Wordfence security plugin for WordPress
Wordfence is the Leading Cyber Security solution for WordPress. It provides a Complete Anti-Virus and Firewall Package for your WordPress Website including Two Factor Authentication, a Firewall incorporating Machine Learning and Tools to help Recover from a Hack.
Wordfence Security is available free. Simply sign into your WordPress website, Go to Plugins > Add New > And search for 'wordfence' without quotes. The premium version includes enterprise WordPress Security features like Two Factor Authentication and Country Blocking.
Wordfence recommended settings:
- never have an admin user
- immediately block non existent usernames
The above will catch most people who try and login as 'admin' user
- block fake google crawlers
- block requests with empty referrer.
- block on 5 attempts,(default 20)
- block for at least 1 hr, ideally 1 day or more, (penalise failed logins heavily)
- disable code execution in php uploads