How to Configure the Firewall in All In One WP Security & Firewall

Posted OnSep 22, 2014     CategoryPlugins, Users & Security     CommentsNo comment

In this section of the guide to the All In One WP Security & Firewall plugin, we will take a look at configuring the Firewall.

Step 1) Login to the WordPress Dashboard.

Step 2) On the left-hand sidebar of the Dashboard navigate to WP Security -> Firewall.

km-all-in-one-firewall-01

The features allows you to activate some basic firewall security protection rules for your site.

The firewall functionality is achieved via the insertion of special code into your .htaccess file.

This should not have any impact on your site’s general functionality but if you wish you can make a back-up copy of your .htaccess file before proceeding.

The options for this feature are shown below.

  • Basic Firewall Rules

    A. Security Points Buttons The Basic button displays the Feature Difficulty.

    The 0/15 button displays the Security Points assigned to this. Since no options are selected, the security points are set to 0/15.

    B. Enable Basic Firewall Protection: Place a check mark in this check box if you want to apply basic firewall protection to your site.
    C. Security Points Buttons The Basic button displays the Feature Difficulty.

    The 0/15 button displays the Security Points assigned to this. Since no options are selected, the security points are set to 0/15.

    D. Enable Pingback Protection: Place a check mark in this check box if you are not using the WP XML-RPC functionality and you want to enable protection against WordPress pingback vulnerabilities.

    km-all-in-one-firewall02dd

    Once the check boxes shown above contain check marks and the Save Basic Firewall Settings button is clicked, both security points should now be 15/15 respectively.

    km-all-in-one-firewall02ee

  • Additional Firewall Rules

    This feature allows you to activate more advanced firewall settings to your site.

    The advanced firewall rules are applied via the insertion of special code in to your .htaccess file.

    Note:Due to the nature of the code being inserted to the .htaccess file, this feature may break some functionality for certain plugins and you are therefore advised to make a back-up copy of the .htaccess file before applying this configuration.

    As shown below (A-E), each security point area is set to a value of 0 since no options have been selected.

    km-all-in-one-firewall-03

    Once a check mark is placed in each check box and the Save Additional Firewall Settings button is clicked, the security points will be assigned their full value.

    km-all-in-one-firewall-03a

  • 5G Blacklist Firewall Rules

    The 5G Blacklist is a simple, flexible blacklist that helps reduce the number of malicious URL requests that hit your website.

    The added advantage of applying the 5G firewall to your site is that it has been tested to be an optimal and least disruptive set of .htaccess security rules for general WP sites running on an Apache server or similar.

    Therefore the 5G firewall rules should not have any impact on your site’s general functionality but if you wish you can make a back-up copy of your .htaccess file before proceeding.

    A. Security Points Buttons The Advanced button displays the Feature Difficulty.

    The 0/20 button displays the Security Points assigned to this. Since no options are selected, the security points are set to 0/20.

    B. Enable 5G Firewall Protection: Place a check mark in this check box if you want to apply the 5G Blacklist firewall protection from perishablepress.com to your site.

    km-all-in-one-firewall-04

    Once a check mark is placed in the check box and the Save 5G Firewall Settings button is clicked, the security points will be assigned the full value.

    km-all-in-one-firewall-04a

  • Internet Bots

    A bot is a piece of software which runs on the Internet and performs automatic tasks. For example when Google indexes your pages it uses automatic bots to achieve this task. A lot of bots are legitimate and non-malicious but not all bots are good and often you will find some which try to impersonate legitimate bots such as Google bot but in reality they have nothing to do with Google at all.

    This feature allows you to block bots which are impersonating as a Google bot (fake Google bots).

    A. Security Points Buttons The Advanced button displays the Feature Difficulty.

    The 0/5 button displays the Security Points assigned to this. Since no options are selected, the security points are set to 0/5.

    B. Block Fake Google bots: Place a check mark in this check box if you want to block all fake Google bots.

    km-all-in-one-firewall05

    Once a check mark is placed in the check box and the Save Internet Bot Settings button is clicked, the security points will be assigned the full value.

    km-all-in-one-firewall05a

  • Prevent Hotlinks

    A Hotlink is where someone displays an image on their site which is actually located on your site by using a direct link to the source of the image on your server.

    This feature will prevent people from directly hot-linking images from your site’s pages by writing some directives in your .htaccess file.

    A. Security Points Buttons The Basic button displays the Feature Difficulty.

    The 0/10 button displays the Security Points assigned to this. Since no options are selected, the security points are set to 0/10.

    B. Prevent Image Hotlinking: Place a check mark in this check box if you want to prevent hotlinking to images on your site.

    km-all-in-one-firewall06

    Once a check mark is placed in the check box and the Save Settings button is clicked, the security points will be assigned the full value.

    km-all-in-one-firewall06a

  • 404 Detection

    A 404 or Not Found error occurs when somebody tries to access a non-existent page on your website. Typically, most 404 errors happen quite innocently when people have entered a bad URL or used an old link to page which doesn’t exist anymore. However, in some cases you may find many repeated 404 errors which occur in a relatively short space of time and from the same IP address which are all attempting to access a variety of non-existent page URLs. Such behavior can mean that a hacker might be trying to find a particular page or URL for sinister reasons.

    This feature allows you to monitor all 404 events which occur on your site, and it also gives you the option of blocking IP addresses for a configured length of time.

    A. Security Points Buttons The Intermediate button displays the Feature Difficulty.

    The 0/5 button displays the Security Points assigned to this. Since no options are selected, the security points are set to 0/5.

    B. Enable IP Lockout For 404 Events: Place a check mark in this check box if you want to enable the lockout of selected IP addresses.
    C. Time Length of 404 Lockout (min): Enter the number of minutes for a lockout. The default value is 60 minutes.
    D. 404 Lockout Redirect URL: Enter a URL where a blocked visitor will be automatically redirected to.
    E. 404 Event Logs This area displays the log files. You have the ability to bulk delete.
    F. Delete All 404 Event Logs button Click this button to delete all the event logs.

    km-all-in-one-firewall07

    Once a check mark is placed in the check box and the Save Settings button is clicked, the security points will be assigned the full value.

    km-all-in-one-firewall07a

The next step in the guide will focus on the Brute Force feature.

 


Leave a Reply

Your email address will not be published. Required fields are marked *

Send this to friend