Hardening
Traffic Inspector in a nutshell
Traffic Inspector analyzes incoming HTTP requests, recognizes suspicious, and blocks them before they can harm your website. This security algorithm is enabled by default and in the vast majority of cases requires no configuration. When Traffic Inspector is enabled, the firewall analyzes and blocks malicious and potentially [...]
Brute-force, DoS, and DDoS attacks – what’s the difference?
Let's make things clear with these intruder activities that happens every day on any website. How are they dangerous? What tools or plugin can mitigate them? What are chances that we can do that successfully?
Turn your WordPress into Fort Knox
This article assumes that we want to get a bulletproof protected website powered by WordPress. It’s not necessarily to do all the following steps word for word and point by point exactly as described. But I do recommend that if you want to create your own Fort Knox. WordPress Security Traffic Inspector in a nutshell [...]
Hardening WordPress with WP Cerber
All suggested settings are highly recommended for most websites on the Internet. If you need, for some reason, provide access to the functions and features listed on this page from a particular computer or an IP network, you need to add them to the White IP Access List. Disable REST API The plugin restricts access to the [...]
How to protect WordPress with Fail2Ban
By using WP Cerber Security and Fail2Ban together you can reinforce protection at the most effective level. That allows you to protect a WordPress from brute-force and DoS attacks at the OS level with iptables. Read more about attacks: Brute-force, DoS, and DDoS attacks – what’s the difference? Note: you have to have the root [...]
Hardening WordPress with WP Cerber and NGINX
NGINX is a free, open-source, high-performance HTTP server. WP Cerber is a free, open-source, security plugin which protects WordPress powered sites from intruders and hackers. How to hardening WordPress using WP Cerber and NGINX together First of all, you need to set up a Custom login URL and check Block direct access to [...]
Custom login page for WordPress
The custom login page feature is a great tool for reducing the attack surface and eliminating automatic and spam registrations. It’s the first thing you should enable on a newly installed WordPress. Another highly recommended security measure is renaming WordPress’s plugins folder. Why it matters and why it works According to [...]
How to hide wp-admin and wp-login.php from attacks
With WP Cerber Security you can do that with several clicks. Open WP Cerber main settings page. Turn on Disable automatic redirection to the login page when /wp-admin/ is requested by an unauthorized request Enter your desired custom login URL into the Custom login URL field Turn on Block direct access to wp-login.php and return HTTP 404 [...]