Most of the new bloggers don’t realize the importance of securing their WordPress blog until they face hack attempt on their blog. It’s really embarrassing, when people start asking you “what’s wrong with your blog? I think It’s hacked”.
For many, the task of securing a WordPress blog is like a nightmare. The frequency of news related to hacking WordPress has decreased considerably as compared to what it was 4-5 years ago. It’s due to the availability of awesome security Plugins. When someone asks me about the security plugins for WordPress, i always recommend them a free plugin called All in One WP Security and Firewall . I am a big fan of this plugin and using it from last 1-1.5 years. According to me, it’s the best Security plugins which is free as well. Each setting is labelled with “Basic”, “Intermediate” and “Advanced”. In this post, i will discuss its other security features.
Also Read >> How to Create a Membership Site with WordPress?
- 1 How to Protect your WordPress Blog with All in One WP Security Plugin?
- 1.1 1. Dashboard Page
- 1.2 2. Settings Page
- 1.3 3. User Accounts
- 1.4 4. User Login Security
- 1.5 5. User Registration Settings
- 1.6 6. Database Security Settings
- 1.7 7. File System Security Settings
- 1.8 8. WHOIS Lookup
- 1.9 9. Blacklist Manager – Ban IPs or User Agents
- 1.10 10 . Firewall Settings
- 1.11 11. Prevention from Brute Force Attack
- 1.12 12. Prevent your WordPress Blog from Spammers
- 1.13 13. Additional Features
- 2 How to Install All in One WP Security & Firewall?
- 3 Video Demonstration
- 4 Final Thoughts
How to Protect your WordPress Blog with All in One WP Security Plugin?
All In One WP Security plugin is packed with so many security features. After Installing and Activating this plugin, you will see 15 setting options which shows the same. See below given screenshot:
1. Dashboard Page
From your Dashboard Page, you can quickly view the security status of your WordPress Blog. Have a look on the above screenshot. It is a screenshot of my other WordPress Blog. As you can see, the security score is just “40” out of “425”. It means, it can be improved. In this blog, I am using the default username of administrator i.e “admin”. Changing it will add “15” points.
As you can see in the above figure, there are two other tabs with label “System Info” and “Locked IP Addresses“. They give you information about your server and the IP addresses that have been locked.
You Might Also Like – Best Genesis Free Child Themes of 2014
2. Settings Page
Through “Settings” page, you can view “.htaccess” and “wp-config.php” files which are extremely important for any WordPress blog. You can backup or restored these files from this area as well. WordPress Generators automatically adds some meta information inside the “head” tags of every page on your site’s front end. Below is an example of this:
<meta name=”generator” content=”WordPress 3.5.1″ />
The above meta information shows which version of WordPress your site is currently running and thus can help hackers or crawlers scan your site to see if you have an older version of WordPress or one with a known exploit. You can remove this by clicking on “WP Meta Info” tab and then enabling the option “WP Generator Meta Info“.
Also Read >> How Nulled Themes can Destroy your Blogging Career?
3. User Accounts
By default, WordPress sets the administrator username to “admin”. All hackers are aware of this fact so they try to take advantage of this information by attempting “Brute Force Login Attacks” where they try to guess the password. From a security perspective, you should change the default “admin” username to anything else.
“User Accounts” option allows you to accomplish this task in no time.
4. User Login Security
Normally hackers use “Brute Force Login Attack” where they try different passwords and thus use repeated login attempts. Apart from choosing strong passwords, monitoring and blocking IP addresses which are involved in repeated login failures in a short period of time is a very effective way to stop these types of attacks.
You can use “User Login” settings for accomplishing these tasks.
5. User Registration Settings
Using “User Registration” settings page, you can add two features to your WordPress Blog. The first is “Manual Approval” of user accounts and other one is enabling “Captcha” in WordPress Registration form. Use of captcha is recommended for stopping Spammers.
Also Read >> What is Domain Authority and How to Improve it?
6. Database Security Settings
Database is the most important asset for any WordPress Blog as it contains all precious information. Due to this, Database is also a major target of hackers. They use Methods like SQL injection which targets specific tables.
When you install WordPress, it adds a table prefix “wp_”. Hackers are aware of this fact. One way to add an extra layer of protection is to change the default table prefix. This feature allows you to change the prefix to a randomly generated value. You can also use any other table prefix of your choice.
Using “DB Back UP” tab, you can take a backup of your WordPress database as well.
Also Read >> What is Google Hummingbird Algorithm?
7. File System Security Settings
Although WordPress installation already comes with reasonable secure file permission settings for its files, you can use this feature to scan and change your file permission. It’s recommended to use “0755” file permission.
Also Read>> SQL Queries to Make your WordPress Blog Faster
8. WHOIS Lookup
This feature allows you to look up more detailed information about an IP address or domain name by querying the WHOIS API.
9. Blacklist Manager – Ban IPs or User Agents
Using the “Blacklist” feature of All in One WP Security, you can ban certain host IP addresses and User Agents. This feature will deny complete site access for users who have IP addresses or user agents which are bannedby you. In order to accomplish this, this plugin modifies your .htaccess file.
10 . Firewall Settings
All features in “Firewall Settings” allow you to activate firewall security protection rules for your WordPress blog. All functionalities are achieved by insertion of codes in your “.htaccess” file.
Before enabling any security feature in this list, don’t forget to read the instructions.
11. Prevention from Brute Force Attack
This feature is extremely helpful because most of the WordPress blogs are hacked using “Brute Force Attack”. The first tab on this settings page allow you to change your default admin login url(ex- www.yourblog.com/wp-admin). You can change it to anything you want.
The second tab is also helpful. Lets see the explanation given by the developer about this feature:
A Brute Force Attack is when a hacker tries many combinations of usernames and passwords until they succeed in guessing the right combination.
Due to the fact that at any one time there may be many concurrent login attempts occurring on your site via malicious automated robots, this also has a negative impact on your server’s memory and performance.
The features in this tab will stop the majority of Brute Force Login Attacks at the .htaccess level thus providing even better protection for your WP login page and also reducing the load on your server because the system does not have to run PHP code to process the login attempts.
The third tab allow you to captcha while logging into your admin panel.
Also Read>> How to create Stunning Infographic in Minutes?
12. Prevent your WordPress Blog from Spammers
This Awesome plugin also has Spam Prevention feature. You can add Captcha to your Blog’s comment form. Apart from that, you can also block Spambots from commenting.
13. Additional Features
Additional Feature are listed below:
- Scanner – Scanner feature allow you to scan your WordPress blog and Database for invalid activity, harmful scripts or Malware. If given opportunity, hackers can insert their script into your blog that can carry out malicious acts on your blog. “File Change Detection Feature” feature informs you about changes which are made on your blog. Using “Malware Scanner”, you can scan your blog for Malware. Using “DB Scan” functionality, you can scan your Database for errors.
- Maintenance Mode – This feature allows you to add custom message during “Maintenance Mode”. It shows custom message to all visitors after locking down your blog. This feature can be useful if you are investigating some issues on your blog or trying to make changes to your blog.
- Disable Right Click – Using the last feature, you can easily disable Right Click on your WordPress Blog.
Also Read>> How to Make Money on Fiverr through your Blog?
How to Install All in One WP Security & Firewall?
- Log into your WordPress Admin Panel.
- In Dashboard, click on Plugins>> Add New
- In Search box, type “All In One WP Security & Firewall” and click on “Search Plugins” button.
- You will see it on first position in search results.
- Just click on “Install Now” link.
- Once done, Activate it and apply settings.
All in One WP Security & Firewall is one of the best security plugins available to WordPress users. It protects your WordPress blog from all kind of attacks. That’s the reason why i recommend it to every WordPress User. It’s completely free so everyone can use it without worrying about its cost.
The developer of this plugin has really done a great job. It’s extremely easy to apply changes to your blog. You can activate features easily just with a button click. It hardly take 5 to 10 minutes.