The plugin is pre configured to the most reasonable settings. However you would need to adjust the following:
- User-Login -> Notify by email: Provide correct email for notification purpose.
- User-Login -> Enter whitelisted IP addresses: In case the administrator or the company has a fixed IP, this setting allows to avoid lockouts of the site-owner/admin. Please adjust or disable.
- User registration -> Manual Approval: In case you expect large amount of customers, the setting should be disabled.
- Filesystem security -> File Permission: set the recommended file permissions.
- Firewall -> G6 Blacklist Firewall Rules -> G6 Block Request Methods -> Block PUT method: In case Woocommerce is not used, this setting should be enabled.
- Brute Force -> Cookie based brute force prevention: This should be only enabled if you know what you do.
- Brute Force -> Captcha Settings: for GDPR compliancy and simplicity reasons we only use the “Simple Math Captcha” initially. You should adjust this to your needs.
- Brute Force -> Login Whitelist: In case the administrator or the company has a fixed IP, this setting allows to avoid lockouts of the site-owner/admin. Please adjust or disable.
- Scanner -> File Change Detection -> Send email when change detected: Please adjust.
- 2FA -> helps increasing the security even higher, but requires a careful setup and testing. Therefore disabled.