Wordfence Security Plugin Setup for WordPress

Our company is engaged in the development, support and maintenance of sites of any complexity. From simple one-page sites to large-scale cluster systems built on micro services. Experience of developers is confirmed by certificates from vendors.
8+Years of work900+Completed projects100+In house employees19+Partners
Development and maintenance of all types of websites:
Informational websites or web applications
Business card websites, landing pages, corporate websites, online catalogs, quizzes, promo websites, blogs, news resources, informational portals, forums, aggregators
E-commerce websites or web applications
Online stores, B2B portals, marketplaces, online exchanges, cashback websites, exchanges, dropshipping platforms, product parsers
Business process management web applications
CRM systems, ERP systems, corporate portals, production management systems, information parsers
Electronic service websites or web applications
Classified ads platforms, online schools, online cinemas, website builders, portals for electronic services, video hosting platforms, thematic portals

These are just some of the technical types of websites we work with, and each of them can have its own specific features and functionality, as well as be customized to meet the specific needs and goals of the client.

Offered services
Showing 1 of 1 servicesAll 2065 services
Wordfence Security Plugin Setup for WordPress
Simple
~1 business day
FAQ
Our competencies:
Development stages
Latest works
  • image_web-applications_feedme_466_0.webp
    Development of a web application for FEEDME
    1161
  • image_ecommerce_furnoro_435_0.webp
    Development of an online store for the company FURNORO
    1041
  • image_crm_enviok_479_0.webp
    Development of a web application for Enviok
    822
  • image_crm_chasseurs_493_0.webp
    CRM development for Chasseurs
    847
  • image_website-sbh_0.png
    Website development for SBH Partners
    999
  • image_website-_0.png
    Website development for Red Pear
    451
Show more works

Wordfence Security Plugin Setup for WordPress

Wordfence is the most widely used WordPress security plugin. It includes a Web Application Firewall (WAF), malware scanner, IP blocking, two-factor authentication, and real-time traffic monitoring.

Basic Setup After Installation

Firewall → Manage WAF:

  • Optimization: Switch to Extended Protection mode (requires code addition to auto_prepend_file PHP)
  • Web Application Firewall Status: Learning Mode → Protected (after 7 days of learning)

Firewall → Brute Force Protection:

  • Lock out after X login failures: 5
  • Count failures over X minutes: 5
  • Lock out for X minutes: 60
  • Immediately lock out invalid usernames: ✓
  • Immediately lock out invalid email: ✓

Scan: Run the initial scan. Wordfence compares core files, themes, and plugins against the WordPress repository — identifies modified and added files.

Geolocation-Based Blocking (Wordfence Premium)

Geoblocking is unavailable in the free version. In Premium: Firewall → Country Blocking — block countries from which legitimate users never come.

Rate Limiting

Throttle requests from humans: 240/minute (DEFAULT)
Throttle requests from crawlers: 120/minute
Throttle 404 errors from humans: 60/minute
Throttle 404 errors from crawlers: 20/minute
How long is an IP address blocked: 5 minutes

Notifications

Login Security → Configure email notifications:

  • Alert when an administrator signs in: ✓ (only for small sites)
  • Alert on critical problems: ✓
  • Alert when someone is locked out from login: ✓

Do not enable all notifications — you will receive hundreds of emails and stop paying attention.

Two-Factor Authentication

Login Security → Two-Factor Authentication:

  • Activate 2FA for administrators: ✓
  • Require 2FA for all admins: ✓

Supports Google Authenticator, Authy, any TOTP application.

WAF Exceptions

The WAF sometimes falsely blocks legitimate requests — for example, from payment systems or REST API clients. Add exceptions: Firewall → Allowlisted URLs.

Important Additional Measures

Wordfence is not a replacement, but a supplement to basic security:

// wp-config.php — restrictions
define('DISALLOW_FILE_EDIT', true);   // disable file editor
define('DISALLOW_FILE_MODS', true);   // disable plugin/theme installation

# Nginx — close xmlrpc.php if not in use
location = /xmlrpc.php { deny all; }
# Close wp-login.php for everyone except your IP
location = /wp-login.php {
    allow 1.2.3.4;  # your IP
    deny all;
}

Timeline

Installation and setup of Wordfence with initial scan — 2–3 hours.