Recommended security settings for WP Cerber
We provide you with settings based on best security practices. This settings suitable for most of the WordPress powered sites in the Internet. See screenshot below to see how it’s easy.
Limit login attempts
| Attempts | 3 allowed retries in 60 minutes |
| Lockout duration | 60 minutes |
| Aggressive lockout | Increase lockout duration to 24 hours after 3 lockouts in the last 6 hours |
| Notifications | Notify admin if the number of active lockouts above 8 |
| Site connection | Depends on how your site (server) connect to the Internet. |
Proactive security rules
| Block subnet | Checked Always block entire subnet Class C of intruders IP |
| Non-existent users | Checked Immediately block IP when attempting to login with a non-existent username |
| Request wp-login.php | Check only if you set up custom login page. Immediately block IP after any request to wp-login.php |
| Redirect dashboard requests | Checked Disable automatic redirection to the login page when /wp-admin/ is requested by an unauthorized request |
Custom login page
Be careful when enabling this options. If you forget the Custom login URL you will not be able to login.
| Custom login URL | Set up whatever you want and then bookmarked it or remember it |
| Disable wp-login.php | Checked, if you have custom login page. Block direct access to wp-login.php and return HTTP 404 Not Found Error |
Citadel mode
Note: In Citadel mode nobody is able to log in. Active users’ sessions are not affected.
| Threshold | Enable after 30 failed login attempts in last 15 minutes |
| Duration | 60 minutes |
| Whitelist | Checked Allow whitelist in Citadel mode |
| Notifications | Checked Send notification to admin email |
Finally, screenshot.
Recommended security settings for WordPress
Have any questions?
If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered on the community forum.
Spotted a bug or glitch?
We’d love to fix it! Share your bug discoveries with us here: Bug Report.
How to limit the number of concurrent user sessions in WordPress
WP Cerber Security 8.8
I'm a software engineer and team lead at Cerber Tech. I started coding in 1993 on IBM System/370 and today software engineering at Cerber Tech is how I make my living.
Hi!
What is the main difference between WPCerber and iThemes Security or Wordfence for example?
With iThemes you can block access to specific directories and files, among other things. I don’t know if I’m a little obsessed with security.
I discovered this plugin recently and am very happy with it. I’ve already written you some mail. I like the way it works and the only thing that makes me angry is the high price. I would be happy to pay a cheaper annual fee for the PRO version.
In short, I’d like to say. In addition to installing WPCerber, do you think you need to make any changes using.htaccess or similar?
Thanks for all!
There are two types of security plugins out there. The first one is an advanced security plugin that includes top-notch security technologies and the second one is a simple plugin that offers basic security features plus a lot of marketing gimmick. The only two plugins of the first type are known: WP Cerber and Wordfence. Both offer cloud-based protection and malware scanner which are essential nowadays. What does make WP Cerber unique? We’ve developed a sophisticated antibot engine which effectively stops spammers, a comprehensive rocket-fast firewall which effectively blocks malicious activity and we offer hourly basis scanning for malware, trojans, etc. None of the existing solutions can offer such a powerful combination. And we continue to improve plugin algorithms and will implement a set of advanced features soon.
Blocking access to a directory is not a security feature because it doesn’t prevent a website from being hacked. You can just add a line to .htaccess in a folder to lock the folder.
Having WP Cerber doesn’t require adding anything to the .htaccess file.
Thanks Gregory!
Really, I’m delighted with the free version of the plugin
If my website generated income I would not hesitate to pay for the PRO version.
Congratulations on your work.