Recommended security settings for WP Cerber
We provide you with settings based on best security practices. This settings suitable for most of the WordPress powered sites in the Internet. See screenshot below to see how it’s easy.
Limit login attempts
|Attempts||3 allowed retries in 60 minutes|
|Lockout duration||60 minutes|
|Aggressive lockout||Increase lockout duration to 24 hours after 3 lockouts in the last 6 hours|
|Notifications||Notify admin if the number of active lockouts above 8|
|Site connection||Depends on how your site (server) connect to the Internet.|
Proactive security rules
|Block subnet||Checked Always block entire subnet Class C of intruders IP|
|Non-existent users||Checked Immediately block IP when attempting to login with a non-existent username|
|Request wp-login.php||Check only if you set up custom login page. Immediately block IP after any request to wp-login.php|
|Redirect dashboard requests||Checked Disable automatic redirecting to the login page when /wp-admin/ is requested by an unauthorized request|
Custom login page
Be careful when enabling this options. If you forget the Custom login URL you will not be able to login.
|Custom login URL||Set up whatever you want and then bookmarked it or remember it|
|Disable wp-login.php||Checked, if you have custom login page. Block direct access to wp-login.php and return HTTP 404 Not Found Error|
Note: In Citadel mode nobody is able to login. Active users’ sessions will not be affected.
|Threshold||Enable after 30 failed login attempts in last 15 minutes|
|Whitelist||Checked Allow whitelist in Citadel mode|
|Notifications||Checked Send notification to admin email|
Let's make things clear with these intruder activities that happens every day with any website. How are they dangerous? What tools or plugin can mitigate them? What are chances that we can do that successfully?