Site Settings

The Site Settings tab allows you to configure the SiteLock WordPress plugin to suit your website’s security needs. You can manage various security features, including login protection, website hardening, and admin monitoring.

SiteLock plan & license

The SiteLock plan & license tab displays your current SiteLock plan and license status.

How to configure your SiteLock plan & license

Navigate Settings SiteLock plan & license.
Enter your license key.

If you do not have a license key, click Get your license key now.
Click Save Changes to activate your SiteLock account.

Once activated, your eligible plan features will load the latest data and your license status will display 'Connected' on the top right of the plugin page.

Website Security

The Website Security tab allows you to configure various security settings for your WordPress site.

The following table describes the details of the Website Security tab.

Setting	Description
Disable Directory Listing	Prevents unauthorized users from viewing the contents of directories on your server.
Deny Access to Unsafe Script Extensions	Blocks access to potentially unsafe script file types.
Basic XSS/SQLi Protection	Provides basic protection against cross-site scripting (XSS) and SQL injection (SQLi) attacks.
Harden Writable Directories	Strengthens security for directories that are writable by the web server, reducing the risk of unauthorized access.

Setting

Description

Disable Directory Listing

Prevents unauthorized users from viewing the contents of directories on your server.

Deny Access to Unsafe Script Extensions

Blocks access to potentially unsafe script file types.

Basic XSS/SQLi Protection

Provides basic protection against cross-site scripting (XSS) and SQL injection (SQLi) attacks.

Harden Writable Directories

Strengthens security for directories that are writable by the web server, reducing the risk of unauthorized access.

How to configure Website Security settings

Navigate to Settings Website Security.
Review the available security options:
1. Disable Directory Listing — Activate this to prevent visitors from viewing directory contents.
2. Deny Access to Unsafe Script Extensions — Activate this to block access to potentially dangerous script file types.
3. Basic XSS/SQLi Protection — Activate this to add basic protection against common web attacks.
4. Harden Writable Directories — Activate this to restrict write permissions on sensitive directories.
Click Save Changes.

Login security

The Login Security tab provides multiple levels of enforcement for password strength, allowing you to tailor security requirements to your site’s needs.

Password strength is evaluated using the industry-standard open-source tool zxcvbn, which analyzes passwords for complexity and resistance to common guessing techniques. This ensures that users create passwords that are difficult to hack.

There are three enforcement levels for password strength:

Disabled — No password strength requirements are enforced.
Medium — Passwords must meet a moderate level of complexity, as determined by zxcvbn (typically requiring a mix of characters and a minimum length).
Strong — Passwords must achieve a high strength score in zxcvbn, requiring longer passwords with a greater variety of character types.

You can specify the minimum required password strength for each user role, ensuring that higher-privileged accounts (such as Administrators) have stricter requirements.

The following table describes the details and controls of the Login Security tab.

Element	Description
Login Lockout	Temporarily locks out users after a specified number of failed login attempts. Max Login Attempts — Specifies the maximum number of failed login attempts allowed before a user is locked out. Lockout Duration — Specifies the duration (in minutes) for which a user is locked out after exceeding the maximum login attempts. Reset Time — Specifies the time period (in minutes) after which the failed login attempt count is reset.
Force Logouts	Automatically logs out users after a specified period of inactivity to enhance security. Excluded for Roles — Specifies which user roles are exempt from forced logouts. The possible roles are: Administrator Editor Author Contributor Subscriber Customer Shop manager Time Period — Specifies the duration (in hours) of inactivity after which users are automatically logged out.
Password Strength Enforcement	Requires users to create strong passwords that meet specific complexity requirements. Minimum Strength by Role — Specifies the minimum password strength required for different user roles. The possible roles are: Administrator Editor Author Contributor Subscriber Customer Shop manager Password Strength Levels — Defines the levels of password strength (Disabled, Medium, Strong) based on criteria such as length and character variety.
Login Activity Log	Tracks and logs login attempts, alerting you to suspicious activity. Enable for Roles — Specifies which user roles have their login activity logged. The possible roles are: Administrator Editor Author Contributor Subscriber Customer Shop manager Log Retention Period — Specifies how long login activity logs are retained before being automatically deleted.

Element

Description

Temporarily locks out users after a specified number of failed login attempts.

Max Login Attempts — Specifies the maximum number of failed login attempts allowed before a user is locked out.
Lockout Duration — Specifies the duration (in minutes) for which a user is locked out after exceeding the maximum login attempts.
Reset Time — Specifies the time period (in minutes) after which the failed login attempt count is reset.

Force Logouts

Automatically logs out users after a specified period of inactivity to enhance security.

Excluded for Roles — Specifies which user roles are exempt from forced logouts. The possible roles are:
- Administrator
- Editor
- Author
- Contributor
- Subscriber
- Customer
- Shop manager
Time Period — Specifies the duration (in hours) of inactivity after which users are automatically logged out.

Password Strength Enforcement

Requires users to create strong passwords that meet specific complexity requirements.

Minimum Strength by Role — Specifies the minimum password strength required for different user roles. The possible roles are:
- Administrator
- Editor
- Author
- Contributor
- Subscriber
- Customer
- Shop manager
Password Strength Levels — Defines the levels of password strength (Disabled, Medium, Strong) based on criteria such as length and character variety.

Tracks and logs login attempts, alerting you to suspicious activity.

Enable for Roles — Specifies which user roles have their login activity logged. The possible roles are:
- Administrator
- Editor
- Author
- Contributor
- Subscriber
- Customer
- Shop manager
Log Retention Period — Specifies how long login activity logs are retained before being automatically deleted.