[ad_1]
Hello everyone. I have a website with around 100 daily unique visitors and I expect to have an increase in the number soon.
My website is 99.99% text.
Which should I pick to protect my website from attacks, fake or malicious trafic?
You can use both! You are using for free
Both. They’re two completely different products.
Cloudflare stands in front of your site, protecting it and speeding it up; Wordfence is a plugin that loads when PHP loads and protects your WP install.
Use both for best results.
Yo tengo wordfence free y malcare premium y el malcare cuando era free me detecto un malware que lo saque con el premium
wordfence + divi theme + wpml for more languages and you will need a beefy server and still get shitty perfomrances and security holes all over the place. this is my personal hell. got it all, fixed it all. was digital pain .
Use both if you’re using the free versions. If you pay for either you likely don’t need both.
Or don’t use a PHP WAF at all, since PHP is slow as fuck.
Good host, DDOS and firewall protected. Secured webserver, mod_security, fail2ban etc. Stable, actively supported PHP version, secured database.
Good password. Protect/disable .xmlrpc. Proper file permission on WP directories, disable theme and plugin editing, disable pingbacks and trackbacks on posts, moderate comments…
Keep WP and plugins updated. Keep an eye opened on https://patchstack.com/database/ and/or https://wpscan.com/
Protect forms with Honeypot/WPArmour. If you are paranoid, install some simple login plugin (DoLoginSecurity), with or without Captcha.
More or less, your site will be secured and protected against BruteForceAttacks. Small trick – change role of user with name admin to subscriber role.
And you will not need WAF nor proxy.
I am not against WordFence or CloudFlare, just think they are not necessary layers. Besides, rules in WordFence free version are 30 days behind actual, so it makes it pretty unusable.
Success.
Both.
They do different things.
If you’re talking about security then wordfence, but you might want to go pro wordfence and still use cloud flare.
You won’t be 100% protected though. You never can be.
Cloudflare can still leak the original ip in a few ways. One is you had the same ip as before you added cloudflare. Then cloudflare will be useless. There are ways to trick the site into revealing the origin ip. When that happens, cloudflare is useless.
Wordfence is on the server but it still has been know to let things through.
You can do vastly more with a WAF like Cloudflare than you can with an on-host plugin. Wordfence is a WP extension and is limited to the things that can be done at the application layer. Cloudflare as a web application firewall/CDN/edge cache can do things to your traffic before it hits your server.
Don’t use wordfence.
Cloudflare plus server side security is all you need. Maintain good backups, strong admin passwords as well as not giving away admin access all over support forums.
Using cloudflare turnstile on WP registration is a good idea if registration is open.
This is like asking “shoes vs pants?”. You need both. They solve different problems.
Use both: they did not interfere or disable each other…
Both. Wordfence for security. Cloudflare for additional security, improved performance, and analytics.