Plugins – WP-Security

The plugin is pre configured to the most reasonable settings. However you would need to adjust the following:

1. User-Login -> Notify by email: Provide correct email for notification purpose.
2. User-Login -> Enter whitelisted IP addresses: In case the administrator or the company has a fixed IP, this setting allows to avoid lockouts of the site-owner/admin. Please adjust or disable.
3. User registration -> Manual Approval: In case you expect large amount of customers, the setting should be disabled.
4. Filesystem security -> File Permission: set the recommended file permissions.
5. Firewall -> G6 Blacklist Firewall Rules -> G6 Block Request Methods -> Block PUT method: In case Woocommerce is not used, this setting should be enabled.
6. Brute Force -> Cookie based brute force prevention: This should be only enabled if you know what you do.
7. Brute Force -> Captcha Settings: for GDPR compliancy and simplicity reasons we only use the “Simple Math Captcha” initially. You should adjust this to your needs.
8. Brute Force -> Login Whitelist: In case the administrator or the company has a fixed IP, this setting allows to avoid lockouts of the site-owner/admin. Please adjust or disable.
9. Scanner -> File Change Detection -> Send email when change detected: Please adjust.
10. 2FA -> helps increasing the security even higher, but requires a careful setup and testing. Therefore disabled.