Web Hosting - Wordpress Security with WordFence

Wordfence is a WordPress plugin that provides an endpoint firewall and malware scanner that were built from the ground up to protect WordPress. Rounded out by 2FA and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available.

Please make use of the security plugin on any custom WordPress instances you install and manage in DoIT's Web Hosting Service.

Instructions on how to install and configure it are provided below and optimized for use with the UW Theme.


  1.  First starting on your test site, Download Wordfence plugin, should be the "Wordfence Security - Firewall & Malware Scan" that has millions of installs
  2.  There will be a new Wordfence Link in the dashboard for Administrators (For multi-site, it's only in the Network Admin dashboard) - click it
  3.   Under Firewall, click the "Manage Firewall" button
  4.   The firewall starts in Learning mode that will try to identify things you'll need to exclude. Mostly, this learning mode just surprises people when it switches to fully enabled after 1 week, so we're going to turn it on right now
  5.   Change Firewall Status to "Enabled and Protecting"
  6.   Scroll down to "Allowlisted URLs" - we're going to add exceptions that enable the UW-Theme to work, as well as a few other plugins
  7.   We're looking for these 3 things as the end state:
    •   /wp-admin/admin-ajax.php request.body[table]
    •   /wp-admin/admin-ajax.php request.body[acf]
    •   /wp-admin/admin-ajax.php request.body[messagebody]
  8.   Adding Allowlisted URL/Param:
    •  Enter URL: /wp-admin/admin-ajax.php
    •   Keep: "Param Type: POST Body"
    •   Enter Param Name: acf
    •   Add the other 2 (table, messagebody) as specified above
  9.   Finally, click on "Save Changes" in the upper right, so the changes are saved
  10.   Congrats! You are now protected by one of the best wordpress firewalls. There are a ton of options you can explore on your own for rate limiting and how quickly to block bruteforce attacks. Remember to test first, and take your time applying these rules, Wordfence works really well out of the box.