There is valuable information in every organization or system that managers and executives are looking for different ways to preserve and protect this information. In WordPress, just as you are looking to increase your SEO and site traffic, you need to look for ways to protect it. But what is the best WordPress security plugin?
In this tutorial, we have provided you with one of the most powerful plugins to prevent WordPress hacking. This plugin is very powerful and as its name suggests, it has all the necessary things to ensure the security of WordPress in one place. This plugin is called All in one wp Security & Firewall.
But our goal today is not just to introduce this plugin. Rather, it is a complete tutorial on installing and running the All In One WP Security & Firewall plugin. Stay with us.
The best WordPress security plugin
With the spread of the web daily, many sites are being attacked by hackers. WordPress is indeed secure, but security in any system is not 100%. You can use the solutions to this content management system to become a completely secure environment for the growth of your Internet business. Whatever type of website you have, you need to keep it safe.
After launching a website, the security of your site is very important and you are responsible for providing this security for your site. Your site may be hacked for a variety of reasons, which we have described in previous articles. Sending spam, taking up server space, using user information, and. Can be among the various reasons for hacker attacks on you.
Installing various security plugins can be a very useful step to prevent these attacks. Security plugins provide a secure platform for your website. To be able to continue the activity of your site, you must consider its security.
Also keep in mind that to always maintain your site information, you need to make constant backups of your site.
All in One WP Security & Firewall settings
First, you need to install the plugin on your site. To do this, go to Plugins > Add Plugin and then enable it. For more information on how to install the plugin, you can read the plugin installation tutorial. After installing the plugin, a new section called WordPress Comprehensive Security will be added to your WordPress site admin panel.
This plugin can be very effective for your site and you can safely use it to secure your site. Using this plugin, you can easily prevent hackers from infiltrating your site. With this security plugin, you can use various items such as user account information, securing site files, increasing the security of the login and registration section, and among the very important and useful actions that this plugin will provide to you.
To learn the settings of this plugin, you must see this tutorial to the end. In fact, the settings of this plugin include various sections that we will teach you to work with these settings in this article, respectively.
The most important part of this section is the security of your WordPress, which shows the security of your WordPress site. Do not worry at all if the security of your site is low. ? Because by reading the rest of this article, you can increase it to a great extent. In this section, you can see general information. This information is displayed in the form of a chart for you.
WordPress Security Plugin Settings
This section is the best security plugin including backing up your original WordPress site files and backing up your WordPress database. Of course, we recommend that you make sure you have WordPress backup before you start working with this plugin. This way you can save your site information in different situations.
The second and third tabs are not very important and allow you to make changes to the .htaccess and Wp-Config.php files.
Remove generator meta in WordPress
The WordPress meta information section allows you to delete constructive meta. This meta is displayed in your site code and exposes the WordPress version of your site to the public. Now if you haven’t updated the site in a few months; Definitely hackers will know that your WordPress version is old. For example, this is a very important security issue in WordPress 4.2 that we talked about yesterday. So by removing this line from your site code you can make WordPress more secure than before.
The Import / Export section is for the output and input of this plugin.
This section includes securing user accounts on your site. This section tells you what accounts are at risk for you and should not be logged into your site. You can identify suspicious accounts here.
Change Admin username in WordPress
With this section, you can directly change the Admin username without deleting or adding users. If there is no security issue in this case and there is no account with an Admin username on your site, the following figure will be displayed for you:
This section is used for more security in identifying the username of the administrator and authors of the site. For example, when the author comments or posts on your site; In the comment or post information section, the username of the administrator and author is displayed.
In this way, hackers can easily find the username of the administrator or author and enter the site with it. That is, hackers only need to guess the site password. But if the author’s name is displayed instead of the username; For example, if “Reza Hosseini Rad” is displayed instead of Admin. In this case, it becomes more difficult for the hacker to guess the username. The hacker now needs both a User and a Password to log in to your site.
It should be noted that this can be changed from the profile of each user. If your site does not have a security issue in this case, the following image message will be displayed for you:
Show password strength
As you know, choosing a strong and standard password on your site is very important. Once you have done that you can try it out here. In fact, in the password tab, you can measure the strength of the password you have chosen for your site by entering the password.
The fourth part is the user login; Provides you with WordPress login form security. This part of the settings includes different parts that we have explained to you here:
Prevent Brute Force Attack with the best security plugin
One of the most important things to keep in mind is that you must check the use of the login feature. Enable this option so that if a user fills in the login form information more than once incorrectly, the person’s IP will be banned and this IP will be prevented from entering your site for a while.
The maximum login section then determines the number of times the user is allowed to fill in the login form. This way, no more than a certain number of people can enter the wrong password and username on the login page.
The time period determines the amount of time to enter; That the user has to wait after entering the wrong information.
It actually determines the period of re-locking when the user is sanctioned.
There is another security issue in WordPress that this plugin can fix; That is, after entering the wrong username, the wrong username message is displayed to the user. The hacker thus detects that he has entered the wrong username. You must enable public error message display; If the user also enters the wrong username, a username or password message will be displayed.
In addition, the email notification section allows you to be notified of unsuccessful email logins.
Automatic user exit from WordPress
Another part that helps you a lot is the automatic exit of the user from WordPress. You can use the forced exit tab to set a time period for the user to leave the site automatically after the specified time has elapsed and the user needs to log in again. Inactivity of the user in a certain period of time will lead to his forced departure from the site.
View logged in users
This tab shows all users who are currently on your site. With this feature, if you are suspicious of one or more users on your site, you can remove their IP address from the table below and blacklist your site.
The next part is the registration. This section allows you to use Captcha to subscribe to your site and skip this if you have disabled registration from Settings> Public. This section has the ability to prevent spammers or bots from entering your site. Captcha code adds another piece of security to your site.
Your WordPress database is the most important part of your site. Because the valuable part of your site information is in that part. Databases are also a target for hackers who target specific tables through SQL Injections or automated malicious code.
One way to protect the database is to change the WordPress prefix for tables, “wp_”, to something difficult for hackers to guess. This feature in this system allows you to easily change the database prefix. You can use your own prefix or a random prefix in this plugin.
You must click to change the database prefix to change your site database prefix automatically. This way you can be safe from hackers.
The second tab is for backing up the database, which does the same job as the WP DB Backup plugin for your site.
قسمت هفتم: امنیت فایلهای سیستم
There are several files on your site, each with different access levels. You need to make sure that the file access level of your site is secure. This part of the plugin helps you identify files that have an insecure access level. This part is made up of different tabs, each of which is to do different things in this part.
This section checks the access level of all your website files and determines the Chmod files and folders of your WordPress site according to the permissions that are standard and suggested by the plugin.
This section disables the ability to change PHP files from the WordPress admin panel. Of course, we do not recommend that you enable this section.
WP Files Access
This feature prevents access to files such as Readme.html license.txt and Wp-Config-Sample.php. Keep in mind that these files come with every WordPress version. By preventing access to these files, you are hiding some key information (such as the WordPress version) from hackers, which is very useful to you.
System Log Files
This section shows you the Error_log file; By which you can find the errors on your site and fix them.
Using the Whois section, you can get information about IPs that you suspect.
In this section, you can block IPs that you do not want access to your site. So enter the IPs that are suspicious in this field.
First of all, consider backing up your database and .htaccess file before using a firewall or firewall. We suggest you activate all parts of this section. Because they are efficient for you. This allows you to create a very powerful firewall for your site. This section prevents malicious scripts from entering.
This section deals with Brute Force attacks, in which most hackers attempt to destroy the destination site. Therefore, this part is very important. This section consists of 2 important sections that we will review.
Rename Login Page Settings
This option allows you to change the Wp-Admin folder to any address you like. Finding this folder is not easy for a hacker to use.
In this section, it adds a captcha code to the WordPress admin panel to secure it, which will have a great impact on the security of your website.
This part of the plugin prevents spam on your site by adding a captcha code to the WordPress comments submission form. Of course, for the convenience of your site users, I suggest you use WordPress Akismet.
This is the part that will have the least use in this plugin; However, it scans your WordPress site files once in a while and notifies you if the files have changed.
WordPress Maintenance Mode
This section, as its name implies, activates the repair and under construction mode of your WordPress site and displays your site only for administrators.
This section is the latest features available in the WordPress Comprehensive Security Plugin, which allows you to do the following two:
Prevent Right Click
By activating the first tab, you can prevent right-clicking and copying of your site content. In this way, people do not register your content with their name on other sites.
This section is for webmasters who do not want their site to be displayed on spammer sites. This means disabling your site display in iFrame format. This means that you can do what the IFrame Catcher plugin did for you with the best WordPress security plugin.
be successful and victorious. 🙂