SiteFort documentation
Getting Started with SiteFort
Install SiteFort, activate your license, run the setup wizard, and prepare a production WordPress site for safe security changes.
Getting Started with SiteFort
SiteFort is a WordPress security plugin covering malware scanning, firewall protection, vulnerability management, login security, and site hardening from one admin area.
This guide follows the SiteFort admin menu and explains each feature in operational terms: what it does, when to use it, how to verify it, and how to troubleshoot it on a live WordPress site.Production Safety Notes
Some SiteFort controls intentionally block traffic, disable endpoints, rewrite server rules, invalidate sessions, or force account recovery. Use these checks before changing settings on a live site.- Confirm you can recover access. Keep a working administrator account, hosting control panel access, and database access available before enabling login URL changes, two-factor enforcement, or country allow-only mode.
- Take a backup before destructive actions. Back up files and database before using repair, delete, database prefix changes, salt regeneration, or User ID migration tools.
- Know your network path. If the site uses Cloudflare, a load balancer, reverse proxy, or managed host firewall, verify IP Detection before enabling strict firewall rules.
- Change one layer at a time. Enable a control, save it, verify the expected result, then continue. This makes rollback simple if something behaves unexpectedly.
- Keep evidence. For incidents, capture scan logs, Traffic Log filters, Audit Log entries, Diagnostics output, and Cloudflare status before clearing or resetting data.
Installation
- Download the SiteFort plugin ZIP file supplied with your account or purchase.
- In WordPress admin, open Plugins > Add New > Upload Plugin.
- Select the ZIP file, click Install Now, then click Activate Plugin.
- Open SiteFort in the WordPress admin sidebar.
Manual install: Upload the unzipped
sitefort folder to /wp-content/plugins/, then activate SiteFort from the WordPress Plugins screen.License Activation
The activation screen is titled Activate Protection. It supports three common activation paths: email verification, license key verification, and SiteFort Console connection.| Activation path | Use it when | Steps |
|---|---|---|
| Email Verification | You want to connect a site on the Free plan or attach the site to the account associated with that email address. | Enter the email address, click Send Verification Code, enter the OTP, then click Verify & Connect. |
| License Key | You have a license key and want to activate the site directly from WordPress. | Enter the license key, request the verification code, enter the OTP, then click Verify OTP & Activate. |
| SiteFort Console | You manage sites centrally from the SiteFort Console. | Click Activate License via SiteFort Console, approve the website connection, accept the required terms confirmation, then complete Connect This Website. |
Setup Wizard
The Setup Wizard appears during first-run setup and can be reopened from the Dashboard. It is best for new installs because it walks through the same real settings used later in the plugin.| Wizard step | What you configure | Do not continue until |
|---|---|---|
| Activate License | Connect the site to SiteFort Console so cloud scanning and vulnerability intelligence can work. | The license state is active or the chosen free connection is complete. |
| Hardening | Apply WordPress Obscurity, Server Hardening, Login Security, and Two-Factor controls. | You understand any login, REST API, XML-RPC, or file-writing impact. |
| Firewall | Enable firewall enforcement, configure traffic protection, and optionally connect Cloudflare. | IP Detection is verified and your administrator IP is trusted. |
| Security Scan | Run the first scan to detect malware, unauthorized changes, and known vulnerabilities. | The scan finishes or the failure panel explains what needs to be fixed. |