WordFence is a security plugin that we install to all our sites before launch. It is a very powerful tool with many capabilities so this post should help optimize the plugin to fully utilize the features.
Once WordFence is installed, you have to go to Options link under the WordFence button in the Dashboard menu. WordFence will ask you to enter your email and then you can proceed with the configuration.
- You should uncheck the Enable Live Traffic View because it will tremendously slow down your site load-up speed.
- For the to “How does Wordfence get IPs:” you want to select the “Use PHP’s built in REMOTE_ADDR…” option from the drop-down.
Uncheck the “Alert when someone is locked out from login” and “Alert me when someone with administrator access signs in” options.
Make sure all options are selected
The following image will show you how I configured the firewall options. You can choose to change the options to better suit your needs and you can also choose to block the users or crawlers that break rules rather than throttling them.
Login Security Options:
- Change the drop-down values for the “Lock out after how many login failures” and “Lock out after how many forgot password attempts” options to 5.
- Change the “Amount of time a user is locked out” to 30 minutes.
You want to enter your site’s IP Address into the “Whitelisted IP addresses that bypass all rules:” field.