SiteFort documentation

Settings

Configure scan policy, alert delivery, integrations, license state, and advanced options. Settings covers anything that affects multiple modules or connects to external services.

Documentation Home Recommended Settings

Settings

SiteFort Settings are organized into Scanner, Notifications, Integrations, License & Plan, and Advanced. Use Settings for policies that affect multiple modules or external services.

Scanner Settings

The Scanner settings tab contains the same Scan Scope and Automated Scans controls documented under Scanner Configuration. Use this tab when you want to change scan policy without opening the Scanner slide-over.

Email Notifications

Email Notifications controls all email alerts sent by SiteFort from this site. Enter comma-separated email addresses, or leave the field blank to use the WordPress admin email. You can also send the same notifications to selected WordPress administrators.

Notification group	Events	Recommended recipient
Scans & Vulnerabilities	Scan Findings, New Vulnerability Found, and Scan Failed.	Technical owner, agency support queue, or security mailbox.
Firewall & Login Protection	Firewall Block Summary and Login Lockout.	Site administrator or operations channel. Use digest schedule to reduce noise.
Account Activity	SiteFort Deactivated, Sensitive Tool Used, Two-Factor Authentication Change, and Administrator Sign-In.	Security owner or account owner. These events can indicate unauthorized changes.

Severity threshold options are All Severities, Low and above, Medium and above, High and above, and Critical only. Firewall Block Summary supports Daily, Weekly, and Monthly digest schedules.

Webhook Delivery

Webhook Delivery sends alerts to Slack, Discord, or a custom HTTP endpoint in addition to email. Use it when alerts should reach a team channel, ticketing workflow, or SIEM-style collector.

Provider	How it works	Setup note
Slack	Delivers formatted alerts to a Slack channel.	Create an Incoming Webhook in the Slack workspace under Settings > Apps.
Discord	Delivers color-coded alerts to a Discord channel.	Create a webhook in Discord under Channel Settings > Integrations > Webhooks.
Generic JSON	Delivers a signed JSON payload to a custom HTTP endpoint.	Verify each delivery using the HMAC-SHA256 signature header.

Provider states include Active, Saved, and Not set up. Actions include Use this provider, Discard, Send test, and Save URL.

Integrations

Cloudflare Connection

Add your Cloudflare Zone ID and credentials in Settings > Integrations. SiteFort verifies the connection, discovers the Account ID, checks token permissions, and detects the Cloudflare plan before edge protection is enabled. Authentication methods are API Token (Recommended) and Global API Key. Status cards show Connection, Account ID, Permission Check, and Detected Plan. Actions include Save & Verify, Re-verify Credentials, and setup guide links when permissions need attention. See the Cloudflare Integration Guide for the illustrated setup flow and required token scopes.

MaxMind GeoIP

MaxMind GeoIP is used for origin-level country blocking when Cloudflare edge headers are unavailable or when requests reach WordPress without a trusted Cloudflare country header. Enter Account ID and License Key, check Credentials and Database status, use Test country lookup when available, then click Save or Update Country Database.

CAPTCHA / Bot Detection

Configure CAPTCHA keys here, then enable protection in Hardening > Login Security. Providers include Google reCAPTCHA v2 Checkbox, Google reCAPTCHA v2 Invisible, Google reCAPTCHA v3 Invisible, and Cloudflare Turnstile. reCAPTCHA v3 includes a Score Threshold slider from 0.1 to 1.0. Lower is more permissive; higher is stricter. The UI recommends 0.5. Secret keys are stored securely. Select the secret field only when replacing it; leave it blank and save to keep the current secret key unchanged.

License & Plan

The License & Plan tab displays license state, plugin version, plan label, expiry when available, revalidation actions, activation flows, and license deactivation. Plan labels visible in the UI include SiteFort Managed, SiteFort Pro, and SiteFort Free. Free plan text explains that the site is connected on the Free plan and that upgraded subscriptions can be applied with Activate Pro. Paid plan text states that the site is protected with advanced cloud firewall, real-time malware signatures, and audit logging. Active sites can Activate Pro, Revalidate License, or Deactivate License after confirmation.

Advanced Settings

Section	Settings	Guidance
Server Configuration	Server Type, Nginx Config File, and Write to Files.	Automatic detection works for most sites. Disable Write to Files when server config is managed externally.
Data Configuration	Audit Logging, Log Storage, Log Level, Database Log Retention, and File Log Retention.	Use Standard log level for production unless every routine event is needed. Choose retention based on audit and storage requirements.
Danger Zone	Reset Plugin Data.	This permanently erases plugin settings, scan history, and cached data. The license connection must be reactivated afterward.