All In One WP Security And Firewall Settings

 Security
Aug 082014
 

All In One WP Security And Firewall Settings  helps you setup the following options general settings, .htaccess file, import/ export and much more.

Last Updated: September 18, 2019

Latest News: I updated the documentation.

All In One WP Security And Firewall Settings

Step 1 ) Go to WP Security -> Settings admin tab as illustrated in the image below.

aiowps-settings-admin-menu

Settings

Step 2 ) The following image Settings allows you to set up the following options.

Settings Options

  • General Settings
  • .htaccess File
  • wp-config.php File
  • WP Version Info
  • Import/Export
  • Advanced Settings

all-in-one-wp-security-and-firewall-admin-settings

General Settings

Step 3 ) Go to WP Security -> Settings -> General Settings  to set up the following options.

General Settings Options

  • Backup your database
  • Backup .htaccess file
  • Backup wp-config.php file

Important: It is important to backup the above files when you install the plugin. They are very important files for the functionality of your website. If they become corrupted you will loose access to your admin site and your website might crash as well.

Step 3-a ) In some case when you enable some security and firewall settings, they can corrupt your site, block you from having access to your site and clash with other plugins.  This will allow you to reduce this by disabling the following options.

all-in-one-wp-security-disable-security

Step 3-b ) The following image Debug Settings allows you to control enabling or disabling the log files.

Note: This new feature controls the following log files wp-security-log.txt and wp-security-log-cron-job.txt. Found in the following folder /plugins/all-in-one-wp-security-and-firewall/logs/.

To view these log files go to WP Security -> Dashboard -> AIOWPS Logs.

all-in-one-wp-security-plugin-debug-settings

==============================

.htaccess File

Step 4 ) Go to WP Security -> Settings -> .htaccess File as illustrated in the image below to implement the following options.

.htaccess File Options

  • Click on Backup .htaccess File button to create a backup.
  • Click on Select Your htacces File button to select your backup file.
  • Click on Restore .htaccess File button to Restore the backup file selected.

==============================

wp-config.php File

Step 5 ) Go to WP Security -> Settings -> wp-config.php File as illustrated in the image below to set up the following options.

wp-config.php File Options

  • Click on Backup wp-config.php File button to create a backup.
  • Click on Select Your wp-config.php File button to select your backup file.
  • Click on Restore wp-config.php File button to Restore the backup file selected.

==============================

WP Version Info

Step 6 ) Go to WP Security -> Settings -> WP Meta Info as illustrated in the image below to set up the following option.

WP Version Info Settings

  • WP Generator Meta Info and gain 5 point score towards your security meter. (Basic Security Level)

all-in-one-wp-security-remove-wp-generator

FAQ

Q1 What does this feature actually protect when viewing the browser page source code? 

Answer: Currently this feature will remove the WP core version info and not other version information such as plugin/theme version.

For example: as well as removing the wp generator tag it will also modify the src links for js and css files to remove wp version. Example:
when feature is turned off the src link might look like this:

<link rel=’stylesheet’ id=’jquery-ui-style-css’ href=’//ajax.googleapis.com/ajax/libs/jqueryui/1.11.0/themes/smoothness/jquery-ui.css?ver=5.2.3′ type=’text/css’ media=’all’ />

And when the feature is turned on the wp version will be obscured as follows:

<link rel=’stylesheet’ id=’jquery-ui-style-css’ href=’//ajax.googleapis.com/ajax/libs/jqueryui/1.11.0/themes/smoothness/jquery-ui.css?ver=74b65cd810ffdedc651b19fd8155b772′ type=’text/css’ media=’all’ />

==============================

Import/Export

Step 7 ) Go to WP Security -> Settings -> Import/Export as illustrated in the image below to import and export the plugins settings.

Note: The import process works in the following manner. If you change or loose your settings then you can import the settings you exported earlier. However if you see the following message Import AIOWPS settings from file operation failed!, that means there is no changes in the plugin settings and the import is not needed.

all-in-one-wp-security-import-export

Step 7-a ) The following image allows you to export your settings locally. This saves you a lot of time especially if you are going to implement the same settings on many websites.

Export Settings

  • Click on the following Export AIOWPS Settings button as illustrated in the following image. This allows you to export your settings locally to your computer.

all-in-one-wp-security-export-settings-button

Step 7-b ) The following image Import AIOWPS Settings allows you to carry out the following option.

Import Settings

  • Click on Select Your Import Settings File button.
  • You can also choose to Copy/Paste Import Data:.
  • Click on Import AIOWPS Settings button as illustrated in the following image. This allows you to import your settings.

all-in-one-wp-security-import-aiowps-settings

==============================

Advanced Settings

Step 8 ) Go to WP Security -> Settings -> Advanced Settings as illustrated in the image below to set up the following options.

These settings are related to the global webserver array: $_SERVER. See link below for more information.

https://www.php.net/manual/en/reserved.variables.server.php

So when you choose one of these features from the dropdown menu in the aiowps plugin, it will look in the $_SERVER  variable to retrieve the value if it exists.

Note: In most cases the default settings will work just fine. Only make changes here if you are using proxies, load-balancers, CloudFlare and you know what you are doing.

Information: If you need to customize the rules in this feature using Custom Rules tab, read the following forum post. Someone posted a solution that might assist you.

Advanced Settings Options

  • REMOTE_ADDR = Default setting.
  • HTTP_CF_CONNECTING_IP = Try this option first if you use CloudFlare services.
  • HTTP_X_FORWARDED_FOR
  • HTTP_X_FORWARDED
  • HTTP_CLIENT_IP
  • Click on Save Settings button when you are finished.

all-in-one-wp-security-plugin-advanced-settings-admin

Click on the following link User Accounts to continue configuring the plugins settings.

If you have any questions please let me know.

Enjoy.

All In One WP Security & Firewall Plugin Tutorial List

Share this post:

PinterestLinkedin
I have been working in IT since 1999 and I enjoy the challenges it brings me. I love developing websites with WordPress. I spend a lot of time helping out in wordpress.org forums. I have been writing tutorials since 2011. Now I am learning how to manage my own VPS "Virtual Private Server.

  2 Responses to “All In One WP Security And Firewall Settings”

  1. andre bdseo.ru says:
    July 23, 2018 at 2:51 am

    hi, when i activated “rename page of login” on wp-admin/admin.php?page=aiowpsec_brute_force&tab=tab1 , i get 500 error (site works ok, but http://site.com/NEWPAGE_LOGIN return 500 error. when i deactivated NEWPAGE_LOGIN, its all ok.
    whats problem? =)

    Reply
    • Webmaster says:
      July 23, 2018 at 9:04 am

      Hi, if you activated the Rename Login Page feature you need to enter the following yoursite.com/secretword to log into your site. You cannot use /wp-login.php or /wp-admin.php any more. Is this what you are referring too?

      Regards

      Reply

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)