[website security]Things you need to make your website more secure

Hi there

Today, I would like to introduce what you need to make your website more secure. If you have your own website like me, you can get some ideas out of it.

1: Firewall

I introduce things you need to do to protect your wordpress website using Cloudflare.

Whitelist your IP address (don’t forget)

First, from Cloudflare page, (https://dash.cloudflare.com) you login your console.

You choose Firewall > tools.

The photo above shows the following settings

Where: from your home (your home router’s IP address)

Acton: allow

Access destination: This website (in this case,

Therefore, If you block external access, you can only access from your home. So that you can continue to maintain your website while blocking malicious attacks.

A: Block “wp-login.php” access


In my page,

When you type “yourpagename/wp-login.php”, you should be able to see a login page like above. This page should be accessed by only a website owner. So you should block external access to that page.

You can setup blocking at Firewall > Firewall rules > Create a Firewall rule

You can create up to 5 rules for free plan.

Rule name: wp-login block (whatever name is ok)

Field: URI Path

Operator: contains

Value: /wp-login.php

Action : Block

You can also see Expression preview if yours matches mine.

If you setup correctly, you can press Deploy.

You can see how much attack blocked last 24h. There are so many people aiming to hack your website in the world.

B: Block xmlrpc.php attack

You can see some attacks too.

C: Block wp-admin attack

To set up a firewall, you can do as followings

Reference: https://10alert.com/how-to-use-cloudflare-to-secure-your-wordpress-site/

2: spam comments workaround

I introduce some good ways to minimize spam comments.

A: Setup a blacklist for comments

Settings > Discussion > Disallowed comment keys. It says

When a comment contains any of these words in its content, author name, URL, email, IP address, or browser’s user agent string, it will be put in the Trash. One word or IP address per line. It will match inside words, so “press” will match “WordPress”.

So, you can setup keyword like name, IP address and author name. If the comment includes blacklist keyword, it automatically goes to Trash.

B: Use plugin

3 Anti-virus

I use “MalCare”

You can register your website from here


It provides malware scan and firewall for free.


Lets make your website more secure and we can enjoy our web surfing with no worries.

Have a great day,




Cloud security engineer https://www.linkedin.com/in/takahiro-oda-881423197/

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store