Wordfence Security – Firewall & Malware Scan Plugin

[Optional preparation: in cPanel, create a forwarder for “Wordfence@…”]

DISCLAIMER: These instructions were written January 2019, and Wordfence may have changed some of the verbage and the order of steps…

When you activate this plugin a screen pops up, and you must complete it before proceeding.

  • Enter the wordfence email forwarder you created in cPanel; otherwise just use your regular email.
  • Choose whether to receive their newsletter.
  • Agree to the terms
  • Click on the “Continue” button
  • Ignore the premium key request – you can click on the “No Thanks” link on the screen.

Next, the full dashboard will be restored to your screen, and you will find a new menu choice on the left tool bar “Wordfence.”

Click on the Wordfence menu choice and step through whatever tutorial is launched for a new, fresh installation.

  • Go to All Options ~ open one at a time
  • Wordfence Global Options
    • Skip: Wordfence License
    • Skip: View Customization
    • General Wordfence Options
      • Check Automatically update WordFence
      • Review/verify admin email address for notification
      • Save Changes (upper right corner of screen)
      • Skip: Dashboard Notification Options
      • Skip: Email Alert Preferences
      • Skip: Activity Report
    • Firewall Options
      • Skip: Basic Firewall Options
      • Skip: Advance Firewall Options (…for now…)
      • Open Brute Force Protection
        • Enable brute force protection is on
        • Change login failures to 3 (Use pull-down)
        • Change forgotten passwords to 4 (Use pull-down)
        • Leave count failures at 4 hours (Use pull-down)
        • Change user lockout time to 30 minutes (Use pull-down)
        • Enable “Immediately lock out invalid usernames.”
          • Add selected domain names to “Immediately block the IP of users who try to sign in as these usernames.” such as admin, user, test, etc.
        • Leave “Prevent the use of passwords leaded in data breaches” enabled
        • Leave Additional Options defaults
        • Ignore/Skip Rate Limiting defaults
        • Ignore/Skip Whitelisted URLs (…for now…)
        • Save Changes (upper right corner of screen)
      • Blocking Options
        • Skip Advanced country Blocking Options
      • Scan Options
        • Skip/Ignore all the options in this section
      • Tool Options
        • Skip/Ignore Two Factor Authentication Options
        • Skip/Ignore Live Traffic Options
        • Save Changes (upper right corner of screen)
      • Skip/Ignore Import/Export Options
    • Save Changes (upper right corner of screen)

Return to Plugins.