Solid Security Global Settings

Note:  These settings will affect all other features plugin-wide.


Write To Files

This will allow Solid Security to write to your wp-config.php and .htaccess files. If you don't enable this, you will have to manually add the Solid Security code to the files for many of the features to function.



Here, you'll be able to manage the length of time a host or user will be locked out from the site after hitting the limit of bad logins. How many days should Solid Security remember a lockout and how many attempts a user is permitted before being permanently banned are also adjusted here. 


Lockout Messages

Host Lockout Messages: This is the message that an IP address will see if they're locked out of the site.

User Lockout Message: This is the message a user will see if their specific username is locked out.

Community Lockout Message: The message to display to a user when their IP has been flagged as bad by the Solid Security network.


Authorized Hosts

This is where you whitelist an IP address to prevent getting locked out by Solid Security after triggering the Site Lockout conditions.

The list accepts single IP addresses and IP ranges as input. To whitelist an IP range, use the wildcard format, for example:


Will be using a wild card since it's including the whole range:


Automatically Temporarily Authorize Hosts: Checking this option will prevent "Administrator" users from being locked out for 24 hours after they successfully log into the site.



Here, you will be able to manage how your event logs are stored (File, Database, or both), the length of time they are kept, and the file path in which they are stored. 


IP Detection

The "Proxy Detection" setting controls how Solid Security determines the IP address of an incoming request, which is crucial for Lockout and Brute Force protection.

  • Security Check Scan (Recommended) - This method involves initiating an API request to SolidWP servers to identify the correct configuration
  • Unconfigured - Any specified proxy header will be used in a predetermined order. Warning: choosing this option disables certain Firewall features because it is susceptible to IP spoofing. In earlier versions of Solid Security, this option was labeled "Automatic (Insecure)".
  • Manual - Users can choose the header that their Proxy service uses, such as CF-Connecting-IP
  • Disabled - In cases where no Proxy setup exists on the server, this option should be selected. It ensures that the system consistently reads from REMOTE_ADDR


UI Tweaks

Here, you will have the option to hide the Security Messages Menu from the WordPress admin bar.


Pro tip: Don't forget to save your changes!

Have more questions? Submit a request