your security rules.
- Includes login security to lock out brute force hacks and to stop WordPress from revealing info that will compromise security.
- See all your traffic in real-time, including robots, humans, 404 errors, logins and logout and who is consuming most of your content. Enhances your situational awareness of which security threats your site is facing.
- A real-time view of all traffic including automated bots that often constitute security threats that JavaScript analytics packages never show you.
- Real-time traffic includes reverse DNS and city-level geolocation. Know which geographic area security threats originate from.
- Monitors disk space which is related to security because many DDoS attacks attempt to consume all disk space to create denial of service.
- Online forums are available 24/7 to answer your WordPress security questions.
It is a fully featured plugin provides regular updates on new security issues and the best plugin for all those website owners who don’t know much on working with their website security, unlike to other security plugin this is really very easy to use and the only plugin that provides you file restore functionality even if you don’t have any backup of script.