For a quick set up, a DigitalOcean droplet is the best solution. WordPress is easy to migrate to a more cost-effective option later.
First off, go to
Dashboard > Access Lists and whitelist your IP Address. This way you won’t lock yourself out of the website.
Please don’t skip this step lol.
Dashboard > Main Settings
The WP-Cerber Main Settings dashboard is where you configure how many login attempts you allow before you ban people.
You can leave that pretty forgiving for development sites and tighten it for production.
For the rest, just configure your admin email and send a test email.
This is the most important part. Hardening is set under
Dashboard > Hardening. This is also where you disable XML-RPC, a never-used and super dangerous interface that WordPress team refuses to ditch.
On majority of Wordpress installations, you can enable all of the hardening options. These days, WordPress is mostly installed for business rather than for blogging.
Blogging features like author pages are irrelevant at best, and can easily become s vulnerability.
This is WP-Cerber Hardening configuration of a business website. The company publishes regular updates in form of blog articles, which means the RSS has to be accessible. The REST API is enabled because of a Slack monitoring integration.
Enabling just the RSS will be good for most WordPress sites.
Google reCAPTCHA integration is the second most important part. It gets attackers banned faster and eases the server load.
Head over to
WP Cerber > Anti-spam > reCAPTCHA and set up the Google App the guide provided there wants you to.
Once you’re done, enable reCAPTCHA on all WordPress forms:
This cuts short majority of automated login attacks. The attack bots will fail at the reCAPTCHA.
© 2018-21 TheoryDigital OÜ