Wordfence Security is a great plugin for securing WordPress websites. But proper Wordfence settings is very important.
Today in this article, I will tell you the Best Settings for Wordfence Security Plugin.
Wordfence Security Plugin
Wordfence comes with free and premium plans.
The Basic plan of Wordfence is free, but Premium Edition offers more advanced features such as country blocking, firewall rules updated in real-time, scheduled scanning, etc.
First, install the Wordfence Security plugin. For this, log into the WordPress dashboard, click Plugins >> Add new, then search the Wordfence in the search result.
Wordfence Security plugin will appear in the search result, just click install. You can see the screenshots below.
After the plugin is activated, you will add a new menu item “Wordfence” to your WordPress dashboard.
When you click on it, it will show you the Wordfence security settings overview. In addition, you can see security notifications and stats like recent IP blocking, failed login attempts, total attacks blocked, etc.
Firewall settings in Wordfence
Goto Wordfence >> Firewall >> Manage Firewall
On the next page, select the option “Enabled and Protecting” from the Status drop-down menu in Web Application Firewall Status. Then click on “Optimize the Wordfence firewall“.
Now, Wordfence will run some tests to find out your server configuration and ask you to download your current .htaccess and .user.ini files as a backup. Download both files. And select the recommended settings of apache settings in the dropdown button and then hit the Continue button. You can see the screenshots below.
Then go to the Brute Force Protection section.
First of all, enable the Brute Force Protection section and then make all the settings according to the screenshot below.
These below settings I have done on my website, you can do according to your needs.
How To WordPress Blog Scan Using Wordfence Security Plugin
Just click on the Wordfence >> Scan option and then click on the “Start New Scan” button.
Wordfence Security will now start scanning your WordPress site.
It will scan WordPress core, theme file, plugin files, suspicious codes, backdoors, malicious URLs and more.
As a result, it will suggest solving the issues too.
If this article has proved to be helpful for you, do not forget to share it!