A very popular WordPress security plug-in you can use to help protect your sites is Wordfence. This offers extra protection for the site and can alert you if someone is trying to brute force their way into your WordPress dashboard. It also comes with a malware scanner as well as providing loads of useful information to do with the security of your site.
Enabling the Wordfence WAF
To start using WordFence all you need to do is install the plug-in on your site. However to fully ultilise the benifit of Wordfrence you can enable the Wordfence WAF. Once you enable this in Wordfence you will need to add a variable to your sites PHP settings as below:
This setting tells PHP to process all requests to the site through Wordfence which will weed out any suspicious or known exploitative requests.
Make sure the path to your sites wordfence-waf.php reflects the path of your site, for example /home/storm/sites/yourdomainname-com/public/wordfence-waf.php
If you need some information on how to edit your sites php settings, please see this link: https://support.nimbushosting.co.uk/support/solutions/articles/36000020525-changing-your-php-configuration