Security Blog

Recommended security settings for WP Cerber


We provide you with settings based on best security practices. This settings suitable for most of the WordPress powered sites in the Internet. See screenshot below to see how it’s easy.

Limit login attempts

Attempts 3 allowed retries in 60 minutes
Lockout duration 60 minutes
Aggressive lockout Increase lockout duration to 24 hours after 3 lockouts in the last 6 hours
Notifications Notify admin if the number of active lockouts above 8
Site connection Depends on how your site (server) connect to the Internet.

Proactive security rules

Block subnet Checked Always block entire subnet Class C of intruders IP
Non-existent users Checked Immediately block IP when attempting to login with a non-existent username
Request wp-login.php Check only if you set up custom login page. Immediately block IP after any request to wp-login.php
Redirect dashboard requests Checked Disable automatic redirecting to the login page when /wp-admin/ is requested by an unauthorized request

Custom login page

Be careful when enabling this options. If you forget the Custom login URL you will not be able to login.

Custom login URL Set up whatever you want and then bookmarked it or remember it
Disable wp-login.php Checked, if you have custom login page. Block direct access to wp-login.php and return HTTP 404 Not Found Error

Citadel mode

Note: In Citadel mode nobody is able to login. Active users’ sessions will not be affected.

Threshold Enable after 30 failed login attempts in last 15 minutes
Duration 60 minutes
Whitelist Checked Allow whitelist in Citadel mode
Notifications Checked Send notification to admin email

Finally, screenshot.

Recommended security settings for WordPress

Recommended security settings for WordPress




I’m a self-employed developer who builds software products and services using WordPress for more that seven years. I enjoy partnering with others for interesting and challenging projects. If you’re interested in, feel free to contact me.

View Comments
There are currently no comments.