All In One WP Security And Firewall Dashboard tutorial helps you setup this great and powerful plugin which covers many WordPress security areas.
Last Updated: June 18, 2017
Latest News: I have updated the information below and removed the menu.
This post shows you the display on the top of the menu list and talks about the dashboard in the plugin. This dashboard will show you some activities that have been going on in the background while you weren’t logged in as admin. This comes in handy and helps you investigate up front if there has been some unnatural fishy activities on your website.
The plugin dashboard is the first area you should check every time you log in as the administrator.
All In One WP Security And Firewall Dashboard Steps
Step 1 ) Click on WP Security -> Dashboard to view the following options. See image below.
The Dashboard has three tabs for you to view your current set up and your system information. This is extremely important because it will reveal your current weaknesses.
- System Info
- Locked IP Addresses
- Permanent Block List (Added in version 4.0.4)
- AIOWPS Logs (Added in version 3.9.1)
Note: The permanent block list was recently added to cater for the following:
– auto blocking of comment spammers – see the SPAM Prevention -> Comment SPAM IP Monitoring tab. You can enable auto blocking of comment spammer IPs based on minimum spam comments they produce.
– spammers who register for wordpress accounts and are manually blocked by the administrator – See the User Registration -> Manual Approval tab. If the manual approval checkbox is selected, this tab will list those users pending approval and you can block selected IP addresses permanently.
In future releases the permanent block list will also serve as a general IP blocking list similar to the blacklist but the difference is that the blacklist uses only .htaccess directives to block IPs whereas the permanent block list works at the PHP level independent of .htaccess.
In other words the permanent block list will be an alternative to the blacklist and will cater for people who don’t have an Apache style server installation. (Quoted by wpsolutions)
Security Strength Meter
Step 2 ) The following image Security Strength Meter and Security Points Breakdown shows you what has being enabled, your security strength level and what percentage it covers on your website. A visual display like this is very important for those who don’t know much about website security settings and what they represent.
- Security Strength Meter is currently showing that this website has 50 security strength setup out of 480.
- Security Points Breakdown shows you the overall percentage and the different levels of security set up.
Information: The above entries is just an example of how to manage your security settings. Your settings will be different to this and hopefully have a much higher point and percentage set up.
Step 3 ) The following image Critical Feature Status shows you straight away some of the most critical security settings that should be implemented straight away on your website.
Important: If any of the security settings below are currently displaying as OFF then you should immediately investigate except Maintenance Mode.
- Admin Username
- Login Lockdown
- File Permission
- Basic Firewall
- Maintenance Mode (This one should be set to OFF unless you are currently working on your website and don’t want visitors to view your website)
Step 4 ) The following image Logged In Users lets you know if there are other users logged into your website.
Step 5 ) The following image Locked IP Addresses lets you know if anyone has being locked out from your website.
Step 6 ) The following image Last 5 Logins displays who was logged in the last 5 times.
System Info Tab
Step 7 ) The following tab System Info lets you know your current sever settings. This is vital information when you come across compatibility problems between plugins and your theme.
System Info Tab
- Site Info
- PHP Info
- Active Plugins
Locked IP Addresses Tab
Step 8 ) The Locked IP Addresses tab lets you view all the IP addresses that have been added from login attempts by users.
Step 8-a ) The following image shows two options that you can carry out when IP addresses have been locked out. You can select whether to Unlock or Delete the locked out IP address.
Difference Between Unlock and Delete
- “Unlock” will unlock the IP range and also keep this record in the database.
- “Delete” will unlock the IP range but it will delete that record from the database.
Sometimes people want to keep medium or long term records of all locked IP ranges and the corresponding data for investigation purposes which is why we have the unlock command. If you simply want to unlock an address and don’t want to keep that record in the DB then use the delete option.
PS: The developers in the near future will improve the unlock table so you can also see the previously unlocked records which are still in the DB. In the meantime you can view these records via PHPMyAdmin.
AIOWPS Logs Tab
Step 9 ) The following image AIOWPS Logs allows you to select and view the following options.
Click on the following link Settings to continue configuring the plugins settings.
If you have any questions please let me know.