How to protect your wordpress blog from hackers with WP Security plugin

Your WordPress blog will crash if you keep your WordPress up-to-date, as well as your own plugins and themes, there’s a good chance you won’t have a problem, but you still need additional layers of security that will curse hackers more and more trouble hacking your blog. You need a security plugin that will help you protect your site from hackers.

I did some research on WordPress security plugins and found that there is a powerful security plugin that can help protect your site from hackers, which is called “All In One WP Security and firewall”. To install this plugin on your website, you need:

Sign in to your WordPress dashboard, which is http://www.yourwebsitename.com/wp-admin.
Scroll down to Plugins and click New Extension.
On the right side there is a search box, search for “All-in-one security”.
You will then see a plugin called “All In One WP Security and firewall”. Install and activate it.
After activating the plugins, you can see that there is a new item in your list, within your settings in your admin control panel called WP SECURITY. Click on it and you will see and see 15 submenus below it. I will explain it one by one.

How To Protect Your WordPress Blog From Hackers Using The WP Security 1 Plugin

Table of Contents
Board
Configuration of
General adjustments
htaccess file and wp-config.php
WP identification information
import and export
User account
display name
password
User Login
Login failed registration
Force logout
Account activity logs
User Login
User register
Password verification for registration
Database security
Database backup
Automated scheduled backups
Database prefix
File system security
Who is looking for
Blacklist manager
Firewall
Additional firewall rules
5G Blacklist Firewall Rules
Internet bot
Prevent hot links
Detect 404
Custom rules
Brute force
Block cookie-based brute force
Sign in Captcha
Login whitelist
Spam protection
Comments IP spam control
Grace
Scanner
Maintenance work
diverse
Tires
Board
You will see a security indicator and if you look at its button it will show you how many points you have scored in the WP SECURITY accessory to secure your blog. The total point of the WP SECURITY plugin to secure your website is 470 points and the actual result your site will get is 50. There are many things we must do elsewhere to protect your blog from hackers.

On the side of the safety force gauge, you will see a circular circle called the breakdown of the safety point. It shows you what to fix on your site to secure your website, as well as increase the default point of 50. Here’s the second submenu for your WP SECURITY plugin.

How to protect your WordPress blog from hackers using the WP 2 security plugin
Configuration of
There are five different tabs in this list which are: General Settings, .htaccess file, wp-config.php file, wp metadata information, and import and export.

General adjustments
The Wp plugin allows you to backup your database, htaccess file and wp-config.php file before using this plugin. It is useful if there is any breakdown of your website while using this plugin, you can just undo it. I recommend backing up these essential files before using this plugin.

htaccess file and wp-config.php
Here you can back up your htaccess and wp-config.php file by making a copy and saving it to your computer.

WP identification information
WordPress automatically adds descriptive information about the current version of WordPress you are using and it is found in the header tag of every page on your site. This meta tag looks like <meta name = ”generator” content = ”WordPress 4.8” /> This helps hackers to know whether or not we are using the previous version of WordPress. Scroll down and check the box to remove identifying information from all pages and also click Save Settings.

import and export
This plugin allows you to import your WP SECURITY configuration by uploading the file and also allows you to export your WP SECURITY configuration to other blogs using wp security and keep it as a backup of your configuration.

User account
By default, the WordPress administrator name is “admin” while installing WordPress, the best thing to do is to change the WordPress administrator name from “admin” because many hackers take advantage of this information using “force login gross “, where they try to guess a word. Traffic using “admin” as username. If you don’t change your default login name to WordPress, I suggest that you do so on the WP Username tab, in the User Account submenu in the WP Security Plugin.

display name
When you post or reply to a comment on your blog, WordPress will display your nickname the same as your login name, for security reasons, putting your username as your nickname is very bad because it gives hackers more information about your site. On the other hand, to protect your website, we recommend that you change its title and display name to be different from your username. If you have not yet made this name to display, I suggest you follow i

password
This feature allows you to test the password of your choice and also tell you how strong the password is. Remember that a long and complex password is more difficult for hackers to crack because the complex password takes time to crack.

User Login
This feature also allows you to set and limit the login attempt for your blog.

Enable login security features: Check this option to enable login security features for your blog. If you leave it unchecked, you will not be able to enable other settings on it.

Allow Unlock Request – If you enable this feature, it will send a link to your email that you can use to unlock your account after being blocked by the plugin.

Maximum Login Attempts – Here you will get a small box to enter the maximum number of login attempts before the IP address is blocked. If you enter “3” in the small box, this is any attempt to log into your WordPress dashboard more than twice, then the IP address will be blocked

Login retry period: provide a small box to enter the number in minutes, if the maximum number of failed login attempts by a specific IP address for a specific period of time, this plugin will block this IP according to the number you entered in the small box. If you enter “60” in the box, any blocked IP addresses will be blocked for 60 minutes.

Duration of closing time: allows you to enter the time when the login of a specific address will be blocked

Show general error message: If you check this function, it shows a general error message when the login attempt fails.

Immediately block invalid usernames – Checking this feature will block any login attempts with a username that is not on your system. I suggest that you enable this feature for your blog.

Email notification: Yes, you want to receive an email notification when someone is blocked due to a maximum login attempt. Enter your email in the box provided. I recommend enabling this feature for your blog. Click Save Settings below.

How to protect your WordPress blog from hackers using WP Security 3 plugin

Login failed registration
Include the list of failed login attempts on your blog

Force logout
If you enable this feature, you will forcibly log out all users who have logged in within a specified period of time.

Account activity logs
This feature shows you the last 50 recent login activities for the WordPress administrator account registered on your website.

User Login
This function shows you all the users that are currently registered on your website.

User register
This feature disables all newly registered accounts on your website so you can manually approve them. I recommend enabling this feature for your website. Then click Save Settings.

Password verification for registration
If you allow registration on your website, you must enable this feature because it includes a CAPTCHA test form on the user registration page.

Database security
Your WordPress database is the most important component of your website because it contains a lot of useful information for your website. The recommended way to protect your website’s database is to change the default WordPress table prefix which is “wp_” to something else. Before you can do this, you need to back up your database.

Database backup
Click the button that says “Create a DB backup now”

Automated scheduled backups
Enable automatic scheduled backups – enable if you want this add-on to be automatically based on the settings below.

Backup Interval – Set the time when you want this plug-in to back up the database.

Number of backup files you can keep – This feature allows you to set the number of backup files you want to keep in the database backup directory.

Email Backup File: If you enable this field, it will send you a backup file via email after creating a database and then click on save settings and after that we need to go back to our tab database prefix.

Database prefix
Current database table prefix: will show you the current database prefix. If it is “wp_”, you will need to change it next.

Create a new database table prefix – check the box if you want this plugin to generate a random string for your database prefix or you can insert your custom database prefix in the box provided below and then click “Change Database Prefix”

After changing your database prefix, you need to open a new tab in your browser and visit your website elsewhere to check if the database tables are connected correctly.

How to protect your WordPress blog from hackers with WP Security 4 plugin

File system security
This is a table showing the Safe and Unsafe File Permissions settings; If there are no locked files, this plugin will provide a recommend button in the Recommend Action section. To indicate that there is no problem with file permissions, all rows should be green.

How to protect your WordPress blog from hackers using the WP Security 5 plugin
Who is looking for
The field allows you to obtain more information about the IP address or the domain name that your website tries to hack. You can insert the IP address or domain name in the box below and click “Run IP or Search Domain”.

Blacklist manager
The field allows you to block the IP address or the user agent from accessing your website.

Firewall
This feature enables a basic firewall to protect your website

Enable basic firewall protection: Check the provider box if you want to enable the firewall for your website. If you check the box,

It will protect your htaccess file by denying you access.
Disable server signature
Limit file upload size to (10MB)
Protect your wp-config.php file by denying access to it.
It is strongly recommended that you take a backup htaccess file before enabling this feature, in case there is any problem after enabling it.

WordPress Pingback Vulnerability Protection – This field allows you to enable WordPress Pingback Vulnerability Protection, if you are not using WP XML-RPC, you can enable it.

Block access to the debug log file: If you want to block the debug.log file that WordPress creates when debug logging is enabled, check the box and click “Save basic firewall settings”

Additional firewall rules
Disable index views: check this option if you want to disable directory and file lists

Disable trace and routes: select this option if you want to disable trace and routes

Prevent posting of proxy comments – select this option if you want to disable posting of proxy comments

Bad query strings rejected – check this if you want to protect your site from harmful XSS queries

Enable Advanced String Filter: Select this, if you want to block XSS incorrect character matches but before enabling this feature you need to back up your htaccess file and click “Save additional firewall settings”

After that, open a new tab in your browser and visit your website to check if your website is working fine.

5G Blacklist Firewall Rules
Enable 5G firewall protection – check that, if you want to enable 5G firewall protection from http://www.perishablepress.com to your site and click “Save 5G firewall settings”

Internet bot
Block fake Google robots: select this option, if you want to block fake Google robots, click “Save Internet robot settings”

Prevent hot links
Hotlinks is the place where someone displays images on your site that are already on your site using a direct link to the source image on your server when this process occurs, it causes bandwidth leaks because your server must provide the image to the people who see it on someone else’s site. I recommend enabling these features because they prevent quick linking of images to your website and then clicking “save settings”

Detect 404
This feature allows you to monitor all 404 events that happen on your website and also gives you the option to block the IP address for a configured period of time. If you want to use this feature, please check the box below and list the length of 404 locks then click “Save settings”

Custom rules
This field allows you to insert a custom .htaccess rule and directive, I recommend you tap here if you don’t know what it is about.

Brute force
Rename login page – This feature allows you to re-edit the default WordPress login URL www.yourwebsitename.com/wp-admin to www.yourwebsitename.com/anything

Enable the rename function of the login page: Check the box to enable the rename function of the login page.

Login page URL: Enter the required login name in the box provided independently of “wp-admin” and click “Save settings”

How to protect your WordPress blog from hackers with the WP 6 security plugin
Block cookie-based brute force
This feature allows you to set a secret login URL for the blog administrator’s dashboard; Before you can activate it on your website, you must check if your site has accepted this feature. You can test by scrolling down and clicking “Run a cookie test”

Enable brute force attack prevention – check that if you want to protect your website login page from brute force attack.

Password: enter a password of your choice

My site contains password protected posts or pages – if you have password protected posts or pages, you can check this box.

My site contains a function or plugin that uses ajax: if your site contains an attribute or plugin that uses ajax, you can check this box and then click “Save feature settings”, it will automatically create a login URL for your WordPress admin area. It is important to keep this URL somewhere if you forget it. In the meantime, go ahead and test the URL in a new tab in your browser. If a hacker has just visited your website as you see even though you entered the correct username and password, you will not be able to access your WordPress dashboard as you do not have the cookie present on your computer.

Sign in Captcha
You can check them all if you want to enable CAPTCHA in your login forms as well as lost password forms then click “Save Settings”

Login whitelist
This function allows you to block other IP addresses from your login page waiting for your IP address, you can enable this function if you have a fixed IP address.

Jar of honey

This is a special hidden function for Android, when trying to login in the dashboard of your website, you can enable this function if you want honeypot function for login page and click “save settings”

Spam protection
If you want to enable CAPTCHA on your comment form, as well as prevent a spam bot from commenting on your blog, please check all the boxes provided and click “Save settings”

Comments IP spam control
The field shows lists of IP addresses for spammers who leave comments on your website.

Grace
The field allows you to add a CAPTCHA to your friends’ plugin templates.

Scanner
This feature allows you to search for file changes on your website, and you can also set the time interval this plugin will automatically search for file changes.

How to protect your WordPress blog from hackers with WP Security 7 plugin

Maintenance work
You can enable this feature if you want to re-edit your website theme, this plugin will help you restrict all users of your website to see your content, any visitor who visit your website at that time will only see “this site Currently not available. Please try again later. “You can also edit and customize the default text using the WordPress toolbar and then click Save Settings.”

How to protect your WordPress blog from hackers with WP Security 8 plugin
diverse
This feature allows you to disable the correct selection on your blog, in other words, it prevents the user from copying your articles, if you want to disable the right-click selection, then check the box and click Save copy protection settings.

Tires
This field allows you to disable sites that display their content in a frame or iframe. If you like this feature, click the box and also click Save Settings.

Check the dashboard to check the safety gauge, 50 to 380, what a good result.

How to protect your WordPress blog from hackers with WP Security 9 plugin

Now that you have learned the complete tutorial on how to protect your WordPress blog from hackers using the firewall and security of the WordPress all-in-one plugin, if you liked this tutorial, please share it with the share buttons below and also if have any questions on how to set it up. Plugin, don’t hesitate, share it in the comment section below.

Be the first to comment

Leave a Reply

Your email address will not be published.


*