«
»

Softaculous Defaults & WordFence

softboxbigNew Softaculous Default Settings

If you’re using our cPanel based hosting, the R4L team has made a change to the default settings for the software installation program Softaculous.
When installing WordPress, automatically now a security plugin called WordFence will be installed.  We are also changing the default settings when installing WordPress so that WordPress itself, plugins and themes will automatically stay updated.

WordFence

wordfence-logo-429x324With over 10.7 million downloads, WordFence is the most downloaded WordPress security plugin, and reputedly the best security plugin.  WordFence will help you scan your site for malware/hacks, and help clean the site if problems are detected.

Updating Your Settings

 With WordFence installed, you will want to update some of the settings to make the most of its features.  To do this, go to WordFence on the left column, and and click on Options.  Click Here or documentation WordFence Options.  Apart from the default settings, we recommend the following:

 Basic Options:

  • Where to email alerts: — Enter in your email address

Click the Save Changes button before advancing to the advanced options.

Advanced Options:

 Alerts:

These will depend on how many sites you manage, and how many users you have using your site.  For high volume applications, leave only Alert when an IP address is blocked, Alert when someone is locked out from login, and Alert me when someone with administrator access signs in checked.

Firewall Rules:

  • Check Immediately block fake Google crawlers.  It provides false traffic numbers.
  • 404’s that exceed 2 per minute, choose throttle it
  • How long is an IP address blocked when it breaks a rule, choose the maximum 1 month

 Login Security Options:

  • Choose Force admins and publishers to use strong passwords
  • Lock out after how many login failures, default is 5, recommend 2 or 3
  • Lock out after how many forgot password attempts, default is 5, recommend 2
  • Amount of time a user is locked out, set to 60 days
  • Immediately block the IP of users who try to sign in as these usernames, set admin

Of course, your admin username must not be “admin”.  These settings help protect against brute force attacks

Related posts:

  1. Keeping Your WordPress Site Secure
  2. Keeping Your WordPress Site Secure
  3. Our Patented Login Security Agent
  4. Reseller Hosting

Tags: , ,

This entry was posted on Monday, December 28th, 2015 at 5:17 pm and is filed under Security, Web Hosting. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.