Hi @allgoodnamesaretaken, thanks for sending this over.
Wordfence is an endpoint firewall that, when optimized, runs before the PHP content of your site is hosted to a visitor. This helps greatly in being able to identify malicious requests from our extensive list of bad IPs, hostnames and signatures, limit brute force attacks and intervene with POST/GET or login attempts that try to compromize the security of your site from an external threat.
With this article, the method requires the adding and modification of files and database entries internally to work. If somebody already has the ability to do this with admin access on your web server, then they have already gone far beyond the scope of a WordPress security plugin. Provided you have 2FA and reCAPTCHA enabled for your administrative accounts – as also recommended by WordPress themselves – and complex, difficult to obtain passwords set for your cPanel/FTP/database/host etc. then Wordfence will look after your WordPress installation.
Thanks,
Peter.
