WP AutoShield automatically secures all WordPress installations on your server. However, if you need to exclude specific sites from its security features, follow these steps.
Excluding Sites from WP AutoShield
To exclude specific sites from WP-AutoShield, edit the exclusion list:
nano /var/log/cpfenceav/wp-exclude-list.txtExclusion Options:
- To exclude all WordPress installations under a specific account, add:
/var/www/site_id/ - To exclude a single WordPress installation, add:
/var/www/site_id/public_html/blog
Important: This will ensure the site is skipped when automatic security measures are applied daily at 6:10 AM or when WP AutoShield is triggered manually.
Undoing Security Changes on an Excluded Site
Excluding a site from WP AutoShield does not automatically undo any security features that were previously applied. To manually revert changes, follow these steps:
1. Remove the cPFence MU Plugin (if applicable)
If the MU plugin was added to the site, you can manually remove it from the WordPress installation directory. (found in /wp-content/mu-plugins/)
2. Disable Security Features Using Manual Commands
Use any of the following commands to disable individual security features on specific sites as needed :
cpfence --bulk-disable-wp-hardening
cpfence --bulk-disable-wp-captcha
cpfence --bulk-enable-xss-in-wp-posts
cpfence --bulk-disable-wp-idle-logout
cpfence --bulk-disable-wp-limit-login
cpfence --bulk-enable-wp-xmlrpc
cpfence --bulk-enable-wp-pingback
cpfence --bulk-enable-wp-file-edit
cpfence --bulk-enable-wp-cron
cpfence --disable-wp-auto-updatesNote: Manual commands do not respect the exclusion list. Before running them, edit the WordPress site list and remove all sites except the one you want to revert changes for:
nano /var/log/cpfenceav/wp-sites-list.txtUse Ctrl + K to quickly remove unwanted entries. No need to worry about the emptied site list—WP AutoShield will automatically regenerate it in the next cron run.
Disabling Specific Features for All Sites
If you want to disable a specific WP-AutoShield security feature globally across all WordPress sites on your server, modify the configuration file:
nano /opt/cpfence/config.confLocate the feature you want to disable and set it to "off". This will ensure that WP AutoShield does not enforce that security setting on any site.
For further assistance, feel free to reach out to our support team.
