When it comes to website security, the best setup is one you don’t have to manage daily. StellarSites gives you that peace of mind—combining a built-in firewall, enterprise-grade Cloudflare protection, and trusted WordPress security tools, all working together out of the box.

No guesswork. No complex setup. Just smart, layered protection from day one.

Your 3 Layers of Built-In Protection #

StellarSites WAF Firewall #

At the heart of every StellarSites website is a smart application-level firewall that monitors and filters traffic before it hits your WordPress install. This isn’t a basic plugin-based firewall—it’s baked into the infrastructure and tuned specifically for WordPress.

• Malicious IP Blocking: Blocks suspicious or known malicious IPs
• Traffic Filtering: Identifies and blocks unusual or unexpected HTTP methods or malformed headers.
• Exploit Defense: Defends against injection attacks, cross-site scripting (XSS), and other common exploits.
  

You don’t have to configure anything—it’s always on and always adapting.

Cloudflare Edge Security #

Every StellarSites website is served through Cloudflare’s global CDN, which means your content isn’t just fast—it’s protected.

Here’s what Cloudflare brings to the table:

• Secure TLS/SSL Handling: Secures HTTPS connections for safe, fast communication..
• DDoS Mitigation: Stops traffic floods before they even touch your site
• Global CDN with Threat Filtering: Speeds up content delivery and blocks harmful traffic..
  

This advanced setup is pre-configured and managed by StellarSites. No need to set up your own account (unless you want to).

Want more control? You can connect your own Cloudflare account for extra customization, like advanced rules or custom page caching.

Solid Security Pro #

Behind the scenes, your WordPress install is protected by Solid Security Pro (formerly iThemes Security Pro). This plugin is fully integrated and configured for you.

It gives you:

• Brute force attack protection: Blocks repeated login attempts to stop hackers from guessing your username and password
• File change detection: Monitors your site’s files and alerts you to any unexpected changes that could indicate a security breach.
• Strong password enforcement: Requires users to create strong, secure passwords to reduce the risk of unauthorized access.
•  Vulnerability Scanning: Regularly scans your site for known security vulnerabilities in WordPress core, plugins, and themes to help you stay ahead of potential threats.
• Activity logging and lockout tracking: Keeps a detailed record of user actions and security events, including lockouts, to help identify suspicious behavior.
• 2FA & Passwordless Login: Enhances user login security by offering two-factor authentication and convenient passwordless login options like magic links or mobile apps.

And yes—this is the premium version, included at no extra cost. Learn more about that here.

Where to View and Manage Security Settings #

For most users, security settings are pre-configured and don’t require adjustments. However, if you’d like to monitor or customize your site-level security, here’s where you can do it:

Solid Security Pro (Site-Level Security) #

Solid Security Pro, which protects your WordPress install, can be fully managed from your site’s admin dashboard. To view and customize your settings:

• Go to WP Admin > Security
• From there, you can adjust your security settings, view activity logs, and more.
  

For a detailed guide on getting started with Solid Security Pro, check out the Getting Started guide.

Cloudflare & Edge Security (Managed by StellarSites) #

Your site’s WAF and Edge Security settings are managed by StellarSites and cannot be directly accessed or customized by users. However, if you suspect an issue with Cloudflare or Edge Security settings, our support team is available to assist you.

Using Your Own Cloudflare Account (Optional) #

By default, all Cloudflare protections are handled for you, but if you’re an advanced user and want more control, you can connect your own Cloudflare account.

To connect your site to your own Cloudflare account, you’ll need to:

1. Verify your domain: Add a TXT record to your domain’s DNS settings to verify ownership.
2. Update your DNS records: Point your domain’s nameservers to Cloudflare’s, allowing it to manage your site’s traffic.

Just know that StellarSites already covers the security basics—and then some.

Final Thoughts #

Security shouldn’t slow you down. With StellarSites, it won’t.

Your site is protected by a built-in firewall and accelerated through Cloudflare’s global edge network. At the site level, Solid Security Pro gives you complete control over WordPress-specific protections.

It’s multi-layered security you don’t have to configure—but if you want to dig deeper, the tools are there to help you explore and customize with confidence.