WordFence is a fantastic plugin for WordPress that will dramatically increase the security of your WordPress blog. It is our recommended plugin for any WordPress site - with WordFence properly installed and configured, the likelihood of your blog being hacked is dramatically reduced.
However, WordFence has a lot of configuration options. The following article outlines how we would recommend that you configure WordFence.
Once you have installed WordFence as a plugin in WordPress, click on WordFence > Options in the side menu. On this page, configure the settings as follows:
The Firewall Rules are an important part of protecting your site. This controls how quickly various activity can take place on your blog and will ensure that a) your site is protected from malicious traffic that might be trying to 'brute force' attack your site. It also controls how quickly bots and other traffic can access your site - generally this traffic is best throttled if too aggressive to ensure that your site operates without interruption.
The following screenshot shows how we would recommend that you set this up. These are guidelines only, if your site is being adversely affected by bot traffic (i.e. we have notified you of such traffic or your site has been 'temporarily limited' by our resource managemnet systems, then you may wish to lower these limits.
These settings will ensure that any brute force login attempts on your WordPress installation are restricted. When setting these options, it's important that you ensure that you use the correct admin username, and that you remember your password so you don't lock yourself out. We'd therefore also recommend that you follow the next step to whitelist your own IP address as well, to help ensure you don't get locked out yourself.
Once saved, it's usually a good idea to run a WordFence scan on your site now. To do this, under the WordFence menu on the left, click 'Scan' and then on the page that loads, click 'Start a WordFence Scan'.
If problems are found, you will be alerted in the bottom. For instance, the scan may show that a plugin needs updating, as shown in the example below. You should follow the advice of the scan report.