[website security]Things you need to make your website more secure
Today, I would like to introduce what you need to make your website more secure. If you have your own website like me, you can get some ideas out of it.
It is very important to place firewalls on your website for a security reason.
I introduce things you need to do to protect your wordpress website using Cloudflare.
Whitelist your IP address (don’t forget)
before you set up your firewall settings, you need to do whitelist your IP address. Whitelist is an exception when you block some external access. You should block malicious attacks but allow yourself to access your website.
First, from Cloudflare page, (https://dash.cloudflare.com) you login your console.
You choose Firewall > tools.
The photo above shows the following settings
Where: from your home (your home router’s IP address)
Access destination: This website (in this case, http://18.104.22.168)
Therefore, If you block external access, you can only access from your home. So that you can continue to maintain your website while blocking malicious attacks.
A: Block “wp-login.php” access
When you access a console page of your website, it should be
In my page, http://22.214.171.124/wp-login.php
When you type “yourpagename/wp-login.php”, you should be able to see a login page like above. This page should be accessed by only a website owner. So you should block external access to that page.
You can setup blocking at Firewall > Firewall rules > Create a Firewall rule
You can create up to 5 rules for free plan.
Rule name: wp-login block (whatever name is ok)
Field: URI Path
Action : Block
You can also see Expression preview if yours matches mine.
If you setup correctly, you can press Deploy.
You can see how much attack blocked last 24h. There are so many people aiming to hack your website in the world.
B: Block xmlrpc.php attack
XML-RPC has some needs when you post contents to multi WordPress sites like Desktop, smartphone and tablet at once. You can create firewall as followings
You can see some attacks too.
C: Block wp-admin attack
“yoursitename/wp-admin” is a console page which you should block because many important settings like password, posts and SNS are managed here.
To set up a firewall, you can do as followings
2: spam comments workaround
Spam is very annoying as you can see the example below.
I introduce some good ways to minimize spam comments.
A: Setup a blacklist for comments
When you access your admin page, you can go to
Settings > Discussion > Disallowed comment keys. It says
When a comment contains any of these words in its content, author name, URL, email, IP address, or browser’s user agent string, it will be put in the Trash. One word or IP address per line. It will match inside words, so “press” will match “WordPress”.
So, you can setup keyword like name, IP address and author name. If the comment includes blacklist keyword, it automatically goes to Trash.
B: Use plugin
In this case, I use “ Anti-Spam by CleanTalk” You can install from plugin and it looks like this
you should use anti-virus software as you use it to your computer. There is an anti-virus plugin you can use for free.
I use “MalCare”
You can register your website from here
It provides malware scan and firewall for free.
It is so important to protect your website since there are more malicious activities after COVID-19 pandemic. We can use so many tools for free.
Lets make your website more secure and we can enjoy our web surfing with no worries.
Have a great day,