BD Security Firewall now scores your site’s hardening, alerts you the moment a sensitive event happens, and can subscribe to an auto-updating list of known malicious IPs. This guide covers each feature and where to find it.
Security Score and hardening checklist
The dashboard shows a Security Score that reflects how many recommended protections are active. Below it, a hardening checklist lists each item with its current state.
- Open BD Security to see your score and the checklist.
- Work through unchecked items — each one explains what it does.
- The score updates as you enable protections, so you can track progress.
Treat the score as a guide to coverage, not a guarantee. A high score means you have closed common gaps, not that the site is immune.
Real-time alerts
Know about important security events as they happen, not after. Under Settings → Alerts, choose which events notify you and where:
- Email — to one or more addresses.
- Slack or Discord — via an incoming webhook.
- Webhook — JSON to any endpoint you control.
Alertable events include a new administrator being created, a file-integrity change, a login lockout, and a plugin being activated or deactivated.
Auto-updating malicious-IP blocklist
Turn on the optional blocklist to block traffic from IP addresses with a known history of abuse. The list updates automatically, so your firewall stays current without manual edits.
It is off by default. Enable it under Settings when you want the extra layer. Your own allow and block rules always take priority over the shared list.
Trusted-proxy IP handling
If your site sits behind a proxy or load balancer, the visitor’s real IP arrives in a forwarded header. Without correct handling, the firewall could read the proxy’s IP instead of the visitor’s, which weakens IP-based blocks.
- Leave trusted proxy empty if you are on a normal host — this is the safe default and behavior is unchanged.
- Set it only if you know your proxy and the header it sends.
Configuring this incorrectly lets visitors spoof their IP, so change it only when you are sure of your setup.
Quick start
- Open the dashboard and review your Security Score.
- Work through the hardening checklist, top to bottom.
- Set up email or Slack alerts for new admins and lockouts.
- Turn on the malicious-IP blocklist for an added layer.