All In One WP Security And Firewall Settings helps you setup the following options general settings, .htaccess file and much more.
Last Updated: July 22, 2021
Latest News: Updated the documentation.
This documentation helps you create backups, export and import plugin configuration settings, and much more. Keeping a system running in the event of an emergency is important. You know how easy it is for a security plugin to crash due to conflicts with other plugins, themes, and server settings. The settings menu will help you recover “aiowps” in case something goes wrong.
What you need:
All In One WP Security And Firewall Settings
Step 1 ) Go to WP Security -> Settings admin tab as illustrated in the image below.
Step 2 ) The following image Settings allows you to set up the following options.
- General Settings
- .htaccess File
- wp-config.php File
- WP Version Info
- Advanced Settings
Step 3 ) Go to WP Security -> Settings -> General Settings to set up the following options.
General Settings Options
- Backup your database
- Backup .htaccess file
- Backup wp-config.php file
Important: It is important to backup the above files when you install the plugin. They are very important files for the functionality of your website. If they become corrupted you will lose access to your admin site and your website might crash as well.
Step 3-a ) In some case when you enable some security and firewall settings, they can corrupt your site, block you from having access to your site and clash with other plugins. This will allow you to reduce this by disabling the following options.
Step 3-b ) The following image Debug Settings allows you to control enabling or disabling the log files.
Note: This new feature controls the following log files wp-security-log.txt and wp-security-log-cron-job.txt. Found in the following folder /plugins/all-in-one-wp-security-and-firewall/logs/.
To view these log files go to WP Security -> Dashboard -> AIOWPS Logs.
Step 4 ) Go to WP Security -> Settings -> .htaccess File as illustrated in the image below to implement the following options.
.htaccess File Options
- Click on Backup .htaccess File button to create a backup.
- Click on Select Your htacces File button to select your backup file.
- Click on Restore .htaccess File button to Restore the backup file selected.
Step 5 ) Go to WP Security -> Settings -> wp-config.php File as illustrated in the image below to set up the following options.
wp-config.php File Options
- Click on Backup wp-config.php File button to create a backup.
- Click on Select Your wp-config.php File button to select your backup file.
- Click on Restore wp-config.php File button to Restore the backup file selected.
WP Version Info
Step 6 ) Go to WP Security -> Settings -> WP Version Info as illustrated in the image below to set up the following option.
WP Generator Meta Info Settings
- Remove WP Generator Meta Info:
WP Generator Meta Info adds 5 point score towards your security meter. (Basic Security Level)
Q1 What does this feature actually protect when viewing the browser page source code?
Answer: Currently this feature will remove the WP core version info and not other version information such as plugin/theme version.
For example: as well as removing the wp generator tag it will also modify the src links for js and css files to remove wp version. Example:
when feature is turned off the src link might look like this:
<link rel=’stylesheet’ id=’jquery-ui-style-css’ href=’//ajax.googleapis.com/ajax/libs/jqueryui/1.11.0/themes/smoothness/jquery-ui.css?ver=5.2.3′ type=’text/css’ media=’all’ />
And when the feature is turned on the wp version will be obscured as follows:
<link rel=’stylesheet’ id=’jquery-ui-style-css’ href=’//ajax.googleapis.com/ajax/libs/jqueryui/1.11.0/themes/smoothness/jquery-ui.css?ver=74b65cd810ffdedc651b19fd8155b772′ type=’text/css’ media=’all’ />
The IP Retrieval Settings allow you to specify which $_SERVER global variable you want this plugin to use to retrieve the visitor IP address. By default this plugin uses the $_SERVER[‘REMOTE_ADDR’] variable to retrieve the visitor IP address. This should normally be the most accurate safest way to get the IP. However in some setups such as those using proxies, load-balancers and CloudFlare, it may be necessary to use a different $_SERVER variable.
You can use the settings below to configure which $_SERVER global you would like to use for retrieving the IP address.
Step 7 ) Go to WP Security -> Settings -> Advanced Settings as illustrated in the image below to set up the following options.
These settings are related to the global web server array: $_SERVER. See link below for more information.
So when you choose one of these features from the dropdown menu in the aiowps plugin, it will look in the $_SERVER variable to retrieve the value if it exists.
Note: In most cases the default settings will work just fine. Only make changes here if you are using proxies, load-balancers, CloudFlare and you know what you are doing.
Information: If you need to customize the rules in this feature using Custom Rules tab, read the following forum post. Someone posted a solution that might assist you.
IP Retrieval Settings Options
- REMOTE_ADDR = Default setting.
- HTTP_CF_CONNECTING_IP = Note: Try this option first if you use CloudFlare services.
- HTTP_X_FORWARDED_FOR = Note: Try this option if you have conflicts with SEO plugins and or sitemap. Check the following link forum post to learn more.
- Click on Save Settings button when you are finished.
Click on the following link User Accounts to continue configuring the plugins settings.
If you have any questions please let me know.
All In One WP Security & Firewall Plugin Tutorial List