Recommended security settings for WP Cerber
We provide you with settings based on best security practices. This settings suitable for most of the WordPress powered sites in the Internet. See screenshot below to see how it’s easy.
Limit login attempts
|Attempts||3 allowed retries in 60 minutes|
|Lockout duration||60 minutes|
|Aggressive lockout||Increase lockout duration to 24 hours after 3 lockouts in the last 6 hours|
|Notifications||Notify admin if the number of active lockouts above 8|
|Site connection||Depends on how your site (server) connect to the Internet.|
Proactive security rules
|Block subnet||Checked Always block entire subnet Class C of intruders IP|
|Non-existent users||Checked Immediately block IP when attempting to login with a non-existent username|
|Request wp-login.php||Check only if you set up custom login page. Immediately block IP after any request to wp-login.php|
|Redirect dashboard requests||Checked Disable automatic redirecting to the login page when /wp-admin/ is requested by an unauthorized request|
Custom login page
Be careful when enabling this options. If you forget the Custom login URL you will not be able to login.
|Custom login URL||Set up whatever you want and then bookmarked it or remember it|
|Disable wp-login.php||Checked, if you have custom login page. Block direct access to wp-login.php and return HTTP 404 Not Found Error|
Note: In Citadel mode nobody is able to login. Active users’ sessions will not be affected.
|Threshold||Enable after 30 failed login attempts in last 15 minutes|
|Whitelist||Checked Allow whitelist in Citadel mode|
|Notifications||Checked Send notification to admin email|
Last posts from WordPress security blog
- Brute-force, DoS, and DDoS attacks – what’s the difference? 04/10/2017
- WP Cerber 4.5 03/22/2017
- Instant mobile and browser notifications with Pushbullet 03/20/2017
- Best WordPress Plugins for Two-Factor Authentication 03/15/2017
- WordPress 4.7.3 – six security issues has been fixed 03/06/2017
Let's make things clear with these intruder activities that happens every day with any website. How are they dangerous? What tools or plugin can mitigate them? What are chances that we can do that successfully?
WP Cerber allows you to easily enable desktop and mobile notifications and get all those notifications from your WordPress instantly and for free. In a desktop browser, you will get popup messages even if you logged out of your WordPress. Last posts from WordPress security blog Brute-force, DoS, and DDoS attacks – [...]