Managed Hosting Security Setup

Use this guide to setup the Defender plugin for a website that will be on Managed Hosting with OCG. Website on Managed Hosting are hosted on WPMU DEV. Refer to Website Managed Hosting Go Live Steps for complete instructions on taking a website live for Managed Hosting.

  • Setup the Defender Pro plugin
    • If the plugin is not active
      • Access the website admin dashboard via the hub
      • Go to the WPMU DEV menu and under plugins activate the plugin.
    • Activate the default OCG seurity configuration
      • Under the WPMU Dev hub click on the sites menu
      • Under the My Sites page click on the Configs sub-menu
      • Select the Configs sub-menu under the Settings page
      • Select the My Configs tab
      • Select the Apply to Site(s) link that corresponds to OCG Defender Pro Default Configuration
      • Search for the site domain name you will apply this config to.
      • Select the domain name
      • Click the Apply button
    •  Mask the admin login area of the website
      • Under the Defender Pro menu in the website admin dashboard select the Tools sub-menu.
      • Select the Mask Login Area menu
      • In the Masking URL slug section change the test string in the New Login URL slug field to be a combination of the site or company name and the word dashboard. Example: ocgcreativedashboard
      • Click the SAVE CHANGES button at the bottom of the page
    • Set the Google reCAPTCHA keys
      • Under the Defender Pro menu select the Tools sub-menu.
      • Select the Google reCAPTCHA menu
      • In the Configure ReCAPTCHA section
        • Select reCAPTCHA V3
        • Enter the Site key. There should be a ReCAPTCHA account setup for the client in C2 password. you can obtain this key from that account.
        • Enter the Secret Key. There should be a ReCAPTCHA account setup for the client in C2 password. you can obtain this key from that account.
        • Keep the Score to its default.
        • Make sure the following locations are enabled for ReCAPTCHA user: Login, Register, Lost Password, Comments
        • Enable Woocommerce and/or BuddyPress for ReCaptcha if these are active on the website.
        • leave the Disable for logged in users checkbos checked.
        • Click on the SAVE CHANGES button at the bottom of the page
      • Set up the WPMU DEV Web Application Firewall
        • Go to the website on the WPMU DEV Hub.
        • Under the hosting menu for the website select the Tools sub-menu
        • In the Security tools section of the Tools page click the enable button.
        • In the Web Application Firewall pop-up enable the WAF.
        • In the IP Allowlist text area enter the ip address for the OCG office (71.9.232.146).
        • In the Disabled Rule IDs text area copy and paste the WAF rules to disable.
          • In C2 Password search for the WAF Rules to disable for Oxygen record.
          • Copy the list of rules from the Notes field in the “OCG Plugin Licenses” vault in C2 Password and paste them into the Disabled Rule IDs text area.
        • Click the Save button
Filed Under: Managed Hosting