The All in One Security Plugin is a comprehensive security plugin offered by the Tips and Tricks HQ. It is a free download and has a wide range of features including a built in firewall, Brute Force protection, and a security scoring system. It is a complete solution for your WordPress Security concerns and is a great way to secure your WordPress installations available through WordPress Hosting.
Installing the Plugin
First click “Plugins” and then “Add New”
Search for the “All in One WP Security” plugin then click “Install Now” and then “Activate”
Click “WP Security” on the Left Menu
User Account Security
To setup user account security click “User Accounts” on the left. There will be 3 tabs on this screen: “WP Username”, “Display Name”, and “Password”.
User Login
The User Login option on the menu gives you access to 5 different tabs. The “Login Lockdown” and the “Force Logout” tabs have security settings that need to be configured. The other 3 tabs contain logs and information about who is logged in.
User Registration
The “User Registration” option on the left menu has three different tabs on it. “Manual Approval”, “Registration Captcha”, and “Registration Honeypot”. This tab is mainly for sites that allow some form of user registration. If your site doesn’t, then you don’t need to configure the settings in this section.
Database Security
The Database Security menu option on the left provides two tabs “DB Prefix” and “DB Backup”.
Blacklist Manager
The “Blacklist Manager” option on the left hand menu is where you can setup an IP or User Agent blacklists. Click the “Enable IP or User Agent Blacklisting” checkbox and then click “Save Settings”. You will need to come back to this to tab to add IP addresses that you want to block.
Brute Force
The “Brute Force” menu option on the left is where you can configure login page settings. There are 5 tabs on this page. By default we’d recommend setting up the “Rename Login Page” and “Login Honeypot” tabs. The options on the “Cookie Based Brute Force Prevention”,“Login Captcha” and “Login Whitelist” tabs should be used selectively as some of them are for specific platforms such as WooCommerce or could lock you out of your admin panel if used incorrectly.
SPAM Prevention
Use the “SPAM Prevention” menu option on the left hand side to increase the security of WordPress by filtering comment spam. While there are a few different tabs you’ll primarily need the “Comment Spam” and “Comment SPAM IP Monitoring”. The “BBPress” and “BuddyPress” tabs only need to be accessed if you use those apps.
Scanner
If you click the Scanner option on the left hand menu you’ll be taken to All in One’s malware scanner. From here you can run a manual scan and you can set your system to make periodic automatic scans of WordPress’s key files. Check the “Enable Automated File Change Detection Scan” and then click “Save Settings” You can run a manual scan by clicking “Perform Scan Now”
Firewall
The “Firewall” option on the left hand menu has a number of features you’ll want to enable by default. Every tab in this section has options you’ll want to configure outside of the “Custom Rules” tab. Note the All in One plugin will not be able to configure firewall rules without write access to the .htaccess file in the WordPress directory.
File System Security
Finally the last area you need to check is the “File System Security” option on the left hand menu. This area will list all of the critical areas of WordPress and what the suggest file permissions are. If the “Set Recommended Permissions” button next to each one doesn’t work, use an FTP program or chmod to do so.
Check out these top 3 WordPress hosting services:
- Click here to get the best wordpress hosting specialized for wordpress.