Wordfence is very powerful and popular WordPress plugin used for the security of the WordPress websites. The plugin consists of large number of settings which maybe confusing for beginner level users. This guide helps the beginner level users to implement the 10 important recommended Wordfence settings to secure WordPress website.

1. Install and activate Wordfence plugin and access the Wordfence dashboard by visiting WordPress Dashboard -> Wordfence from the left sidebar of the dashboard.
2. Make sure that the “Enabled and Protecting” mode is enabled after the “Learning” period is ended.
3. In “Protection Level”, make sure to optimize the Wordfence firewall by enabling the Extended Protection mode.
4. Upgrade the plugin to the premium version to enable the “Real Time IP Blacklist” feature to protect the website from malicious activities using the updated and latest database.The other default firewall settings are good to start with. These options can be changed in specific scenarios.
5. The recommended scan type for most of the cases is “Standard”. The other options can be used in specific scenarios.
6. Make sure to upgrade the plugin to the premium to use the latest malware signature during the scans. The free version of the plugin updates the malware signature list after 30 days.
7. Moreover, the premium version enables the Reputation Checks (recommended) for ‘spamvertising’, spam identification and domain blacklist checking.
8. Make sure the issues reported in the scan results are fixed.
9. Wordfence tools like live traffic, whois lookup, import/export and diagnostics are really helpful in diagnosing the website’s traffic, IP address identification, sharing the Wordfence settings among WordPress websites and diagnosing the plugin conflicts or configuration issues respectively.
10. Wordfence provide login security tools like Two Factor Authentication (2FA) which is the latest and most secure form of authentication and Google reCaptcha to protect the forms from bot attacks.