KIO
Kreative Ideen online
Security plugin All in one security

Security plugin All in one security

WordPress Security Masterclass

Settings

  • Under "Setting" create backups of.
    htaccess
    wp-config.php
  • WP version Hide info (whitelabeling
    )Remove metadata from WordPress from the source code because bots like to search for it
  • Import / E
    xportallows to export/import the settings

User accounts

  • User nam
    eImportant -> remove "admin"
  • Display nam
    eUsername should be different from nickname
  • Passwor
    dhere can be tested for password strength

Login-backing

  • Enable From Lockdown Feature
  • Max Login Attempts: enable (better set 5x)
  • At the item "Instant lockout invalid Usernames": rather do not activate because you could lock yourself out

IP whitelisting

  • To, for example, Enter your own IP address so that you don't lock yourself out
    To find your own IP address out -> "Logged in Users"

In the tab "Failed login Records"

  • Collection of failed login's

Force Logout

  • As soon as you don't do anything on the page, the time is counted
  • It can be determined when someone automatically logged out (recommended is 120min)

Account Activity Logs

  • Shows the activities

Registration

  • "Enable manual approval of new registration": prevents automatic registration (on shop page or forum – do not activate)
  • Registration – Enable Captcha
  • Registration – Honeypot
    : Creates a hidden field that a user does not see but only a bot

Database

  • DB-Prefix: Better to change the prefix immediately when installed; about the plug-in somespooky
  • Automatic backup: 2xMonth

Access Permissions: (On file basis)

  • Gmeint is the "File Permission" – "Read | Writing | Execute"
User permissionGrouper permissionPublic permission
R
eadW
rite		ReadWriteReadWrite
Nummärischer – Code 755

755 is set for all files

For security reasons for ".htaccess" 644 should be set

User permissionGrouper permissionPublic permission
ReadWriteReadWriteReadWrite
Nummärischer code: 644

Disable editing of PHP files

  • PHP File Editing

WP-File Access

  • Prevents editing of WordPress Core Files

Blacklist Manager

  • If one detects suspicious login attempts under "User-Login -> Account Activity Logs" (i.e. same IP-many attemp
    ts)Under "Enter IP-Addresss" the IP can be defined which should be locked out

Firewall

  • Enable Basic Firewall – protects .htaccess | wp-config.php
  • WordPress XMLRPC + Pingb
    ackProtects external access (If something does not work again disable)
  • Block Access to Debug Log F
    ileFirewall blocking is written to "debug.log"
  • Additional – Rule
    sDisable Index View – suppressed directory listing

Track – Trace

  • To note whether it affects tools that interact with the site (Google – Analytics)
  • Proxi Comment Pos
    tingWhen a cometar is written behind a proxi, the cometar is banned : activate
  • Bad Query Str
    ingAt strings that indicate spam – is prevented

6G Blacklist Firewall Rules

  • Enable 6G Firewall Prote
    ctionUses "perishablepress.com" to get an up-to-date list of hackersas
    they want to do something on the site they are blocked

Internet Bots

  • Block Fake Googlebot : blocks "fake" Google bots – activate

Hotlinks

  • Prevent – Hotl
    ink hotlinks are self-hosted images hosted on another domain : enable

404 Detection

  • Log the IP's of visitors who access different pages : activate

Custom Rules

  • You can write here in the ".htacces
    s" is written dynamically so if the .htaccess is replaced, the rules still apply

Brute Force

  • Brute Forc
    e1000'de Login attempts "Username & Password" randomly – at some point paralyzes the server
  • Rename Login-Pa
    gewp-login.php is renamed
    e.e. from wp-login to start

Cookie Based Brute Force Protection

  • cannot be activated when "Rename login" is active

Login Captcha

  • For login
  • For Lost Password

Login whitelist

  • Enter IP's here which should not be excluded

Honey Pot

  • Again hidden field for bots – activate

Spam

  • Captcha for Komentar – activate
  • Blocks Spambots From Post
    ingSPAM bots trying to access the cometar page directly, this setting prevents the

Comment SPAM IP monitoring

  • Auto Block SPAM comment
    IP'sIf spam komentar has already been sent from an IP, it can be blocked
  • Akismet does not need to be installed

Scanner – takes an image of all files

  • If the page is hacked, you will receive an e-mail
  • Important -> Files to ignore : jpg | png |
    bmpOtherwise you get a notification every image upload
  • Important -> Directories to ignore : activate when a caching plugin is active

Leave a Reply

Your email address will not be published. Required fields are marked *