Building Your Website, Step-By-Step

Getting Your Wordfence Security Options Right

You already know we think the Wordfence plugin is most important for protecting your website.

We often get asked if you should use the free or paid version of Wordfence. Our suggestion is that you start with the free edition and get comfortable with that; then, if you need it, you can move up to paid. It's a remarkable service.

When you first install Wordfence, many of the settings are already set. There are a few we think you should change to make security even tighter. They are:

Enable Live Traffic View - Uncheck
Update Wordfence automatically when a new version is released? - Check

Scan theme files against repository versions for changes - Check
Scan plugin files against repository versions for changes - Check

Use low resource scanning (reduces server load by lengthening the scan duration) - Check

Immediately block fake Google crawlers - Check (unless you're marketing to Brazil)

If anyone's requests exceed 60 per minute throttle it
If a crawler's page views exceed 120 per minute block it
If a crawler's pages not found (404s) exceed 120 per minute block it
If a human's page views exceed 60 per minute block it
If a human's pages not found (404s) exceed 30 per minute block it
If 404s for known vulnerable URLs exceed 30 per minute block it
How long is an IP address blocked when it breaks a rule 2 hours

Lock out after how many login failures 5
Lock out after how many forgot password attempts 5

Immediately block the IP of users who try to sign in as these usernames:
admin
administrator
security
tech
webmaster
support
root
anon
login
(login)
your website name
your website domain

Whitelisted IP: Put your own IP address in. (Get it from whatismyip.com)

Hide WordPress version - Check

Disable Code Execution for Uploads directory - Check

SAVE Options

Member Center
UserID:

Password:


Ads

Your Own Dot-Com Domain
cinderelladomains.com
Our Recommended Source for Securing Your Domains. Fast Registration, Direct Support Phone

Reliable Website Hosting
siteground.com
Small businesses often use Shared Hosting and the "GrowBig" plan. Free LetsEncrypt SSL included.

Create Your Own Graphics
razataz.com/graphicshb
Website headers and banners are easy to do yourself when you have this inexpensive tool!

Do Your Own Webinars
webinarjeo.com
Unlimited Webinars. Unlimited Attendees. Unlimited Scalability. True Live-Streaming Performance