Jun 032014
 

All In One WP Security And Firewall Dashboard tutorial helps you setup this great and powerful plugin which covers many WordPress security areas.

Last Updated: September 12, 2017

Latest News: I have updated the information below and removed the menu.

This post shows you the display on the top of the menu list and talks about the dashboard in the plugin. This dashboard will show you some activities that have been going on in the background while you weren’t logged in as admin. This comes in handy and helps you investigate up front if there has been some unnatural fishy activities on your website.

The plugin dashboard is the first area you should check every time you log in as the administrator.

All In One WP Security And Firewall Dashboard Steps

Step 1 ) Click on WP Security -> Dashboard to view the following options. See image below.

all-in-one-wp-security-dashboard-new

The Dashboard has three tabs for you to view your current set up and your system information. This is extremely important because it will reveal your current weaknesses.

  • Dashboard
  • System Info
  • Locked IP Addresses
  • Permanent Block List (Added in version 4.0.4)
  • AIOWPS Logs (Added in version 3.9.1)

Note: The permanent block list was recently added to cater for the following:

– auto blocking of comment spammers – see the SPAM Prevention -> Comment SPAM IP Monitoring tab. You can enable auto blocking of comment spammer IPs based on minimum spam comments they produce.

– spammers who register for wordpress accounts and are manually blocked by the administrator – See the User Registration -> Manual Approval tab. If the manual approval checkbox is selected, this tab will list those users pending approval and you can block selected IP addresses permanently.

In future releases the permanent block list will also serve as a general IP blocking list similar to the blacklist but the difference is that the blacklist uses only .htaccess directives to block IPs whereas the permanent block list works at the PHP level independent of .htaccess.
In other words the permanent block list will be an alternative to the blacklist and will cater for people who don’t have an Apache style server installation. (Quoted by wpsolutions)

Security Strength Meter

Step 2 ) The following image Security Strength Meter and Security Points Breakdown shows you what has being enabled, your security strength level and what percentage it covers on your website. A visual display like this is very important for those who don’t know much about website security settings and what they represent.

  • Security Strength Meter is currently showing that this website has 50 security strength setup out of 480.
  • Security Points Breakdown shows you the overall percentage and the different levels of security set up.

Information: The above entries is just an example of how to manage your security settings. Your settings will be different to this and hopefully have a much higher point and percentage set up.

all-in-one-wp-security-meter-break-points-new

Step 3 ) The following image Critical Feature Status shows you straight away some of the most critical security settings that should be implemented straight away on your website.

Important: If any of the security settings below are currently displaying as OFF then you should immediately investigate except Maintenance Mode.

  • Admin Username
  • Login Lockdown
  • File Permission
  • Basic Firewall
  • Maintenance Mode (This one should be set to OFF unless you are currently working on your website and don’t want visitors to view your website)

all-in-one-wp-security-crytical-features

Step 4 ) The following image Logged In Users lets you know if there are other users logged into your website.

all-in-one-wp-security-logged-users

Step 5 ) The following image Locked IP Addresses lets you know if anyone has being locked out from your website.

all-in-one-wp-security-locked-ip-address

Step 6 ) The following image Last 5 Logins displays who was logged in the last 5 times.

all-in-one-wp-security-last-logins

System Info Tab

Step 7 ) The following tab System Info lets you know your current sever settings. This is vital information when you come across compatibility problems between plugins and your theme.

System Info Tab

  • Site Info
  • PHP Info
  • Active Plugins

Locked IP Addresses Tab

Step 8 ) The Locked IP Addresses tab lets you view all the IP addresses that have been added from login attempts by users.

Step 8-a ) The following image shows two options that you can carry out when IP addresses have been locked out. You can select whether to Unlock or Delete the locked out IP address.

Difference Between Unlock and Delete

  • “Unlock” will unlock the IP range and also keep this record in the database.
  • “Delete” will unlock the IP range but it will delete that record from the database.

Sometimes people want to keep medium or long term records of all locked IP ranges and the corresponding data for investigation purposes which is why we have the unlock command. If you simply want to unlock an address and don’t want to keep that record in the DB then use the delete option.

PS: The developers in the near future will improve the unlock table so you can also see the previously unlocked records which are still in the DB. In the meantime you can view these records via PHPMyAdmin.

all-in-one-wp-security-system-bulk-action

AIOWPS Logs Tab

Step 9 ) The following image AIOWPS Logs allows you to select and view the following options.

  • wp-security-log
  • wp-security-log-cron-job

all-in-one-wp-security-system-aiowps-logs

Click on the following link Settings to continue configuring the plugins settings.

If you have any questions please let me know.

Enjoy.

All In One WP Security & Firewall Plugin Tutorial List

Manuel Ballesta RuizManuel Ballesta Ruiz is a web developer, Blogger and WordPress Enthusiast.

  6 Responses to “All In One WP Security And Firewall Dashboard”

  1. Using your latest version, the Import/Export tab is missing. How do I enable this?

    Plugin Version: 3.7.7
    WP Version: 3.9.1
    WPMU: No
    MySQL Version: 5.5.37

    • Hi Bob, thank you for your question.

      Have you tried to deactivate all other plugins to see if the Import/Export tab shows? If that does not fix the problem, try one of WordPress default theme like Twenty Fourteen and see if works.

      Kind regards

  2. After re designing one of the sites with a new theme (Enigma) the site worked, and now when you try to view it shows the maintenance page and no one seems to be able to view the site. I have disabled the maintenance and have wiped the text on that page, but it still appears. It has been a week and don’t really want to switch the wp security off to test. Any idea?
    Thank you
    ps. It did the same with the old version of WP and as the last resort I have updated to the latest with no results

  3. Hello,

    You have a great plugin thank you, however yesterday I made some additional changes to your features, brute force to get a better score and today I can’t access my site. I get the 127 page. I looked in wp support and I watched the FTP video and deactivated all of my plugins but I still don’t have access and now I believe my entire site is down.

    You mentioned replacing the .htaccess file, but I’m not sure how to do this.

    Please can I get some advice, Thanks
    Dwight Pretulac
    951-536-1134

    • Hi Dwight Pretulac, thank you for your question. I did check your website above and your site is working.

      Please check the following link and focus on question 11.

      Once you have totally removed the plugin, install it again and don’t enable any of the Brute Force features. First disable all your other plugins except this one then activate the Brute Force feature you had problems with. Test to make sure it is working, if it is then start enabling one by one your other plugins and at the same time check to make sure you still have access. Carry out this until you come across the conflicting plugin.

      Let me know if you need more help.

      Regards

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)