Helpful Yet Commonly Missed WordFence Feature

WordFence is great. In my humble opinion, they have the best WordPress security plugin on the market. However, if you’re not one who uses it everyday you might miss out on some of it’s harder to find, but still useful features.

This is because the WordFence team is always improving the plugins’ existing functionality and user interface. Many people in the WordPress industry will argue that security needs to be done at the server level. Others argue that you need to spend money on a premium service like Sucuri or CloudFlare. The fact is, WordFence works. WordFence specializes in plugin and theme vulnerabilities. On a basic level, your website is more secure using WordFence, then with other methods suggested.

WordFence will not stop someone from actively trying to hack your website. However, Joe Smith does not have to worry about someone trying to actively get in. He has to worry about automated attacks from bots. This is where WordFence comes in and this is where WordFence shines.

Ok, We Get It, It Works But What Is The Feature?

Ah yes. I almost forgot. The commonly missed feature is under the all options window. To access it:

Underneath General WordFence Options
  1. Go to
  2. Go to General WordFence Options
  3. Select Disable Code Execution for the Uploads Directory.

This prevents PHP from executing if a hacker is in the wp-content/uploads/folder. This is beneficial because many hackers will upload PHP files in this folder and begin to execute them. By disabling code executions in the uploads directory, PHP files cannot be executed.

WordFence also has the option for you to be able to hide your WordPress version. This basically removes the meta generator tag. There is a lot of debate over whether this does anything or not from a security standpoint. However, I make it a habit to remove it anyway. It does not provide any benefit to anyone.

Closing Thoughts

I commonly see these features unchecked on client sites and these are options that should always be checked. I recommend enabling them by default.

If you have any questions about these features or whether to enable them on your own website, feel free to contact me. Or if you are having security concerns, you can check out my website maintenance / website security services for more help.

scott hartley

About the author

Scott is a web performance geek, lover of all things coffee, and avid video game player. His WordPress work delves into web performance, web security, and SEO.

Leave a Comment