WordFence Configuration

WordFence is a security plugin that we install to all our sites before launch. It is a very powerful tool with many capabilities so this post should help optimize the plugin to fully utilize the features.

Once WordFence is installed, you have to go to Options link under the WordFence button in the Dashboard menu. WordFence will ask you to enter your email and then you can proceed with the configuration.

Basic Options:

  • You should uncheck the Enable Live Traffic View because it will tremendously slow down your site load-up speed.
  • For the to “How does Wordfence get IPs:” you want to select the “Use PHP’s built in REMOTE_ADDR…” option from the drop-down.

Advanced Options:

Alerts:

Uncheck the “Alert when someone is locked out from login” and “Alert me when someone with administrator access signs in” options.

Scans:

Make sure all options are selected

Firewall:

The following image will show you how I configured the firewall options. You can choose to change the options to better suit your needs and you can also choose to block the users or crawlers that break rules rather than throttling them.

wordfence

Login Security Options:

  • Change the drop-down values  for the “Lock out after how many login failures” and “Lock out after how many forgot password attempts” options to 5.
  • Change the “Amount of time a user is locked out” to 30 minutes.

Other Options:

You want to enter your site’s IP Address into the “Whitelisted IP addresses that bypass all rules:” field.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.