In this article:
With WP Cerber Security having so many features, it can replace other single-purpose WordPress security plugins you may have installed. It can set up a maintenance page for when your website is under construction. It has an access control list (ACL) and custom email notifications.
WP Cerber Security includes many other features as smaller “hardening” options. Below we’ll cover how to enable these settings and what they accomplish.
- Log in to WordPress.
- On the left, hover over WP Cerber and click Dashboard.
- Click the Hardening tab.
- Toggle green all hardening options that wouldn’t negatively affect your website.
- Once your done, Save Changes.
The list below summarizes the possible hardening functions on this page:
- Stop user enumeration – Redirect requests for author username queries to a 404 page
- Protect admin scripts – Block malicious access to load-scripts.php and load-styles.php
- Disable PHP in uploads – Block the ability to run PHP scripts from your media folder
- Disable PHP error displaying – Prevent displaying errors which show information that makes your website easier to hack
- Disable XML-RPC – Disables the Remote Procedure Calling protocol (recommended if you don’t use Jetpack) without you manually editing the .htaccess file
- Disable feeds – Deny access to the RSS feed URLs if you don’t have a WordPress-powered podcast or encourage visitors to subscribe to your RSS feeds
- Stop user enumeration – Block REST API requests to users’ data
- Disable REST API – Restrict REST API usage to those specified within the Allow these namespaces text field
- Logged in users – Allow all logged in users to use REST API
- Allow REST for these roles – Restrict REST API usage to specified roles (if Logged in users is toggled gray) – super admin (network / multisite), administrator, editor, author, contributor, subscriber
- Allow these namespaces – Add namespaces for active plugins – e.g. contact-form-7, jetpack
Harden your Server
- Use the latest PHP version for higher server security.
- Strengthen Email Authentication to prevent spam and prevent your emails from being marked as spam.
- Enable Hotlink Protection in cPanel to block other websites from stealing your server resources to share your media elsewhere.
- Enable ModSecurity to protect your website from code injection attacks.
- cPanel Backups don’t harden your website but are your last line of defense when dealing with hack recovery.
- cPHulk Brute Force Protection fights brute force login attempts.
- ClamAV Virus Scanner scans cPanels for and quarantines infected files
- ConfigServer & Firewall (CSF) is a stateful firewall with options to permanently enable and disable IP addresses and ports. It replaces Advanced Policy Firewall (APF).
- cPanel Security Advisor checks various WHM configurations against best practices with resources to help you
- More ModSecurity configuration is available in WHM.
- Scheduled cPanel backups from WHM allow you to concentrate on your work. Set an additional remote storage destination such as Amazon S3 or Google Drive if possible.