[ Configuration ]

Configuration reference

Launch defaults are strict for core hardening and conservative for behavior that could affect legitimate traffic. Apply changes in small increments and verify behavior after each change.

Badger option keys and defaults
Option key	Default	Recommended	Purpose
badger_honeypot_enabled	true	true	Master toggle for trap page generation and trap instrumentation.
badger_blocked_agents	[]	Managed list	Persistent deny-list for known hostile agents.
badger_block_all_unknown	false	false (launch)	Blocks unknown signatures; keep off until your baseline is stable.
badger_login_protection_enabled	true	true	Adds auth hardening and lockout policy to wp-login flows.
badger_login_max_attempts	5	5	Failed login threshold before temporary lockout is applied.
badger_login_lockout_duration	15	15-30	Lockout duration in minutes for repeated authentication failures.
badger_security_headers_enabled	true	true	Enables secure default response headers for hardening.
badger_disable_xmlrpc	true	true	Disables XML-RPC entry points unless explicitly required.
badger_rate_limit_enabled	false	true in production	Request throttling guardrail. Start in monitor mode, then enforce.
badger_rate_limit_max_requests	60	60-120	Maximum requests in configured rate limit window.
badger_rate_limit_window_seconds	60	60	Rate limit bucket size in seconds.
badger_intelligence_anonymize_ips	true	true	Reduces privacy risk by anonymizing IP-level telemetry.

Suggested launch hardening profile

bash

wp option update badger_honeypot_enabled true
wp option update badger_security_headers_enabled true
wp option update badger_login_protection_enabled true
wp option update badger_rate_limit_enabled true
wp option update badger_rate_limit_max_requests 60
wp option update badger_rate_limit_window_seconds 60

Privacy recommendation: keep badger_intelligence_anonymize_ipsenabled in production unless your legal requirements require raw source IP retention.