Jun 032014

All In One WP Security And Firewall Dashboard tutorial helps you setup this great and powerful plugin which covers many WordPress security areas.

Last Updated: November 20, 2017

Latest News: I have updated the information below and removed the menu.

This post shows you the display on the top of the menu list and talks about the dashboard in the plugin. This dashboard will show you some activities that have been going on in the background while you weren’t logged in as admin. This comes in handy and helps you investigate up front if there has been some unnatural fishy activities on your website.

The plugin dashboard is the first area you should check every time you log in as the administrator.

All In One WP Security And Firewall Dashboard

Step 1 ) Click on WP Security -> Dashboard to view the following options. See image below.


The Dashboard has three tabs for you to view your current set up and your system information. This is extremely important because it will reveal your current weaknesses.

  • Dashboard
  • System Info
  • Locked IP Addresses
  • Permanent Block List (Added in version 4.0.4)
  • AIOWPS Logs (Added in version 3.9.1)

Note: The permanent block list was recently added to cater for the following:

– auto blocking of comment spammers – see the SPAM Prevention -> Comment SPAM IP Monitoring tab. You can enable auto blocking of comment spammer IPs based on minimum spam comments they produce.

– spammers who register for wordpress accounts and are manually blocked by the administrator – See the User Registration -> Manual Approval tab. If the manual approval checkbox is selected, this tab will list those users pending approval and you can block selected IP addresses permanently.

Security Strength Meter

Step 2 ) The following image Security Strength Meter and Security Points Breakdown shows you what has being enabled, your security strength level and what percentage it covers on your website. A visual display like this is very important for those who don’t know much about website security settings and what they represent.

  • Security Strength Meter in this example it is showing a score of 105 out of 500.
  • Security Points Breakdown shows you the overall percentage and the different levels of security set up.

Information: The above entries is just an example of how to manage your security settings. Your settings will be different to this and hopefully have a much higher point and percentage set up.


Step 3 ) The following image Critical Feature Status shows you straight away some of the most critical security settings that should be implemented straight away on your website.

Important: If any of the security settings below are currently displaying as OFF then you should immediately investigate except Maintenance Mode.

  • Admin Username
  • Login Lockdown
  • File Permission
  • Basic Firewall
  • Maintenance Mode (This one should be set to OFF unless you are currently working on your website and don’t want visitors to view your website)


Step 4 ) The following image Logged In Users lets you know if there are other users logged into your website.


Step 5 ) The following image Locked IP Addresses lets you know if anyone has being locked out from your website.


Step 6 ) The following image Last 5 Logins displays who was logged in the last 5 times.


System Info Tab

Step 7 ) The following tab System Info lets you know your current sever settings. This is vital information when you come across compatibility problems between plugins and your theme.

System Info Tab

  • Site Info
  • PHP Info
  • Active Plugins

Locked IP Addresses Tab

Step 8 ) The Locked IP Addresses tab lets you view all the IP addresses that have been added from login attempts by users.

Step 8-a ) The following image shows two options that you can carry out when IP addresses have been locked out. You can select whether to Unlock or Delete the locked out IP address.

Difference Between Unlock and Delete

  • “Unlock” will unlock the IP range and also keep this record in the database.
  • “Delete” will unlock the IP range but it will delete that record from the database.

Sometimes people want to keep medium or long term records of all locked IP ranges and the corresponding data for investigation purposes which is why we have the unlock command. If you simply want to unlock an address and don’t want to keep that record in the DB then use the delete option.

PS: The developers in the near future will improve the unlock table so you can also see the previously unlocked records which are still in the DB. In the meantime you can view these records via PHPMyAdmin.


Permanent Block List

Step 9 ) The Permanent Block List tab lets you view all the IP addresses that have been blocked permanently in your site. To learn more about this feature you might like to read the following URL Spam Prevention.

Permanent block list serves as a general IP blocking list similar to the blacklist but the difference is that the blacklist uses only .htaccess directives to block IPs whereas the permanent block list works at the PHP level independent of .htaccess.

In other words the permanent block list will be an alternative to the blacklist and will cater for people who don’t have an Apache style server installation.


Step 10 ) The following image AIOWPS Logs allows you to select and view the following options.

  • wp-security-log
  • wp-security-log-cron-job


Click on the following link Settings to continue configuring the plugins settings.

If you have any questions please let me know.


All In One WP Security & Firewall Plugin Tutorial List

Manuel Ballesta Ruiz is a web developer, Blogger and WordPress Enthusiast.

  6 Responses to “All In One WP Security And Firewall Dashboard”

  1. Using your latest version, the Import/Export tab is missing. How do I enable this?

    Plugin Version: 3.7.7
    WP Version: 3.9.1
    WPMU: No
    MySQL Version: 5.5.37

    • Hi Bob, thank you for your question.

      Have you tried to deactivate all other plugins to see if the Import/Export tab shows? If that does not fix the problem, try one of WordPress default theme like Twenty Fourteen and see if works.

      Kind regards

  2. After re designing one of the sites with a new theme (Enigma) the site worked, and now when you try to view it shows the maintenance page and no one seems to be able to view the site. I have disabled the maintenance and have wiped the text on that page, but it still appears. It has been a week and don’t really want to switch the wp security off to test. Any idea?
    Thank you
    ps. It did the same with the old version of WP and as the last resort I have updated to the latest with no results

  3. Hello,

    You have a great plugin thank you, however yesterday I made some additional changes to your features, brute force to get a better score and today I can’t access my site. I get the 127 page. I looked in wp support and I watched the FTP video and deactivated all of my plugins but I still don’t have access and now I believe my entire site is down.

    You mentioned replacing the .htaccess file, but I’m not sure how to do this.

    Please can I get some advice, Thanks
    Dwight Pretulac

    • Hi Dwight Pretulac, thank you for your question. I did check your website above and your site is working.

      Please check the following link and focus on question 11.

      Once you have totally removed the plugin, install it again and don’t enable any of the Brute Force features. First disable all your other plugins except this one then activate the Brute Force feature you had problems with. Test to make sure it is working, if it is then start enabling one by one your other plugins and at the same time check to make sure you still have access. Carry out this until you come across the conflicting plugin.

      Let me know if you need more help.


 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>



The following GDPR rules must be read and accepted:
This form collects your name, email and content so that we can keep track of the comments placed on the website. For more info check our privacy policy where you will get more info on where, how and why we store your data.