As per the statistics from HostingFacts, approximately 37,000 websites get hacked every day. Thirty – seven thousand is a huge number, and it could be you too. So here I am with an article on “how to secure your blog/site from hackers/infiltrators.”

how to secure your blog from hackers

Here I am going to give you some tips and tricks about converting your blog/site into a secure fortress. This is not a trick but a simple feature that you will like to add to your blog after going through this whole article that helps you to make your WordPress blog secure. Here this article will also help you to reduce the number of the plugins in your blog (if you have a captcha plugin activated).

Not only the captcha but it can also eliminate the use of an extra backup plugin from your blog thus reduce the server load time and increase the speed of your blog.

Install new plugin

If you are using the plugin for changing the login permalink of your blog you can remove that too as this plugin will also help you to set the new login URL.

search for the All in One Security and Firewall plugin

So all you need to do is to go to Plugins>Add New, there in the search bar search for the All in One Security and Firewall and then install and activate the plugin.

Install the All in One Security and Firewall plugin

Now you see a new tab added to your WordPress admin area named WP Security where all the settings of this plugin exist.

new button appear in the dashboard

Dashboard

Now just hover over the WP Security tab and click on the Dashboard in the side drop menu. You will see the panel with the score of your WordPress security. In the beginning, the score of your WordPress security will be around 50 or 70 in the security strength meter.

All in One WP Security and Firewall Plugin Dashboard

Now all you need to do is to configure this plugin with the proper settings to get a good score on the Security Strength Meter.

Settings

First of all, go to WP Security>Settings>General Setting and then scroll down to bottom and check the box in the last as shown in the image below.

Setting tab of All in One Security and Firewall plugin

Now move to the WP Version Info option and check the box of Remove WP Generator Meta Info. What this will do is, it will remove the information of your WordPress like which version of WP are you using. As in case you are using the old version of WordPress the hacker will surely attack your blog as it will be somewhat easy to hack down.

WP version info setting of All in One Security and Firewall plugin

User Account

Now go to WP Security>User Account>WP Username. Here you have to choose a better login name not something like admin and all. If you already have a better login name, you will automatically get the 15 points from here.

User Account WP Username tab setting of All in One Security and Firewall Plugin

Then there is nothing left as you can ignore both the Display name option and Password option under the User Account. But you can check how secure your password is on the Password tab just like in the below image.

User Account Password tab setting of All in One Security and Firewall Plugin

User Login

For this, you have to go to WP Security>User Login. Under the User Login, go to Login LockDown option and check the Enable Login LockDown feature and other necessary functions. You can also check the email notification box, but that might fill your email inbox with hell lot of spam emails.

User Login Login Lockdown setting of All in One Security and Firewall plugin

You can ignore the rest of the setting in this tab, or if you want to gain more points, then you can go to different tabs and then check the desired settings.

User Registration

Go to WP Security>User Registration and under it go to Manual Approval. As the name suggest, here you can enable the manual adoption of the user registration on your blog.

User Registration Manual Approval setting of All in One Security and Firewall plugin

Now move to the Registration Captcha, and there you can check the enable captcha on the registration pages box.

User Registration Registration Captcha setting of All in One Security and Firewall plugin

Database Security

Now comes the backup part that will eliminate your backup plugin. Go to WP Security>Database Security. There go to the DB BackUp and enable the automated backup schedule. Also, you can choose the backup time interval, the number of backup files and email notification.

Database Security Database Backup setting of All in One Security and Firewall Plugin

FileSystem Security

Under WP Security>FileSystem Security go to File Permission, there you have to  give the permission to all your files and directory. As default there is no action needed but in case if the action is needed then you have to give the permission and that’s it.

Filesystem Security File permission setting of All in One Security and Firewall plugin

Now move to the PHP File Editing, here you have to check the disable the ability to check the file editing mode. This will save the people from editing or deleting the PHP file from your blog.

Filesystem Security PHP File Editing setting of All in One Security and Firewall plugin

Now move ahead to the WP File Access and there you have to enable the prevent access to the WP default file install. It will help your blog’s WordPress files (readme.html, license.txt, and wp-config-sample.php.) access to anybody else from you.

Filesystem Security WP File Access setting of All in One Security and Firewall plugin

Blacklist Manager

Now you have to jump to the WP Security>Blacklist Manager. There under the Ban Users enable IP or user agent blacklisting. And after that scroll down to the Enter user agents. In the beginning the box will be empty but you have to click on +More Info option and from there you have to copy the bot agents that you might ban on your blog and paste them in the box in front of Enter user Agents.

Blacklist Manager Ban User settings of All in One Security and Firewall plugin

FireWall

Go to WP Security>Firewall and there under the Basic Firewall rules check and enable the necessary settings as shown in the image below.

Firewall Basic Firewall Rules of All in One Security and Firewall plugin

Now you have to move towards the Additional Firewall Rules and here you have to enable the additional settings of the Firewall that will help the security of your blog just like in the image below.

Firewall Additional Firewall Rules settings of All in One Security and Firewall plugin

Move ahead to the 6G Blacklist Firewall rules and there enable the 6G blacklist rule and also the 5G firewall protection for you blog.

Firewall 6G blacklist firewall rule setting of All in One Security and Firewall plugin

Under the Internet bots you can enable the blocking of all the fake Google bots which are malicious. Now you have to move to the Prevent Hotlink and enable the image hot – linking protection box.

Firewall Prevent Hotlinks settings of All in One Security and Firewall plugin

Brute Force

Here in this you can rename you default WordPress login page. All you need to do is to go to the WP Security>Brute Force and under that go to the Rename Login Page option. There you need to check the Enable Rename Login page and then below that you need to enter the new login address of your WordPress blog which is www.yourblogname/wp-admin/ by default. You can change it to something like www.yourblogname.com/login-details/ or something that you like and remember that in future.

Brute Force RenameLogin Page setting of All in One Security and Firewall plugin

This will not only help your login page from the people but also help to hide whether your site is based on WordPress or not.

Now move to the Login Captcha option where you have to enable the Login captcha option that will help you t secure your login from bots by providing a captcha there on the WordPress login page of your blog.

Brute Force Login Captcha of All in One Security and Firewall Plugin

Now move to the HoneyPot option and check the enable honeypot option feature for your WordPress blog login page.

Brute Force HoneyPot setting of All in One Security and Firewall plugin

Spam Prevention

Comments are the boon for your blog as it is quite interesting to be in a touch with your readers or viewers. It is also necessary to put the captcha in the comment box so that there might not be any sort of the comments from the bots. So all you need to do is go to WP Security>Spam Prevention and under that go to the Content Spam option and enable the captcha on the comment forms.

SPAM Prevention Comment Spam setting of All in One Security and Firewall Plugin

Scanner

Go to WP Security>Scanner and under that go to File Change Detection. Scroll down to the File Change Detection Settings. Enable the File change detection scan and it will automatically scans the files of your WordPress blog if any change will be made to them by anyone else than you.

Scanner File Change Detection setting of All in One Security and Firewall Plugin

Miscellaneous

Go to WP Security>Miscellaneous and under that in the Copy protection you can enable the right click protection if you don’t want anyone to use the right click option on your blog.

Miscellaneous Copy Protection setting of All in One Security and Firewall plugin

Then move to the Frame option and there check the enable iFrame option that will help to stop other sites from displaying your content in a frame or iframe.

Miscellaneous Frames setting of All in One Security and Firewall plugin

In the User Enumeration option you can stop the users enumeration.

Miscellaneous User Enumeration setting of All in One Security and Firewall Plugin

Note – If your blog is under construction for sometime then you can use and enable the Maintenance mode by going to WP Security>Maintenance with a suitable message to your viewers.

Maintenance Visitor LockOut setting of All in One Security and Firewall Plugin

Wrap Up

So I think now you are aware of how to secure your blog/site from Hackers/Infiltrators just by using the one single plugin All in One Security and Firewall. With nearly 13 security features you can’t only secure your blog but you can elimate almost some of the plugins, as this plugin is capable enough to handle the tasks performed by them. So not only it will Convert your blog into a Secure Fortress but also make your blog faster in terms of speed.

Still if you have some sort of queries or dout in your minds regarding this plugin then you can feel free to ask in the comment section below or you can also contact us.

About the author

Anoop

Anoop Bhandari is a full - time passionate blogger, digital and affiliate marketer, and web designer. In his free time, he loves to play cricket and listen to songs. He lives in beautiful town Sunder Nagar of Himachal Pradesh, India.

2 Comments

Leave a Comment

15 + 15 =