The Memberships > Settings > Security admin page is a central hub for all security-related settings in PMPro.

Table of contents

Spam Protection

To protect your site from spam, it is recommended to set up several spam protection methods. Below are the options you can configure:

  • Akismet Integration: Use the Akismet plugin to prevent spam signups during checkout. This free plugin, typically pre-installed with WordPress, filters checkout form submissions to identify and block spammy behavior.
  • IP Address Blocking: Enable this setting to block IP addresses that repeatedly attempt checkout, particularly useful for on-site checkouts. If more than 10 payment failures occur within 15 minutes, the system blocks further attempts from that IP, helping prevent fraudulent transactions like card testing.
  • reCAPTCHA: Choose Google reCAPTCHA to verify that users are human. This tool adds hidden or visible challenges (e.g., selecting images) to the checkout process, deterring automated signups.
  • Use CloudFlare Turnstile?: Select whether to use CloudFlare Turnstile for spam protection.

HTTPS Settings

Ensure that your site uses HTTPS to secure communication:

  • Force SSL: Decide whether to force SSL across your site. This is recommended to ensure all communications are encrypted.
    • If your site URL starts with https://, this option ensures your entire site is served over HTTPS. If your site experiences redirect loops, you can enable JavaScript redirects. 
  • Extra HTTPS URL Filter: Pass all generated HTML through a URL filter to add HTTPS to URLs used on secure pages.
    • Enable this if you are using SSL and encountering warnings on checkout pages.

DNS Firewall

DNS firewalls like Cloudflare provide distributed denial of service (DDoS) protection, improve page speed by delivering content via a global CDN, and include a web application firewall to block malicious traffic and vulnerabilities.

  • Cloudflare: Confirms if the free Cloudflare DNS firewall is active or not detected.

WordPress Security Plugins

Security plugins are designed to add additional layers of protection for your WordPress site.

This section detects whether your site is using one of our recommended WordPress Security plugins. If your site is running multiple security plugins, please consider deactivating one to avoid conflicts and improve site performance.

  • MalCare: Our most recommended security plugin. MalCare offers real-time threat detection, firewalls, and performance optimization. If not installed, you can click to install it.
  • Other Security Plugins: This page detects if you are using other security plugins including Wordfence and Solid Security.

Video: Configure Security Settings

Screenshot

Screenshot of Security Settings in Paid Memberships Pro

Get Support From Our Team of Experts

For more help with this PMPro feature, check out our Support Page with three ways to get support as a free or premium member.

Get Support

Last updated on October 4, 2024

Was this article helpful?
YesNo