Wordfence Security – Firewall & Malware Scan Plugin
[Optional preparation: in cPanel, create a forwarder for “Wordfence@…”]
DISCLAIMER: These instructions were written January 2019, and Wordfence may have changed some of the verbage and the order of steps…
When you activate this plugin a screen pops up, and you must complete it before proceeding.
- Enter the wordfence email forwarder you created in cPanel; otherwise just use your regular email.
- Choose whether to receive their newsletter.
- Agree to the terms
- Click on the “Continue” button
- Ignore the premium key request – you can click on the “No Thanks” link on the screen.
Next, the full dashboard will be restored to your screen, and you will find a new menu choice on the left tool bar “Wordfence.”
Click on the Wordfence menu choice and step through whatever tutorial is launched for a new, fresh installation.
- Go to All Options ~ open one at a time
- Wordfence Global Options
- Skip: Wordfence License
- Skip: View Customization
- General Wordfence Options
- Check Automatically update WordFence
- Review/verify admin email address for notification
- Save Changes (upper right corner of screen)
- Skip: Dashboard Notification Options
- Skip: Email Alert Preferences
- Skip: Activity Report
- Firewall Options
- Skip: Basic Firewall Options
- Skip: Advance Firewall Options (…for now…)
- Open Brute Force Protection
- Enable brute force protection is on
- Change login failures to 3 (Use pull-down)
- Change forgotten passwords to 4 (Use pull-down)
- Leave count failures at 4 hours (Use pull-down)
- Change user lockout time to 30 minutes (Use pull-down)
- Enable “Immediately lock out invalid usernames.”
- Add selected domain names to “Immediately block the IP of users who try to sign in as these usernames.” such as admin, user, test, etc.
- Leave “Prevent the use of passwords leaded in data breaches” enabled
- Leave Additional Options defaults
- Ignore/Skip Rate Limiting defaults
- Ignore/Skip Whitelisted URLs (…for now…)
- Save Changes (upper right corner of screen)
- Blocking Options
- Skip Advanced country Blocking Options
- Scan Options
- Skip/Ignore all the options in this section
- Tool Options
- Skip/Ignore Two Factor Authentication Options
- Skip/Ignore Live Traffic Options
- Save Changes (upper right corner of screen)
- Skip/Ignore Import/Export Options
- Save Changes (upper right corner of screen)
Return to Plugins.