WordPress website security protection plugin configuration: All In One WP Security & Firewall

WordPressWebsite security protection plug-in configuration:

All In One WP Security & Firewall

We are engaged inWeb Promotion, do it with the websiteSEOMarketing, it is conceivable that website security protection is very important.

somenew mediaPeople who want to do a good job in WordPress website security, complain about these 2 WP security plugins:

• 1) Wordfence
• 2) iThemes Security

Even the most basic functions of exporting and importing settings have to be paid for in the professional version before they can be used, hehe!

WP Secure Login Plugin Recommended

Chen WeiliangSearch carefully in WP official, and find this soonWP plugin :

• 3) All In One WP Security & Firewall

The main difference from the first two is that free users can also use full-featured website protection settings.

Most importantly, you can use the function of importing and exporting settings for free ▼

To set the import and export functions of the All In One WP Security & Firewall plugin, please click the WP Security option "Settings" ▼

Below is a list of WordPress security and firewall features provided by the plugin:

User Account Security

• Detect if there is a user account with the default "admin" username and easily change the username to a value of your choice.
• The plugin will also detect if you have any WordPress user accounts with the same login and display name.Considering where the display name is the same as the login is bad security practice, since you already know the login.
• Password Strength Tool that enables you to create very strong passwords.
• Stop user page.So users/bots cannot discover user information through author permalinks.

User login security

• Use the login lockout feature to prevent "brute force login attacks".Users with specific IP addresses or ranges will be locked out of the system for a predetermined period of time based on configuration settings, and you can also choose to be notified by email of people who have been locked out due to excessive login attempts.
• As an administrator, you can view a list of all locked users in an easy-to-read and navigate table, or unlock individual or bulk IP addresses with the click of a button.
• Force logout of all users after a configurable period of time
• Monitor/view failed login attempts, showing the user's IP address, username/username and the date/time of the failed login attempt
• Monitor/view account activity for all user accounts on the system by tracking username, IP address, login date/time and logout date/time.
• Ability to automatically lock IP address ranges that attempt to log in with invalid usernames.
• Ability to view a list of all users currently logged into your website.
• Allows you to specify one or more IP addresses in a specific whitelist.Whitelisted IP addresses will have access to your WP login page.
• willVerification codeAdded to WordPress login form.
• Add captcha to your WP login system's forgot password form.

User registration security

• Enable manual approval of WordPress user accounts.If your website allows users to create their own accounts through the WordPress registry, then you can minimize spam or fake registrations by manually approving each registration.
• Ability to add captcha to WordPress user registration page to prevent spam user registration.
• Ability to add WordPress to WordPress user registration forms to reduce bot registration attempts.

Database security

• With the click of a button, you can set the default WP prefix to a value of your choice.
• Schedule automatic backups and email notifications, or instant database backups with just one click.

file system security

• Identify files or folders with insecure permission settings and set permissions to recommended security values ​​with the click of a button.
• Protect your PHP code by disabling file editing from the WordPress admin area.
• Easily view and monitor all host system logs from a single menu page, and stay informed of any issues or issues that occur on your server for quick problem resolution.
• Prevent users from accessing your WordPress site's readme.html, license.txt and wp-config-sample.php files.

HTACCESS and WP-CONFIG.PHP file backup and restore

• Easily backup your original .htaccess and wp-config.php files in case you need to use them to restore broken functionality.
• Modify the content of the currently active .htaccess or wp-config.php file from the admin control panel with just a few clicks

Blacklist function

• Prevent users from specifying IP ranges by specifying IP addresses or using wildcards.
• Ban the user by specifying a user-agent.

Firewall function

If you are importing settings from other websites, and check "Enable 404 IP Detection and Lockout": Please be sure to set the "404 Lockout Redirect URL" URL in the "Firewall" option, otherwise it will be redirected to other websites ▼

This plugin allows you to easily add a lot of firewall protection to your website via htaccess files.Your web server runs the htaccess file before any other code on your website runs.

Therefore, these firewall rules will block malicious scripts from having a chance to reach the WordPress code on your website.

• Access control facility.
• Instantly activate a range of firewall settings from basic, intermediate and advanced.
• Enable the famous "5G Blacklist" firewall rule.
• Proxy comment posting is prohibited.
• Block access to debug log files.
• Disable tracking and tracing.
• Malicious or malicious query strings are rejected.
• Prevent cross-site scripting (XSS) by activating a comprehensive advanced string filter.
  Or malicious bots that don't have special cookies in their browsers.You (the webmaster) will know how to set this special cookie and be able to log in to your website.
• WordPress PingBack vulnerability protection feature.This firewall feature allows users to block access to the xmlrpc.php file to prevent certain vulnerabilities in the pingback feature.This also helps prevent bots from constantly accessing the xmlrpc.php file and wasting your server resources.
• Ability to block fake Googlebots from crawling your site.
• Capable of preventing image hotlinking.Use this to prevent others from hotlinking your images.
• Ability to log all 404 events on your website.You can also choose to automatically block IP addresses with too many 404s.
• Ability to add custom rules to block access to various resources on your website.

Brute force login attack prevention

• Stop brute force login attacks instantly with our special cookie-based brute force login prevention feature.This firewall feature will block all login attempts from humans and bots.
• Ability to add a simple mathematical captcha to WordPress login forms to defend against brute force login attacks.
• Ability to hide admin login page.Rename the URL of your WordPress login page so that bots and hackers cannot access your real WordPress login URL.This feature allows you to change the default login page (wp-login.php) to whatever you configure.
• Ability to use a login honeypot, which will help reduce brute force login attempts by bots.

WHOIS lookup

• Perform a WHOI lookup of suspicious hosts or IP addresses and get full details.

security scanner

• File Change Detection Scanner can alert you if any files in your WordPress system have changed.You can then investigate to see if this is a legitimate change, or if some bad code was injected.
• The database scanner function can be used to scan database tables.It looks for any common suspicious strings, JavaScript and some html code in WordPress core tables.

Comment Spam Safe

• Monitor the most active IP addresses that consistently generate the most spam comments and block them instantly with the click of a button.
• You can block comments from being submitted if they are not from your domain (this will reduce some spam postings on your site).
• Add a captcha to your WordPress comment form for added security against comment spam.
• Automatically and permanently block IP addresses that exceed a certain number of marked spam comments.

Front-end text copy protection

• Ability to disable right click, text selection and copy options for your frontend.

Regular updates and additions of new security features

• WordPress security has evolved over time.The plugin authors will regularly update the All In One WP security plugin with new security features (and fixes if needed) so you can rest assured that your site will be on the cutting edge of security technology.

for the most popularWORDPRESS plugin

• It should work smoothly with the most popular WordPress plugins.

Additional features

• Ability to remove WordPress generator meta information from your website's HTML source code.
• Ability to remove WordPress version information from JS and CSS files including your website.
• Ability to prevent people from accessing readme.html, license.txt and wp-config-sample.php files
• Ability to temporarily lock the front-end and regular visitors of a site while performing various back-end tasks (investigating security attacks, performing site upgrades, performing maintenance work, etc.).
• Ability to export/import security settings.
• Prevent other sites from displaying your content via frames or iframes.

FAQ

The service is temporarily unavailable

Error: Access to your IP address has been blocked for security reasons.Please contact your administrator.

If the above "service is temporarily unavailable" prompt message appears when you log in to the website, it means that your IP address access is restricted.Please try renaming the plugin via FTP, after deactivating the plugin, you should be able to log in. If FTP renames the plugin, still can't log in:

1. Make sure all your other plugins are disabled.
2. Then install a fresh copy and enable the plugin, but don't reinsert the rules.
3. Then start enabling the features your website needs.

To prevent your website from being hacked, start installing the All In One WP Security & Firewall security plugin now! Click here All In One WordPress Security and Firewall Plugin download page