Thread Starter
kjwp7
(@kjwp7)
Hello,
I want to make sure if I get it right – I use Wordfence’s 2FA (via Google Authenticator), but only login on the computer, so I don’t use any WordPress apps on phone. For me the 2FA works fine with the option set to “required”. Should I still change it, and will it be safe for the website? On Wordfence’s website it says:
“This option is set to ‘Required’ by default, to prevent logins without 2FA via xmlrpc.php. Attackers often target xmlrpc.php with password guessing attacks, so it is important to keep this feature enabled if possible.”
Will Wordfence keep blocking those attacks even if I change the option to “skipped”? Sorry for asking about all those details, but I really don’t know much about it, but at the same time want to keep the site safe.
Thanks again!
Thread Starter
kjwp7
(@kjwp7)
Hello, thanks for your message. I don’t know much about all that stuff, so could you please describe what should I do with the application password to set it up correctly (in this case block xml-rpc attacks)? Should I make any changes in Wordfence/Jetpack settings as well?
Thanks in advance!
