Setting Up WordPress Security in Minutes: The ReportedIP Hive Wizard
WordPress security setup usually means juggling three plugins and a dozen settings screens. ReportedIP Hive replaces that with a 9-step wizard that ships privacy-first defaults, so a fresh site is protected before you finish your coffee.
This guide walks through what the wizard configures, what the dashboard shows afterwards, and how to tune it without breaking real visitors.
What is ReportedIP Hive?
ReportedIP Hive is a complete WordPress security plugin: 12 attack sensors, four 2FA methods, progressive IP blocking and an opt-in community threat network in one drop-in. The plugin is free and GPL-2.0; paid plans only add server-side comfort like managed mail/SMS relay. The full ReportedIP Hive feature set is documented on the product hub.
What the 9-step setup wizard configures
The wizard runs in a fixed order so each decision builds on the last: Welcome → Connect → Protection → 2FA → Privacy → Notifications → Login → Promote → Done. Every step has a privacy-first default, so skipping one never leaves you less safe than a stock WordPress install.
- Connect. Choose Local Shield (fully offline) or Community Network (paste a free API key from reportedip.de). Local Shield makes zero outbound calls.
- Protection. Enable the sensors and pick a block-duration strategy — the progressive ladder or a fixed length.
- 2FA. Select which methods to offer and which roles must enrol, with a grace period (default 7 days) and a skip counter.
- Privacy. Set retention and anonymisation. The “GDPR Minimal” preset is a single click.
- Login. Optionally move
wp-login.phpbehind a custom slug.
The wizard is skippable — up to 3 skips with a 7-day grace window — so you are never locked out of your own admin while you decide. The final step is a deliberate “Done” celebration that confirms what is now active.
What the real-time dashboard shows
After setup, the dashboard renders 7- and 30-day Chart.js trend lines for blocked IPs, attacks, sign-ins and spam. Five list-table screens back it up: Blocked IPs, Whitelist, Security Logs, API Queue and the 2FA admin grid — each searchable, sortable and bulk-actionable.
Security Logs are severity-filterable and export to JSON or CSV. The Blocked IPs screen lets you unblock, move an IP to the whitelist, or export the list; the Whitelist screen accepts a CSV import for trusted ranges.
Tune it without blocking real users
Enable Report-Only mode under Settings → Blocking before you flip enforcement on. Every event is logged exactly as it would have been blocked, but no IP is ever rejected — ideal for tuning thresholds against live traffic. When the numbers look right, turn enforcement on and the same thresholds start blocking.
Related guides
- The 12 attack sensors and their default thresholds
- Four two-factor methods built into the core
- GDPR-first WordPress security and privacy defaults
See the WordPress plugin documentation for the full settings reference, or browse the rest of the ReportedIP Hive plugin guides. The plugin is public and auditable on GitHub.