Security is one of the important factors in running a WordPress site. Fortunately, there are many free and paid services available to protect your website and prevent hackers and malicious attacks.
In this article, we will discuss how to secure your WordPress site with the All in One WP Security & Firewall plugin.
Why All in One WP Security & Firewall plugin?
There are many popular security plugins available, but “All in One WP Security & Firewall” is the only one that provides most of the required features completely free.
The plugin has over 400k active installs.
Regularly updated and compatible with the latest WordPress versions.
Nearly 5 star ratings from over 450 users.
Decent online support on forums.
Install and activate plugins
Navigate to the “Plugins > Install Plugins” section on the WordPress admin dashboard and search for “All in one WP Security” to find the plugin.
Once the plugin is installed and activated, it will create a menu item called “WP Security”. It provides exhaustive options under different categories to secure your WordPress site.
How does this work?
The plugin works with a points system and provides points for each security setting. It adds a total of 470 points, and more points increase the security of your WordPress site. By enabling checkboxes, most options can be enabled with a single mouse click. You can click the “More Information” box to see more details and examples of this option.
Considerations before enabling any options
While security is important and the plugin will try to increase the score on the strength meter, every setting can have a detrimental effect on the readability of your site. It is also possible to conflict with other plugins and lock your own IP if the option is enabled by mistake. It is strongly recommended to prepare the following before enabling any security settings:
Backup your entire site and database.
Since the plugin creates entries in the .htaccess file, backing up the .htaccess file will help restore the original settings.
Backup the wp-config.php file.
Make sure you have FTP access to your hosting server. This will help replace files in an emergency.
In conclusion, back up all your site content and enable only the security options you need. It is also recommended to verify the accessibility of the website after enabling features such as firewall, user registration approval, etc.
The dashboard displays a strength meter that indicates the site’s safe point. These points also appear in the schedule, indicating the weight and distribution between options.
You can enable some options directly from the dashboard, such as maintenance mode, disabling the “admin” username, enabling basic firewall, and more. We recommend not enabling any settings directly on the Dashboard. Go to personal settings page and enable only when needed.
The following are additional details available on the Dashboard tab:
System Information – Shows full details of your WordPress installation, PHP version and active plugin details.
Locked IP Addresses – If this option is enabled under the User Login tab, a list of locked IP addresses is displayed.
Permanently Blocked List – Displays a list of IP addresses permanently blocked due to spam. This option can be enabled under “SPAM Prevention > Comment SPAM IP Monitoring”.
AIOWPS Logs – You can view the plugin’s security log files here.
The Settings tab provides backup and advanced options such as importing/exporting all settings for the plugin.
General Settings – Here you can disable all security features and firewall settings of the plugin with one click. This will be necessary when your website is broken by plugin settings. You can also enable/disable debug options for plugins.
.htaccess file – As mentioned in the Precautions section above, it is strongly recommended to back up your .htaccess file before enabling any security and firewall settings. You can also restore .htacess files from backups.
wp-config.php file – Similar to .htaccess file, under this tab you can backup and restore wp-config.php file.
WP Version Info – WordPress automatically generates a version number and displays it on every page using a meta tag. Displaying the version number is not a problem when you are using the latest WordPress version. However, if you haven’t updated to the latest version and are using any older versions, hackers can easily locate your site by looking up the version number. You can hide versions under this tab.
Import/Export – Import or export entire plugin settings.
You have three options in the User Accounts section.
WP Username – Here you can change the user named “admin” to your desired name.
Display Name – Check the list of users with the same login and display name. It is generally not recommended to use the same display name and login name to avoid hackers guessing the login name. This is not an important setting as it is easy to find the login just by checking the author of the article.
Passwords – Check the strength of your passwords and the meter will show how long it will take for a hacker to guess your password.