Nov 202020
 

All In One WP Security And Firewall FAQ post provides a list of FAQ questions many keep asking in the forum and more.

This is a list of common questions asked in wordpress.org support forum. I have created this list to help answer some of the most common questions people keep asking. If you can’t find an answer to your question please click the following link All In One WP Security And Firewall Support and create a support ticket. Someone will assist you as soon as possible.

What you need:

All In One WP Security And Firewall FAQ

Delete or Deactivate The Plugin

Q1 What happens if I deactivate the plugin will I lose all my settings?

Answer: No, you will not lose any settings upon deactivating AIOWPS – meaning you won’t need to re-configure the plugin again after you activate it again.

The plugin has built into it the intelligence to remove the security .htaccess rules when you deactivate it but it will still remember these settings when you re-activate the plugin, and as pointed out above, it will give you the choice to re-insert these rules back into the .htaccess file.

( Solution quoted by wpsolutions)

When you re-enable the plugin you will see the following message. Say yes to re-insert the rules you previously had set up in the plugin.

Would you like All In One WP Security & Firewall to re-insert the security rules in your .htaccess file which were cleared when you deactivated the plugin?

================

Q2 How do I completely delete the plugin from the site?

Answer: Follow the instructions below.

– FTP to your host and delete the plugin’s folder. Although this is normally carried out when you deactivate and delete the plugin as the website administrator.

– FTP the .htaccess file from your site to your computer and edit and remove all the code between and including the following tags: Make sure you upload the .htaccess file back into the same location you downloaded the file from via FTP.

# BEGIN All In One WP Security
# END All In One WP Security

– Log into phpMyAdmin and locate the database for the website you are working on. Look for any table entry with the following name aiowps and delete those tables. There should be 6 tables associated with this plugin, in addition to the options settings. There will also be other entries for transients and plugin version etc. The following is a list of tables and entries found in the database.

Note: You might like to check the following URL Remove All In One WP Security Database Tables to learn how to search for the plugins tables in your database.

| aiowps_events |
| aiowps_failed_logins |
| aiowps_global_meta |
| aiowps_login_activity |
| aiowps_login_lockdown |
| aiowps_permanent_block |
| commentmeta |
| comments |

-There are other aiowps settings saved in the WordPress “options” table, under the option name “aio_wp_security_configs”. You should also delete the “aio_wp_security_configs” row in the options table.

The above steps will deactivate and delete the plugin from your site. It will also completely remove the plugin’s tables from your database. This allows you to install and activate a fresh copy of the plugin again in your site.


Translations

Q1 What are the correct file name for your translated files?

Answer: Always name your .mo and .po files correctly. See the following Spanish Language Example:

  • all-in-one-wp-security-and-firewall-es_ES.po
  • all-in-one-wp-security-and-firewall-es_ES.mo

Make sure you add the files in the correct folder “all-in-one-wp-security/languages/” folder.

Note: The plugin languages are now coming from the following URL plugin translation page. So if you wish to translate the plugin into your language please click on the above link.


None Apache Servers

Important: Sites that are not hosted in Apache servers cannot activate the following features.

  • Firewall =- All rules
  • Enable Brute Force Attack Prevention:
  • Enable IP Whitelisting:
  • Block Spambots From Posting Comments:
  • Enable IP Whitelisting:
  • Enable IP or User Agent Blacklisting:
  • Prevent Access to WP Default Install Files:

Windows IIS Servers

Q1 Does it work with IIS servers?

Solution One: All features except those involving .htaccess rules should work ok in an IIS server.

AIOWPS currently only supports Apache-type servers for the features which need to write .htaccess directives – eg, Firewall features, Blacklist feature etc

Q2 How do I set up Pingback Protection: under Firewall -> Basic Firewall Rules when hosted on a Windows Server IIS (IIS 7.5 & Plesk 11)?

Solution One: Below is the IIS equivalent to the apache .htaccess rules for denying access to xmlrpc.php. ( Solution quoted by wpsolutions)

<security>
  <requestFiltering>
    <denyUrlSequences>
      <add sequence="xmlrpc.php" />
    </denyUrlSequences>
  </requestFiltering>
</security>

Nginx Servers

Q1 How can I disable xmlrpc via the firewall rules in Nginx servers?

Answer: Check the following support thread in the forum.

================

Q2 Are the following features compatible with Nginx servers?

Both features are listed under the “Brute Force” tab.

  1. “Rename Login Page”
  2. “Enable IP Whitelisting”

Answer: The “Rename Login Page” is independent of the type of web server because it works at the PHP level and is thus compatible with Nginx.

However the “Login whitelist” feature uses Apache directives to protect the login page and at this stage it is not compatible with Nginx. Check the following forum support thread.

================

Q3 How do I fix the issue with permalink settings in nginx when using “Rename Login Page” feature?

Answer: The “Rename Login Page Feature” works perfectly if the “Permalink Setting” is set to “Plain” but if you change the permalink to “Post name” you get a 404 error message in Nginx. Nginx does not understand the rewrite rules in the .htaccess file. The following forum post provides a solution submitted by one of the users.


Database Tables Information

Q1 I want to clean my AIOWPS tables which are getting quite large (especially global_meta). What is the best option to carry out?

(Solution provided by wpsolutions in the forum)

Solution 1: The plugin has a code which will periodically check the tables created by aiowps and it will cleanup any table which has more than 5000 rows, ie, the code will delete the oldest rows and keep the newest 5000. The “5000” rows is set as a default in the code but I have also added filters for this to allow you to be able to set your own value.

The filters can be found in the wp-security-backup.php file in the function called aiowps_scheduled_db_cleanup_handler.

The cleanup process is triggered once daily using the inbuilt WordPress “wp_schedule_event”.
One way to trigger the cleanup process immediately is to deactivate and activate the aiowps plugin which should kick off the scheduled event.

Solution 2: To use the filters you should not edit any of this plugin’s files but instead you will need to add some code to your theme’s functions.php file.
For example:

add_filter( 'aiowps_max_rows_event_table', 'change_table_rows_remaining', 10, 1 );
add_filter( 'aiowps_max_rows_failed_logins_table', 'change_table_rows_remaining', 10, 1 );
add_filter( 'aiowps_max_rows_login_attempts_table', 'change_table_rows_remaining', 10, 1 );
add_filter( 'aiowps_max_rows_global_meta_table', 'change_table_rows_remaining', 10, 1 );

function change_table_rows_remaining( $rows ) {
	return '1000';
}

The above will set the maximum number of rows to keep for all of the tables to 1000. Check the following support thread to learn more.

================

Q2 Which features require aiowps_global_meta table?

Solution: The table stores the file change detection data and other miscellaneous things such as unlock request keys for cases when someone is using a woocommerce login page. (Answer provided by wpsolutions in the forum)


IP Address Solutions

Q1 My IP address has been blocked by the plugin, how do I unblock myself?

Solution One: What you can do is the following, rename the plugin folder via FTP to something like all-in-one-wp-security-and-firewall-temp. Then log into your website again. Rename the plugin folder back to its original name. Enable the plugin and go to Dashboard -> Locked IP Addresses and unlock your IP address.

Solution Two: If you can’t log after trying the above solution please read the following thread Locked Out from the forum. This might help you get back into your site.

================

Q2 Is there anything outside of firewall rules that will also block IP address?

Solution One: Yes – the spam autoblock functionality does not use .htaccess firewall rules. It checks for IPs that are used to post comments which are marked as “spam” either by Akismet or manually by the admin of the site and if the same IP address has more than the allowed amount of “spam” comments, it will be blocked. (Solution provided by wpsolutions in the forum)

================

Q3 I am having issues with the Black list feature. I think it is not blocking the IP address I add. What can I do to test this feature?

Solution: To confirm if the blacklist feature works try using your IP address to block yourself temporarily.

1) Make sure you are logged into your server using FTP. This will be handy to unlock yourself if needed.

2) Log into WordPress admin panel and add your IP address to the blacklist settings.

3) Try accessing your site from a browser where you are not logged in.
You should be denied access. If not, then the apache directives are not working on your server.

(If things are working fine and you do get blocked, just FTP your .htaccess file from your server to your computer and edit that file and remove the part of the code which has your IP address and then FTP the file back to the server)

(Solution provided by wpsolutions.)


Miscellaneous

Q1 Does the plugin protect against SQL Injections?

Answer: Yes, the plugin protects against sql injections and more. Simply enable the following feature 6G Enable 6G Firewall Protection. To learn more about this feature click on the following URL All In One WP Security And Firewall Rules.

Note: As far as secure coding practices, this plugin is coded such that any user input it sends to the DB is securely sanitised and escaped against SQL injection attacks.

Having said that, you should be careful regarding which plugins you install on your site and make sure that you get them from reputable sources because not all plugins will have safe coding practices. (Note provided by wpsolutions in the forum)

================

Q2 Is there a limit to the number of IP addresses you can add to the Blacklist Manager in this plugin?

Answer: No

================

Q3 Does the plugin prevent DDos attacks?

Answer: No

================

Q4 Is the plugin compatible with Cloudflare?

Answer: Yes it should be compatible.
If using CloudFlare, one thing you should do is to make sure you set the IP Retrieval configuration to “HTTP_CF_CONNECTING_IP”. This setting can be found in: WP Security -> Settings -> Advanced Settings.

Q5 How do I write a Custom Rule to override an issue when I enable a plugin feature that writes to the .htaccess file?

Answer: Click on the following URL All In One WP Security And Firewall Custom Rules to learn how to create custom rules.

================

Q6 How can I reset the plugins settings?

Answer: Check the following instructions How To Reset AIOWPS Plugin.

================

Q7 My log files are getting too big, how do I fix this?

Answer: Disable debug setting and no more logs will be produced. (Go to WP Security -> Settings -> General Settings tab.)

================

Q8 How do I set up Brute Force feature in a WordPress Multi-site (WPMS) set up?

Answer: Click on the following URL securing WordPress multisite with AIOWPS plugin.

================

Q9 I would like to understand how is it possible that all settings are being saved when deactivating or deleting the plugin?

Solution One: The aiowps settings are saved in the WordPress “options” table, under the option name “aio_wp_security_configs”.

When you deactivate this plugin those settings are still in the options table and are available for use next time you activate the plugin.
If you wanted to start your installation from scratch, you could always delete the “aio_wp_security_configs” row in the options table and then re-configure the plugin again. (Solution provided by wpsolutions in the forum)

================

Q10 How to implement the new filter “aiowps_ip_blocked_error_msg”) added in version 4.1.0?

Solution One: Add the following function to your theme functions.php file. It is always best to use a child theme. Remember to replace ‘My custom error message!’ with your own message. (Solution by Chesio in the forum)

add_filter('aiowps_ip_blocked_error_msg', 'my_custom_message');
function my_custom_message($error_msg) { 
return 'My custom error message!'; 
}

================

Q11 The pages keep reloading over and over none stop?

Answer: Turn off the text selection and copy protection option. It seems like that feature is not working well with the current theme you are using.  (Answer provided by mra13)

================

Q12 After installing the plugin I can’t regenerate thumbnails or crop images anymore?

Solution: This is probably due to the 5G firewall rule – You can disable that rule if you wish after you copy and paste the rules locally in notepad running Windows operating system. You can then optionally tweak the 5G rules by making some modifications. Then simply create some custom firewall rules feature.

================

Q13 I am receiving too many IP address lock outs, I think my pingback protection is not working correctly. What do I do?

Answer: Click on the following URl Pingback Protection Settings.

================

Q14 How do I prevent WordPress default link lost your password from displaying when a users types the wrong password to login?

Solution: Enable the “Show generic error message”. This will replace the default WordPress message with the link to the backend to retrieve the password to a text message without a link

================

Q15 After enabling one of the Brute Force features I am still getting lots of attacks, how can I fixed this issue?

Solution One: Check and see if you have the following enabled. Go to WP Security -> Firewall -> Basic Firewall Rules, locate the following Enable Pingback Protection:.

================

Q16 What if you can’t log back into your website and you want to totally remove the plugin?

Answer: This is a youtube video created by the developers to help you totally remove the plugin and all entries in the database without login into your website.

================

Q17 The login lockout feature is locking users after only one failed attempt, regardless of the how many failed attempts it’s set to require. How can I stop this from happening?

Answer: If you have the following checkbox enabled the plugin will lock that visitor out after the first attempt if username is non-existent: ( Solution quoted by wpsolutions)

================

Q18 I get a 404 error message when I activate the plugin? How can I fix this issue?

Answer: Please check the following forum post. This might help you with this issue.

================

Q19 I get “The plugin was unable to write to the .htaccess file” when I click on save button in “Save Basic Firewall Settings”. How can I fix this issue?

Server and plugins specs.

  • AIO – Filesystem Security : all green
  • Running on CentOS7 with CWP
  • Apache/2.4.34
  • PHP version 7.2.8
  • WP version 5.0
  • AIO Version 4.3.7.2

Answer: For a possible solution you need to check your server configuration settings. Please check the following forum post to learn more.

If the above does not work make sure that you try again the steps above but this time do not restore the htaccess file settings.


I will be updating this post from time to time. So keep coming back for the latest FAQ. If you have a question please send me an e-mail or leave a comment.

Enjoy.

All In One WP Security & Firewall Plugin Tutorial List

I have been working in IT since 1999 and I enjoy the challenges it brings me. I love developing websites with WordPress. I spend a lot of time helping out in wordpress.org forums. I have been writing tutorials since 2011. Now I am learning how to manage my own VPS "Virtual Private Server.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

We use cookies in order to give you the best possible experience on our website. By continuing to use this site, you agree to our use of cookies.
Accept
Reject
Privacy Policy