Diadem Web Hosting Knowledgebase
Search:     Advanced search

All In One WP Security & Firewall

Article ID: 834
Last updated: 22 Jan, 2016
Add comment
Views: 2234
Comments: 0

To begin making your WordPress site more secure:

Install All In One WP Security & Firewall:

  1. Login with admin credential then click on plugins menu - go to search box and type All in one wp security & firewall - select and click on install button .
  2. Activate the plugin through the 'Plugins' menu in WordPress
  3. Go to Settings menu under 'WP Security' and start activating the security features of the plugin. 


WP Generator Meta Tag:

This feature will allow you to remove the WP generator meta info from your site's pages

  1. WP Security - Settings
  2. Click On wp-Meta info
  3. Click on Remove WP Generator Meta Info      

User Accounts -

Admin User Security:

By default, WordPress sets the administrator username to "admin" at installation time.
A lot of hackers try to take advantage of this information by attempting "Brute Force Login Attacks" where they repeatedly try to guess the password by using "admin" for username.

  1. WP Security - User Accounts.
  2. WP User Name - New Add User (for renaming default user).
  3. Save.

User Login -

Login Lockdown Configuration:

One of the ways hackers try to compromise sites is via a Brute Force Login Attack.
This is where attackers use repeated login attempts until they guess the password.
Apart from choosing strong passwords, monitoring and blocking IP addresses which are involved in repeated login failures in a short period of time is a very effective way to stop these types of attacks.

  1. WP Security - User Login
  2. Click on Login Lockdown
  3. Select  Enable Login Lockdown Feature
  4. Select Instantly Lockout Invalid Usernames
  5. Select Notify By Email and type your mail id
  6. Save Settings

Force Logout :

Setting an expiry period for your WP administration session is a simple way to protect against unauthorized access to your site from your computer.
This feature allows you to specify a time period in minutes after which the admin session will expire and the user will be forced to log back in.

To identify how many users is logged on:

  1. WP Security - User login.
  2. Click On Logged in Users  tab.

User Registration Settings -

Manual Approval:

If your site allows people to create their own accounts via the WordPress registration form, then you can minimize SPAM or bogus registrations by manually approving each registration.

  1. WP Security - User Registration
  2. Manual Approval
  3. Click On Enable manual approval of new registrations
  4. Save Settings

Registration Captcha:

This feature allows you to add a captcha form on the WordPress registration page.
Users who attempt to register will also need to enter the answer to a simple mathematical question - if they enter the wrong answer, the plugin will not allow them to register.

  1. WP Security - User Registration
  2. Registration Captcha
  3. Click On Enable Captcha On Registration Page
  4. Save Settings

Database Security -

DB Backup using Wordpress:

  1. WP Security - Database Security
  2. If you need to manual backup then click on it or
  3. You can set a scheduled for backup
  4. For getting backup via email check the box and put a mail id.

Filesystem Security -

PHP File Editing:

The Wordpress Dashboard by default allows administrators to edit PHP files, such as plugin and theme files.
This is often the first tool an attacker will use if able to login, since it allows code execution.

  1. WP Security - File System Security
  2. PHP File Editing
  3. Click On Disable Ability To Edit PHP Files
  4. Save Setting

WP File Access :

This feature allows you to prevent access to files such as readme.html, license.txt and wp-config-sample.php which are delivered with all WP installations.

  1. WP Security - File System Security
  2. WP File Access
  3. Click on Prevent Access to WP Default Install Files
  4. Save Settings

If you need to change wordpress login URL follow the instruction:

  1.  Under WP Security click on Brute Force
  2.     Enable Rename Login Page Feature
  3.     Type a new login URL (for example - mydata)
  4.     Previous login URL: http://DomainName/wp-admin  ,  New login URL is http//:DomainName/?mydata


404 Detection Configuration:

A 404 or Not Found error occurs when somebody tries to access a non-existent page on your website.
This feature allows you to monitor all 404 events which occur on your site, and it also gives you the option of blocking IP addresses for a configured length of time.
If you want to temporarily block an IP address, simply click the "Temp Block" link for the applicable IP entry in the "404 Event Logs" table.

  1. WP Security - Firewall.
  2. Click on 404 detection.
  3. Enable 404 IP Detection and Lockout options and set a time length.
  4. Save settings

Prevent Image Hotlinking:

A Hotlink is where someone displays an image on their site which is actually located on your site by using a direct link to the source of the image on your server.
Due to the fact that the image being displayed on the other person's site is coming from your server, this can cause leaking of bandwidth and resources for you because your server has to present this image for the people viewing it on someone elses's site.
This feature will prevent people from directly hotlinking images from your site's pages by writing some directives in your .htaccess file.

  1.  WP Security - Firewall.
  2.  Click on Prevent Hotlink tab - Enable Prevent Hotlinking Check box.
  3.  Save Settings.

Enable all the options on below given tab :

  1. Basic Firewall Rules
  2. Additional Firewall Rules
  3. 5G Blacklist Firewall Rules

Comment SPAM Settings :

Enable all the option on comment SPAM.

Reference URL : https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/installation/

This article was:  
Add comment
Prev   Next
Anti-Malware Security & Brute Force Firewall     Creating Customers For Each Subscription