Skip to main content

Wordfence > All Options > Brute Force settings

Make the brute force settings much more strict, with the max lockout duration, so that bots aren’t continually trying to log into your site.

Wordfence > General Wordfence Options

If you’re using Cloudflare, Wordfence will only see users as coming from the CF IP address, so you need to tell WF to use the “CF-connecting-IP” header so that the real user IP is used in the firewall.

Wordfence > Login Security > Settings tab – disable XMLRPC

This will stop a large percentage of bots

Enough Talk, Let's Build Something Together