A website stating

That’s just some kind of obnoxious link bait (got me, pretty clever). On the other hand, Wordfence is quite complex and does a lot of stuff in the background, without good feedback to the administrator. Thus, confusion arises. As for a “back door attack on a database” that’s a worthless term without some kind of description about what exactly happened. Wordfence does work with the SQL WordPress database, and any plugin that does that can break things. But that’s not an “attack,” though it does mean that before just about any sort of plugin installation a site backup is SOP. MTN

Hello thenewbreed,
we had an issue recently where some server side virus scanners would flag one of the Wordfence tables as infected and in some instances remove the table. This was what is called a “false positive”. There wasn’t actually any virus or malicious code in the database. There was just a certain pattern that some scanners reacted to. The issue has been fixed so it should no longer be happening. I’m not sure if that’s what they are referring to but it’s the only thing that comes to mind. If so, it’s clearly a misunderstanding.

Hi,

I had a few clients get their sites hacked about a year ago and it was a nightmare. I stumbled across the Wordfence Plugin and bought a premium version to try out and it was a lifesaver. You can run a full scan to check if any files have been corrupted or see if any plugin files have slight differences from their version at www.ads-software.com. Then, Wordfence makes it as simple as clicking a button to fix the issue (in most cases). I was able to clear up several websites in the span of a few hours, making my clients very happy. Since installing the plugin we have not had any security breaches.

Another issue a client of mine ran into was that their website was shown as blacklisted on spamhaus.org, causing Google to flag it as a malicious site. I had no idea it was on the list, but Wordfence does check for this during the main scan (if you check the box to include this). Again, a lifesaver. I was able to remove all of the suspicious files from the site (with the help of Worfence, which pretty much does it automatically) and then submitted a request to Spamhaus.org to have the website removed from their list. A few days later it was off and Google was no longer flagging the site. Success!

There is even an option to see live traffic on the site, what their IP address is, and what country they are located in. It’s a pretty cool feature for traffic purposes (I’m an SEO marketer so that appeals to me).

Anyways, hopefully this helps. I’ve seen a few blog posts stating that Wordfence is ‘not to be trusted’ and ‘it allows back door attacks’, and I don’t understand where they are getting this from. I earn my living building and marketing websites for small businesses who don’t have large sums of money to throw around, so I’m constantly looking for plugins and software to make life easier and cost-effective for my clients. I’ve been using the plugin for about 11 months now, running it on about 9 sites, all still with a clean bill of health ??

Pat on the back for my first post on a WordPress forum. I’ve been using WP for 6 years now, so it’s about time!

Good post Nick, getting attacked 24 hours a day by the bots tends to beat us down and we get negative sometimes. Some positivity is appreciated. MTN

Thanks MTN- I’ve found lots of helpful and useful posts on these forums over the years so I thought it was time to share from my experience. Hopefully this helps anyone who finds this post thread! Nick