Plugin: Security
It is strongly recommended that you have a good security plugin installed to help prevent malisicous attacks on your site. Due to the popular WordFence not being usable on our servers, we will cover the use of All In One WP Security, which is totally free to use.NOTE: We are not affiliated with, nor do we endorse or support the use of this plugin. We are including information here as a reference and suggestion to help you to protect your site.
Preparing The Plugin
Due to security settings on our servers, you will need to manually create a directory so that the plugin can work. The plugin itself will not be able to have permission to create this directory itself.Log into your CGI Server account via FTP and go to your wp-content directory. In this directory, create a new directory called
aiowps_backups
and change the permissions of this directory to be writable by owner and group (but not by anyone else). If your FTP program lets you use a permissions or attributes number (also called CHMOD), use: 775.Configuring The Plugin
In your WordPress Dashboard, go to WP Security in your left side menu.For each of the items below, click on the catebory below in the left menu under WP Security to get to that section. Then find the tab at the top that matches the bold area and follow the instructions below. When done enabling the features mentioned, click the blue button to save your settings in each tab.
Firewall:
• Basic Firewall Rules: Enable all options. NOTE: If you are going to be using JetPack, do not enable Completely Block Access To XMLRPC.• Advanced Firewall Rules: Enable all options.
• 6G Blacklist Firewall Rules: Enable 6G Firewall Protection (not 5G).
• Internet Bots: Enable Block Fake Googlebots.
• Prevent Hotlinks: If you do not want people to share/link to your images from your site, enable this feature as well.
• 404 Detection: Enable. Set the 404 Lockout Redirect URL to either a page you create and upload yourself or you can set it to your domain name or link to your main WordPress site.
Brute Force:
Do not enable any other features except the ones below. Our server will not support all Brute Force features.• Login Captcha: Enable Captcha On Login Page and enable Captcha On Lost Password Page. Do not enable Captcha On Custom Login Form unless you really want to use custom forms, which is not recommended.
• HoneyPot: Enable this feature.
NOTE: The Login Whitelist feature is not usable if you are on a DSL, cable or other home internet connection. This is used only for corporate or custom connections that have static IP addresses (ie. IP addresses that never change or recycle).
Spam Prevention:
• Comment SPAM: Enable all options.• Comment SPAM IP Monitoring: Enable all options. The Minimum number of SPAM comments needs to be set. This depends on your preferences. You may want to start with 10 and adjust this in time if necessary.
NOTE: Spam Prevention may require you to have the Akismet plugin activated.
Scanner:
• File Change Detection: Do not use this feature as it may overload the server with too many requests. If you are suspecting an infection, you could use this feature only for a limited time. Be sure to deactivate this feature when you are done determining if your site is infected. You probably should not leave this feature activated for more than 24 - 48 hours at most. Usually 12 hours should give you a good idea. However, it's recommended you use other methods to determine if your site has been infected first. See the Security section's Detection area for more information.Miscellaneous:
• Copy Protection: Read and enable if you want to disable right-click copying.• Frames: Read and enable if you want to stop people from using content on your site in an iframe inside their own sites.
• Users Enumeration: Enable this feature.
Database Security:
DB Backup: Please do not enable automated backups of WordPress or your MySQL database. This can slow down your site or the entire server due to the amount of large files it would create.The best way to back up your database is to use the Tools menu's Export option. This is compatible with the Import option (found in the same menu).