The Memberships > Settings > Security admin page is a central hub for all security-related settings in PMPro.
Spam Protection
To protect your site from spam, it is recommended to set up several spam protection methods. Below are the options you can configure:
- Akismet Integration: Use the Akismet plugin to prevent spam signups during checkout. This free plugin, typically pre-installed with WordPress, filters checkout form submissions to identify and block spammy behavior.
- IP Address Blocking: Enable this setting to block IP addresses that repeatedly attempt checkout, particularly useful for on-site checkouts. If more than 10 payment failures occur within 15 minutes, the system blocks further attempts from that IP, helping prevent fraudulent transactions like card testing.
- reCAPTCHA: Choose Google reCAPTCHA to verify that users are human. This tool adds hidden or visible challenges (e.g., selecting images) to the checkout process, deterring automated signups.
- Use CloudFlare Turnstile?: Select whether to use CloudFlare Turnstile for spam protection.
HTTPS Settings
Ensure that your site uses HTTPS to secure communication:
- Force SSL: Decide whether to force SSL across your site. This is recommended to ensure all communications are encrypted.
- If your site URL starts with https://, this option ensures your entire site is served over HTTPS. If your site experiences redirect loops, you can enable JavaScript redirects.
- Extra HTTPS URL Filter: Pass all generated HTML through a URL filter to add HTTPS to URLs used on secure pages.
- Enable this if you are using SSL and encountering warnings on checkout pages.
DNS Firewall
DNS firewalls like Cloudflare provide distributed denial of service (DDoS) protection, improve page speed by delivering content via a global CDN, and include a web application firewall to block malicious traffic and vulnerabilities.
- Cloudflare: Confirms if the free Cloudflare DNS firewall is active or not detected.
WordPress Security Plugins
Security plugins are designed to add additional layers of protection for your WordPress site.
This section detects whether your site is using one of our recommended WordPress Security plugins. If your site is running multiple security plugins, please consider deactivating one to avoid conflicts and improve site performance.
- MalCare: Our most recommended security plugin. MalCare offers real-time threat detection, firewalls, and performance optimization. If not installed, you can click to install it.
- Other Security Plugins: This page detects if you are using other security plugins including Wordfence and Solid Security.