[website security]Things you need to make your website more secure

Takahiro Oda
4 min readDec 30, 2021

Hi there

Today, I would like to introduce what you need to make your website more secure. If you have your own website like me, you can get some ideas out of it.

1: Firewall

It is very important to place firewalls on your website for a security reason.

I introduce things you need to do to protect your wordpress website using Cloudflare.

Whitelist your IP address (don’t forget)

before you set up your firewall settings, you need to do whitelist your IP address. Whitelist is an exception when you block some external access. You should block malicious attacks but allow yourself to access your website.

First, from Cloudflare page, (https://dash.cloudflare.com) you login your console.

You choose Firewall > tools.

The photo above shows the following settings

Where: from your home (your home router’s IP address)

Acton: allow

Access destination: This website (in this case,

Therefore, If you block external access, you can only access from your home. So that you can continue to maintain your website while blocking malicious attacks.

A: Block “wp-login.php” access

When you access a console page of your website, it should be


In my page,

When you type “yourpagename/wp-login.php”, you should be able to see a login page like above. This page should be accessed by only a website owner. So you should block external access to that page.

You can setup blocking at Firewall > Firewall rules > Create a Firewall rule

You can create up to 5 rules for free plan.

Rule name: wp-login block (whatever name is ok)

Field: URI Path

Operator: contains

Value: /wp-login.php

Action : Block

You can also see Expression preview if yours matches mine.

If you setup correctly, you can press Deploy.

You can see how much attack blocked last 24h. There are so many people aiming to hack your website in the world.

B: Block xmlrpc.php attack

XML-RPC has some needs when you post contents to multi WordPress sites like Desktop, smartphone and tablet at once. You can create firewall as followings

You can see some attacks too.

C: Block wp-admin attack

“yoursitename/wp-admin” is a console page which you should block because many important settings like password, posts and SNS are managed here.

To set up a firewall, you can do as followings

Reference: https://10alert.com/how-to-use-cloudflare-to-secure-your-wordpress-site/

2: spam comments workaround

Spam is very annoying as you can see the example below.

I introduce some good ways to minimize spam comments.

A: Setup a blacklist for comments

When you access your admin page, you can go to

Settings > Discussion > Disallowed comment keys. It says

When a comment contains any of these words in its content, author name, URL, email, IP address, or browser’s user agent string, it will be put in the Trash. One word or IP address per line. It will match inside words, so “press” will match “WordPress”.

So, you can setup keyword like name, IP address and author name. If the comment includes blacklist keyword, it automatically goes to Trash.

B: Use plugin

In this case, I use “ Anti-Spam by CleanTalk” You can install from plugin and it looks like this

3 Anti-virus

you should use anti-virus software as you use it to your computer. There is an anti-virus plugin you can use for free.

I use “MalCare”

You can register your website from here


It provides malware scan and firewall for free.


It is so important to protect your website since there are more malicious activities after COVID-19 pandemic. We can use so many tools for free.

Lets make your website more secure and we can enjoy our web surfing with no worries.

Have a great day,