Aug 102014
 

All In One WP Security And Firewall Rules helps you setup the following options basic firewall rules, disable index view, deny bad query strings, 5g blacklist and much more.

Last Updated: March 26, 2017

Latest News: I have added more information about the 404 detection.

All In One WP Security And Firewall Rules Steps

Step 2 ) Click on WP Security -> Firewall to set up the following security settings.

  • Basic Firewall Rules
  • Additional Firewall Rules
  • 6G Blacklist Firewall Rules
  • Internet Bots
  • Prevent Hotlinks
  • 404 Detection
  • Custom Rules

all-in-one-wp-security-and-firewall-firewall-settings

Step 2 ) Click on WP Security -> Firewall -> Basic Firewall Rules to set up the following security settings.

Basic Firewall Settings

  • Enable Basic Firewall Protection:

WordPress XMLRPC & Pingback Vulnerability Protection (Modified in version 4.1.3)

  • Completely Block Access To XMLRPC:
  • Disable Pingback Functionality From XMLRPC:

Block Access to Debug Log Files

  • block access to debug.log file (Added in version 3.9.7)

If you enable all three options, it will add another 40 points score towards your security meter if you activate both options. (Basic Security Level)

When you enable the following Complete Block Access To XMLRPC: you will see the following message appear in the plugin back end. When you enable this feature you are blocking acces to the following file xmlrpc.php. This file can be found in the WordPress root directory of you website installation.

(Attention: You have enabled the “Completely Block Access To XMLRPC” checkbox which means all XMLRPC functionality will be blocked.
By leaving this feature enabled you will prevent Jetpack or WordPress iOS or other apps which need XMLRPC from working correctly on your site.
If you still need XMLRPC then uncheck the “Completely Block Access To XMLRPC” checkbox and enable only the “Disable Pingback Functionality From XMLRPC” checkbox. )

Note: Some users report login attempts Brute Force Attacks in their website. If you only log in through your website then enable this feature Completely Block Access To XMLRPC:.

all-in-one-wp-security-basic-firewall

Firewall Additional Firewall Rules

Step 3 ) Click on WP Security -> Firewall -> Additional Firewall Rules to set up the following security settings.

  • Disable Index Views
  • Disable Trace and Track
  • Forbid Proxy Comment Posting

The following will add another 25 points score towards your security meter if you activate the following three options. (Intermediate And Advanced Security Level)

all-in-one-wp-security-firewall-aditional-rules

Step 4 ) The following will add another 30 points score towards your security meter if you activate the following two options. (Advanced Security Level)

  • Deny Bad Query Strings
  • Enable Advanced Character String Filter

all-in-one-wp-security-bad-query

Step 5 ) Click on WP Security -> Firewall -> 6G Blacklist/Firewall Rules to activate the following security settings.

The following will add another 20 points score towards your security meter. (Advanced Security Level)

  • Enable 6G Firewall Protection (Added in version 4.0.7)
  • Enable 5G Firewall Protection (Note: This option should not be enabled anymore. 6G is much better. The plugin developers will be removing this option soon.)

Step 6 ) Click on WP Security -> Firewall -> Internet Bot to activate the following security settings Block Fake Googlebots.

The following will add another 5 points score towards your security meter. (Advanced Security Level)

all-in-one-wp-security-firewall-internet-bot

Step 7 ) Click on WP Security -> Firewall -> Prevent Hotlinks to activate the following security settings Prevent Hotlinking.

The following will add another 10 points score towards your security meter. (Basic Security Level)

all-in-one-wp-security-firewall-prevent-hotlinking

Firewall 404 Detection

Step 8 ) Click on WP Security -> Firewall -> 404 Detection to activate the following security settings.

  • Enable IP Lockout For 404 Events
  • Time Length of 404 Lockout (min)
  • 404 Lockout Redirect URL
  • Click on Save Settings button

The following will add another 5 points score towards your security meter. (Intermediate Security Level)

all-in-one-wp-security-firewall-404-detection-options

Once an IP address has been blocked you are provided with a few options under the 404 Event Logs. These options can be carried out individually or in bulk per IP address blocked.

Options List

  • Temp Block
  • Blacklist IP
  • Delete
  • You can export the log files into a CSV file. (Added in version 4.2.6)

Firewall Custom Rules

Step 9 ) Click on WP Security -> Firewall -> Custom Rules to activate and configure the following security settings. (Added in version 3.9.7)

  • Enable Custom .htaccess Rules
  • Enter Custom .htaccess Rules

Note: This tool allows you to configure any setting within the plugin that writes to the .htaccess file.

You might like to click on the following URL Custom Rules to learn more about this feature.

Step 10 ) The following image 404 Event Logs allows you to search through the error log using the following options. (Updated in version 3.8.7)

  • IP
  • Event Type
  • IP Address
  • Attempted URL
  • Referer
  • Date
  • Lock Status

all-in-one-wp-security-firewall-404-error-logs-search

Step 11 ) The following image allows you to carry out the following options from the even log above.

  • Temp Block IP
  • Blacklist IP (Added in version 3.8.7)
  • Delete

all-in-one-wp-security-firewall-404-options-selections

Step 12 ) The following Custom Rules allows you to enable and edit your .htaccess file. This simplifies the adding of extra rules without having to FTP into your server. (Added in version 3.9.7)

  • Enable Custom .htaccess Rules

Warning: Only enable this setting if you know what you are doing. Adding the wrong entries in your .htaccess can crash your website.

Click on the following link Brute Force to continue configuring the plugins settings.

If you have any questions please let me know

Enjoy.

Go Back To All In One WP Security & Firewall Plugin Menu

Manuel Ballesta RuizManuel Ballesta Ruiz is a web developer, Blogger and WordPress Enthusiast.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)