All In One WP Security And Firewall Settings helps you setup the following options general settings, .htaccess file and much more.
Last Updated: October 2, 2022
Latest News: Updated the documentation.
This documentation helps you create backups, export and import plugin configuration settings, and much more. Keeping a system running in the event of an emergency is important. You know how easy it is for a security plugin to crash due to conflicts with other plugins, themes, and server settings. The settings menu will help you recover “aiowps” in case something goes wrong.
What you need:
All In One WP Security And Firewall Settings
Step 1 ) Go to WP Security -> Settings admin tab as illustrated in the image below.
Settings
Step 2 ) The following image Settings illustrates the different tabs that allows you to set up and configure the following options.
Settings Options
- General Settings
- .htaccess File
- wp-config.php File
- Delete Plugin Settings
- WP Version Info
- Import/Export
- Two Factor Authentication
General Settings
Step 3 ) Go to WP Security -> Settings -> General Settings tab to set up the following options.
General Settings Options Part 1
- Backup your database
- Backup .htaccess file
- Backup wp-config.php file
Important: It is important to backup the above files when you install the plugin. They are very important files for the functionality of your website. If they become corrupted you will lose access to your admin site and your website might crash as well.
Disable Security Features
Step 3-a ) The following image Disable Security Features allows you to disable all the security features.
Disable All Firewall Rules
Step 3-b ) The following image Disable All Firewall Rules allows you to disable all firewall rules which are currently active in your site.
Reset Settings
Step 3-c ) The following image Reset Settings allows you to delete all the settings in the plugin.
Debug Settings
Step 3-d ) The following image Debug Settings allows you to enable or disable the log files.
Note: This new feature controls the following log files wp-security-log.txt and wp-security-log-cron-job.txt. Found in the following folder /plugins/all-in-one-wp-security-and-firewall/logs/.
To view these log files go to WP Security -> Dashboard -> AIOWPS Logs.
==============================
.htaccess File
Step 4 ) Go to WP Security -> Settings -> .htaccess File tab as illustrated in the image below to manage the .htaccess file.
Step 4-a ) The following image allows you to set up the following options.
.htaccess File Options
- Click on Backup .htaccess File button to create a backup.
- Click on Select Your htacces File button to select your backup file.
- Click on Restore .htaccess File button to Restore the backup file selected.
==============================
wp-config.php File
Step 5 ) Go to WP Security -> Settings -> wp-config.php File as illustrated in the image below to manage the wp-config.php file.
Step 5-a ) The following image allows you to set up the following options.
wp-config.php File Options
- Click on Backup wp-config.php File button to create a backup.
- Click on Select Your wp-config.php File button to select your backup file.
- Click on Restore wp-config.php File button to Restore the backup file selected.
==============================
Delete Plugin Settings
Step 6 ) Go to WP Security -> Settings -> Delete Plugin Settings tab as illustrated in the image below to set up the following option.
These features allow you to delete the database and plugins settings when you deactivate the plugin. This can help you if you run into all sorts of trouble. By enabling both features you will start from scratch when you activate the plugin again. It is as if you have never installed the plugin at all. This is great for troubleshooting.
Manage delete plugin tasks options
- Delete database tables:
- Delete settings:
WP Version Info
Step 7 ) Go to WP Security -> Settings -> WP Version Info tab as illustrated in the image below to set up the following option.
WP Generator Meta Info Settings
- Remove WP Generator Meta Info:
- Click on Save Settings button once you complete this option.
WP Generator Meta Info adds 5 point score towards your security meter. (Basic Security Level)
FAQ
Q1 What does this feature actually protect when viewing the browser page source code?
Answer: Currently this feature will remove the WP core version info and not other version information such as plugin/theme version.
For example: as well as removing the wp generator tag it will also modify the src links for js and css files to remove wp version. Example:
when feature is turned off the src link might look like this:
<link rel=’stylesheet’ id=’jquery-ui-style-css’ href=’//ajax.googleapis.com/ajax/libs/jqueryui/1.11.0/themes/smoothness/jquery-ui.css?ver=5.2.3′ type=’text/css’ media=’all’ />
And when the feature is turned on the wp version will be obscured as follows:
<link rel=’stylesheet’ id=’jquery-ui-style-css’ href=’//ajax.googleapis.com/ajax/libs/jqueryui/1.11.0/themes/smoothness/jquery-ui.css?ver=74b65cd810ffdedc651b19fd8155b772′ type=’text/css’ media=’all’ />
Import/Export
Step 8 ) Go to WP Security -> Settings -> Import/Export to set up and manage the importing and exporting of the settings in the plugin. Refer to the following link aiowps-import-export-settings to learn more.
==============================
Advanced settings
Step 9 ) Go to WP Security -> Settings -> Advanced settings tab to manage the advanced settings.
Step 9-a ) The following image allows you to set up the following options.
IP Address detection settings
- Choose a $_SERVER variable you would like to detect visitors’ IP address using.
- Click on Save Settings button once you complete this option.
==============================
Two Factor Authentication
Step 10 ) Go to WP Security -> Settings -> Two Factor Authentication as illustrated in the image below to set up the following options.
Two Factor Authentication User Roles Options
- Default WordPress User Roles
- Administrator
- Editor
- Author
- Contributor
- Subscriber
- Other Plugins User Roles (Note: In your site you might have different user roles available from other plugins.)
- FDP Manager
- FDP Viewer
- Click on Save Changes button once you complete this option.
XMLRPC requests
Step 10-a ) The following image XMLRPC requests allows you to configure the following options.
Two Factor Authentication XMLRPC requests Options
- Do not require 2FA over XMLRPC (best option if you must use XMLRPC and your client does not support 2FA)
- Do require 2FA over XMLRPC (best option if you do not use XMLRPC or are unsure)
- Click on Save Changes button once you complete this option.
XMLRPC requests
Step 10-b ) The following image XMLRPC requests allows you to configure the following options.
Two Factor Authentication XMLRPC requests Options
- TOTP (time based – most common algorithm; used by Google Authenticator)
- HOTP (event based)
- Click on Save Changes button once you complete this option.
============================
Click on the following link User Accounts to continue configuring the plugins settings.
If you have any questions please let me know.
Enjoy.
All In One WP Security & Firewall Plugin Tutorial List
I have been working in IT since 1999 and I enjoy the challenges it brings me. I love developing websites with WordPress. I spend a lot of time helping out in wordpress.org forums. I have been writing tutorials since 2011. Now I am learning how to manage my own VPS "Virtual Private Server.
hi, when i activated “rename page of login” on wp-admin/admin.php?page=aiowpsec_brute_force&tab=tab1 , i get 500 error (site works ok, but
http://site.com/NEWPAGE_LOGINreturn 500 error. when i deactivated NEWPAGE_LOGIN, its all ok.whats problem? =)
Hi, if you activated the Rename Login Page feature you need to enter the following yoursite.com/secretword to log into your site. You cannot use /wp-login.php or /wp-admin.php any more. Is this what you are referring too?
Regards