diff --git a/crowdsec-docs/static/img/bouncer/wordpress/screenshots/config-bouncing.jpg b/crowdsec-docs/static/img/bouncer/wordpress/screenshots/config-bouncing.jpg
deleted file mode 100644
index 8d07cd2f1..000000000
Binary files a/crowdsec-docs/static/img/bouncer/wordpress/screenshots/config-bouncing.jpg and /dev/null differ
diff --git a/crowdsec-docs/static/img/bouncer/wordpress/screenshots/config-bouncing.png b/crowdsec-docs/static/img/bouncer/wordpress/screenshots/config-bouncing.png
new file mode 100644
index 000000000..cb348aa65
Binary files /dev/null and b/crowdsec-docs/static/img/bouncer/wordpress/screenshots/config-bouncing.png differ
diff --git a/crowdsec-docs/unversioned/bouncers/wordpress.mdx b/crowdsec-docs/unversioned/bouncers/wordpress.mdx
index a46d53d0c..9d206160b 100644
--- a/crowdsec-docs/unversioned/bouncers/wordpress.mdx
+++ b/crowdsec-docs/unversioned/bouncers/wordpress.mdx
@@ -176,7 +176,8 @@ Here, you can choose to use `cURL` requests instead. Beware that in this case, y
By default, the maximum allowed time to perform a Local API request is 120 seconds. You can change this setting here. If you set a negative value, request timeout will be unlimited.
-} "Connection details")
+})
***
@@ -191,9 +192,13 @@ With the `Flex mode`, it is impossible to accidentally block access to your site
`Bouncing → Public website only`
-If enabled, the admin view is not bounced.
+If enabled, Admin related requests are not protected.
-This is not recommended in production.
+**Important notes**:
+We recommend to leave this setting to OFF in order to apply protection to your WordPress admin:
+
+- WordPress admin is a frequent target of cyber attacks.
+- Also, some critical public endpoints are considered "admin" and would be unprotected If this setting was ON.
***