# How to configure the Wordfence plugin > Configure the Wordfence plugin correctly to dramatically reduce the risk of your WordPress site being compromised. Source: https://www.kualo.com/knowledgebase/wp-security/how-to-configure-the-wordfence-plugin Updated: 2026-06-09 --- Wordfence is our recommended security plugin for WordPress. With it properly configured, the likelihood of your site being hacked is dramatically reduced - but it has a lot of options, and the defaults are not always ideal. This guide walks you through the settings we recommend. ## Before you start Install Wordfence from the WordPress plugin directory if you have not already done so. Once activated, go to **Wordfence > All Options** in the WordPress admin sidebar. ## Recommended settings ### 1. Set traffic logging to security only Go to **Tools > Live Traffic Options** and set **Traffic logging mode** to **Security only**. The live traffic view is a useful feature, but it adds overhead - particularly on busier sites. It is not essential for security, so we strongly recommend turning it off. ![Traffic logging mode setting](https://kb-cdn.kualo.com/da/92/da92be2ffeb4348bfa593adc95732a0e6f7ab776.png) ### 2. Set how Wordfence detects IP addresses Go to **General Wordfence Options > How does Wordfence get IPs** and select **Use PHP's built-in REMOTE_ADDR**. ![IP detection setting](https://kb-cdn.kualo.com/01/75/0175a646757f58703cbf791a5f019cb37fd104fc.png) ### 3. Configure email alert preferences Go to **Wordfence Global Options > Email Alert Preferences** and enable all options except **Alert me when someone with administrator access signs in**. That last alert is overkill for most sites and will generate unnecessary email noise if you log in regularly. ![Email alert preferences](https://kb-cdn.kualo.com/87/83/878334c119e73c160c6188d116a5888750461380.png) ### 4. Enable all scan options Go to **Scan Options > General Options** and enable all available scan types. ![Scan options](https://kb-cdn.kualo.com/e0/3e/e03ed3946bb5f37d8e75dbdf44b876d9fe02384e.png) ### 5. Optimise the firewall Go to **Firewall Options > Basic Firewall Options** and click **Optimize the Wordfence firewall**. Follow the on-screen instructions to add the required rules to your site's `.htaccess` file. ![Firewall optimisation](https://kb-cdn.kualo.com/85/9e/859ee46a96e5591484ff139f0a5c1ecbff1d26d0.png) ### 6. Allowlist your own IP address Go to **Firewall Options > Advanced Firewall Options** and enter your public IP address in the **Allowlisted IP addresses that bypass all rules** field. This ensures your own connection is never blocked by the firewall. If you are not sure what your IP address is, visit [kualo.com/whatismyip](https://www.kualo.com/whatismyip/) to find out. ![Allowlisted IP addresses field](https://kb-cdn.kualo.com/09/75/0975f093c128bb2cc02b0399a0b08fb0651ce083.png) :::tip Your home or office IP address may change periodically if you are on a standard broadband connection. If you ever find yourself blocked, check whether your IP has changed and update this field. ::: ## Save your settings and run a scan Click **Save Changes** once you have finished configuring the options above. Next, run an initial scan to check the current state of your site: 1. In the WordPress sidebar, go to **Wordfence > Scan**. 2. Click **Start a new scan**. ![Starting a new Wordfence scan](https://kb-cdn.kualo.com/3b/fa/3bfac4e8cf8bf603c45ebe7ff046ecb5acfa0779.png) Wordfence will analyse your files, plugins, and themes. Any issues found - such as outdated plugins or suspicious files - will be listed in the results panel. Follow the recommendations in the scan report to resolve them. --- _Source: Kualo Knowledgebase — https://www.kualo.com/knowledgebase/wp-security/how-to-configure-the-wordfence-plugin · © Kualo Ltd._