When it comes to self-hosted instances of WordPress security policies must be enacted. WordPress security is taken care of for user of wordpress.com or managed WordPress hosts.
However, when we are managing our own sites or client sites then we have to create our own security policies and deploy the right tools to implement those policies.
Wordfence is a great tool for this purpose. And today it announced it launched version 6. The announcement is here.
The new update maintains a free version of it’s offering while providing support for IPv6. The launch post describes the rational behind that decision.
I like Wordfence for it’s version of a lightweight Web Application Firewall and it’s built-in scanner. The scanner does automatic checks of core, plugin and theme files to test known file versions against the actual installed versions. Differences are flagged. There’s a much larger set of features in both the free and premium versions. But those are the features I particularly like.
Of course one tool does not a security policy make. Security depends on more then tooling and ‘defence in depth’ is key. WordPress security requires defence at the levels of the network, the server, the application and the user.
Having said that, WordFence is a great start for application-level security.