Let me explain to a situation that has literally just happened to me this morning. I manage another website, and in the space of 1 hour, I received over 20 email notifications about unauthorised attempts to login to the WordPress Admin. I received these emails as I had the Wordfence Security plugin installed (and set to notify me about failed login attempts). It was great to receive these notifications, and comforting to know that the “hackers” were being denied access, however, I couldn’t help thinking if more security was possible…
What was concerning about this situation was that the hackers were able to get this far – they were able to access the
wp-admin URL, get to the login screen (aka
wp-login.php), and then make multiple attempts to login (in Wordfence I had limited failed login attempts to 3 per hour).
Thats when I found the WP Cerber Security plugin for WordPress. With this plugin I am able to hide the
wp-admin URL – I changed this URL to the kind of long random string that you normally use for a password. Also, I redirected any attempts to access
wp-login.php to a 404 not found page.
Reassuringly, WP Cerber Security still has some of the most important features that makes Wordfence Security so popular. You can limit failed login attempts per hour, set the timeout for trying again, and even automatically increase this timeout to something like 24 hours if the person continually fails to login – thats a nice feature. It will also send you notifications, allow IP whitelists to be set etc etc.
What WP Cerber Security doesn’t do though is provide realtime scanning of your WordPress site files for vulnerabilities – Wordfence Security does do this. However, is this reason enough to have Wordfence as well? Are there potential compatible issues having them both installed?
Update September 2018
After more experience with WP Cerber Security, I do believe in fact that it does scan your WordPress website site files for vulnerabilities – it has a built-in malware scanner:
Cerber Security Scanner is a sophisticated and extremely powerful tool that thoroughly scans every folder and inspects every file on a website for traces of malware, trojans, backdoors, changed and new files