How to Apply the One-Click Security Preset

What the One-Click Preset Applies

Clicking "Apply 1-Click Preset" activates the following settings simultaneously:

• Custom login URL — sets your login slug to "secure-login" (you can change this)
• Brute-force protection — limits failed login attempts to 5 before a 20-minute lockout
• XML-RPC disabled — blocks all XML-RPC requests and pingback amplification attacks
• Login attempt window — tracks failed attempts within a rolling 20-minute window
• Comment moderation — all comments require manual approval before publishing
• Previously approved commenters — auto-approved for future comments
• Pingbacks disabled — prevents your site being used in pingback DDoS attacks
• Old post comments closed — closes comments on posts older than 30 days
• Comments with multiple links held — any comment with more than one link is held for review
• Hide WordPress version — removes version number from page source and feeds
• Block author enumeration — prevents ?author=1 username discovery attacks
• Disable file editor — adds DISALLOW_FILE_EDIT to wp-config.php, removing the theme/plugin editor from admin
• Spam keyword moderation list — pre-loaded with common spam terms
• Admin email alerts on lockout — you receive an email whenever an IP is locked out

How to Apply the Preset

1. Navigate to Tools → WP 1 Click LockDown in your WordPress admin.
2. Click the "Apply 1-Click Preset" button in the top-right of the hero bar.
3. You will see a green confirmation notice: "Security preset applied successfully!"
4. The page will reload with all settings updated.

Can I Customise Settings After Applying the Preset?

Yes — the preset sets sensible defaults but every individual setting can be changed. Scroll down to the Security Controls form to customise lockout duration, login slug, spam keywords, or any other option, then click Save All Settings.