How to Use Bulk WordPress Security Features in cPFence?

Enhancing WordPress security across your server has never been easier. With cPFence's bulk security tools, you can implement robust security measures, manage permissions, and protect your WordPress sites server-wide—all with a few simple commands. This guide walks you through each feature and how to use it effectively.

Step 1: Generate a List of WordPress Sites

  • To begin, generate a list of all WordPress sites on your server with this command:

    cpfence --generate-wp-sites-list

    The list will be saved in /var/log/cpfenceav/wp-sites-list.txt. Edit this file to exclude sites you don’t want to include in the bulk operations.

Step 2: Bulk Disable or Enable XML-RPC

  • Disable XML-RPC:
    Block XML-RPC abuse with a 403 error for all listed sites:

    cpfence --bulk-disable-wp-xmlrpc

    Re-enable XML-RPC across your server if needed:

    cpfence --bulk-enable-wp-xmlrpc

Step 3: Enable wp-login Protection

  • Limit Login Attempts:
    Prevent brute force attacks by limiting login attempts to 5 in 5 minutes for all sites:

    cpfence --bulk-enable-wp-limit-login

    Disable this protection if needed:

    cpfence --bulk-disable-wp-limit-login

Step 4: Set Secure WordPress Keys

  • Bulk Secure Keys:
    Generate secure keys for all listed sites to enhance encryption:

    cpfence --bulk-set-wp-secure-keys

    Note: This will log out all users on all sites.

Step 5: Fix File and Folder Permissions

  • Secure Permissions:
    Detect and fix incorrect permissions across all sites:

    cpfence --bulk-set-wp-permissions

    This tool sets permissions as follows:

    • Directories: 755 (750 for public_html)
    • Files: 644
    • Sensitive files (e.g., wp-config.php): 600

Step 6: Apply WordPress Hardening

  • Enable Hardening:
    Apply critical WordPress hardening measures, including:

    • Blocking PHP execution in wp-content/uploads to prevent malicious file uploads.
    • Securing wp-config.php to protect sensitive credentials and settings.
    • Restricting execution of insecure PHP files in wp-includes.
    cpfence --bulk-enable-wp-hardening

    Disable hardening measures when no longer needed:

    cpfence --bulk-disable-wp-hardening

Step 7: Manage WordPress Cron Jobs

  • Disable WP-Cron:
    Improve performance by disabling WordPress Cron jobs:

    cpfence --bulk-disable-wp-cron

    Re-enable WP-Cron jobs when needed:

    cpfence --bulk-enable-wp-cron

Step 8: Disable or Enable File Editing in WordPress

  • Disable File Editing:
    Remove the ability to edit plugin and theme files directly from the WordPress admin panel, adding an extra layer of security:

    cpfence --bulk-disable-wp-file-edit

    This prevents unauthorized edits, especially in case of compromised admin accounts.

    Enable File Editing:
    Restore the ability to edit files directly from the WordPress admin panel when needed:

    cpfence --bulk-enable-wp-file-edit

Step 9: Disable or Enable Pingbacks

  • Disable Pingbacks:
    Protect your WordPress sites from DDoS abuse by turning off pingbacks across all listed sites:

    cpfence --bulk-disable-wp-pingback

    Enable Pingbacks:
    Restore the pingback functionality for WordPress sites where this feature is required:

    cpfence --bulk-enable-wp-pingback

Step 10: Enable or Disable Automatic Idle Logout

  • Enable Idle Logout:
    Automatically log out idle users after 60 minutes of inactivity across all listed WordPress sites:

    cpfence --bulk-enable-wp-idle-logout

    Disable idle logout protection when it's no longer needed:

    cpfence --bulk-disable-wp-idle-logout

Step 11: Rename Default Admin User

  • Secure Admin User:
    Rename the default admin username to a unique, secure name across all listed sites:

    cpfence --bulk-rename-wp-admin

    This enhances security by reducing the risk of brute-force attacks targeting default usernames.

Step 12: Disable or Enable XSS and Risky Code in Posts

  • Disable XSS in Posts:
    Prevent cross-site scripting (XSS) and risky elements like iframes, embeds, or scripts in WordPress posts across all listed sites:

    cpfence --bulk-disable-xss-in-wp-posts

    Re-enable XSS and risky code when needed:

    cpfence --bulk-enable-xss-in-wp-posts

    Note: Disabling XSS might affect certain plugin features, particularly in the admin panel, without causing frontend issues. Use caution for clients who rely on advanced editor tools like WPBakery or Elementor.

Benefits of Bulk Security Features

  • Efficiency: Apply security measures across dozens or hundreds of sites in minutes.
  • Comprehensive Protection: Harden WordPress installations, secure permissions, and block common attack vectors.
  • Error Handling: Detect and resolve common misconfigurations automatically.
  • Time-Saving: Spend less time on manual security tasks and more on growing your business.

For even greater security and to keep your WordPress sites protected, We strongly recommend updating all WordPress core, plugins, and themes. You can learn how to do this in bulk using cPFence: How to Use WordPress Auto-Update Features in cPFence.


Need Assistance?

If you need help with WordPress security features, contact our support team via the client portal.

  • wordpress
  • 2 Utenti hanno trovato utile questa risposta
Hai trovato utile questa risposta?

Articoli Correlati

How to Perform and Export Wordpress Vulnerability Scans with cPFence?

cPFence provides powerful tools for identifying and analyzing Wordpress vulnerabilities. With the...

How to Generate a List of All WordPress Sites on Your Server?

cPFence provides an easy way to generate a comprehensive list of all WordPress sites on your...

How to Quickly Identify Infected WordPress Sites Using cPFence?

cPFence makes it easy to identify and clean infected WordPress sites on your server. Follow the...

How to Use WordPress Auto-Update Features in cPFence?

Managing WordPress sites securely and efficiently is now easier with cPFence's WordPress...

How to Clean an Infected WordPress Site?

Has your WordPress site been infected, and cPFence reported malware or other issues? Don’t worry;...