Need to allow certain WordPress features (like XML-RPC, cron jobs, file editing, etc.) on specific sites while still keeping WP-AutoShield active for the rest? You can easily do that using the WP-AutoShield exclusion list and manual tools.
How to Exclude Specific Sites from Auto Actions
To prevent WP-AutoShield from enforcing specific settings (like blocking xmlrpc.php) on certain sites, exclude them from the automated daily actions. This means the current security settings will remain, but cPFence will no longer re-apply them if changed manually.
Step 1: Edit the Exclusion List
nano /var/log/cpfenceav/wp-exclude-list.txt- To exclude an entire account:
/var/www/site_id/ - To exclude a specific WordPress install:
/var/www/site_id/public_html/blog
Once listed, WP-AutoShield will skip this site during its daily run at 6:10 AM and any manual triggers.
Step 2: Manually Enable or Disable a Feature for That Site
To re-enable or disable a specific feature (like XML-RPC) on the site you excluded, use the UI tool:
- Run:
cpfence --ui - Go to Tools & Utilities → WP-AutoShield Bulk Tools
- Apply the change to your chosen site (e.g., re-enable XML-RPC)
This approach works for all WP-AutoShield features like disabling cron, turning off login protection, allowing file editing, and more.
If you'd like a full guide on site exclusions, refer to: How to Exclude Sites from WP-AutoShield and Keep Features Off
Need Further Assistance?
Visit our Knowledgebase or contact our support team for help.
