Download the plugin
Find and install the plugin iThemes Security
Immediately after the installation is complete, Secure Your Site Now button to start the setup.
Then you just need to click on the two options as in the picture and the Dismiss button to finish.
There are sections Go to the navigation bar, when you select each part of the window that will lead you to the area corresponding to set. Let's look at the options at the bottom of the Security iThemes offline.
The basic options iThemes Security
Global Settings
This section contains the basic settings for iThemes Security.
Write to File - This option allows other plugins automatically add content to wp-config.php and .htaccess file, you can select it to install other features of iThemes Security or plugin created cache automatically.
Email Notification --mail address to receive notifications related to iThemes Security plugin, you can add multiple email separated by a line.
Delivery Email Backup - backup file to receive e-mail address if you backup data by iThemes Securtity.
Host Lockout Message - Message error message to the log failed due to blocked IP.
User Lockout Message - Message error message if a member is locked.
Blacklist Repeat Offender - Activate using spam address list public. You should choose because it will help you get rid of the spammers on this list.
Blacklist Threshold - The number of blocked IP will be converted to a permanent lock.
Blacklist Lookback Period - Duration block spammers listed in the Blacklist Repeat Offender.
Lockout Period - The time for each lock if someone tries to log in, but failed.
Lockout White List - List of IP is not locked.
Lockout Email Notifications - Receive email notification when someone locked.
Log Type - Recording the activity log of the plugin, choose the Database Only.
Days to Keep Logs Database - The duration of the log records in the database, following the expiration of the log will be deleted.
Path to Log Files - The path of the log file.
Allow Data Tracking - Allows iThemes collect your data used to analyze them.
404 Detection
This is the option to send the message for each member to access a page fault detection and 404. You should consider this option is enabled if your page has too much because it will appeal 404 matches email box you and a lot of resources.
Minutes to Remember 404 Error (Check Period) - The time that the system itself does not remember 404 and reported at a later time.
Error Threshold - The maximum error which each member can see, if the maximum number of members on page 404 in this section will be locked. Usually happens with spam bot.
404 File / Folder White List - The file / folder it will be ignored and no error checking 404.
Away Mode
This is a feature that helps you lock the administration page in the given time, you can only get in a certain period of time. Very useful for website 1 admin and you have the option of locking the admin page when you are sleeping, working example.
Enable away mode - Turn Away Mode.
Type of Restriction - type refuse, if you visit the site each day, select Daily.
Start Time - Time to start "open ports" admin page.
End Time - Time to close the portal admin page.
Banned User
Options allow enable a member of any committee, including spam bot.
Enable HackRepair.com's blacklist feature - Turn Key spam bots list of HackRepair.com.
Enable ban users - Turn locking member (not a member of your WordPress site).
Board Hosts - List of IP will be banned, each IP is a line.
Ban User Agents - Type of User Agents will be banned, applied to the spam bot. You can to Google type in "Bad User Agents list" to get a list and put this option if you wish.
Whitelist Users - IP will not be banned.
Brute Force Protection
This option will help you against Brute Force Attack in the form of restricted logins wrong.
Enable brute force protection - Turn against Brute Force.
Max Login Attempts Per Host - Number of failed log a maximum of IP.
Max Per User Login Attempts - The number of failed log maximum of one member.
Minutes to Remember Bad Login (check period) - The time to remember the login error, if in this time period that exceeds the number of incorrect login attempts allowed, it will be blocked.
See also: What is Brute Force Attack and Prevention.
Database Backup
Optional support automatic database backup. Only turn on if you have a small database for use BackWPUp or BackupBuddy will be much better.
Full Database Backup - Backup the entire database.
Backup Method - The method backup, it will be sent via email or backup copies stored on the host or 2.
Backup Location - Links folder containing the backup file.
Backups to Retain - The backup file will be retained on the host. For example, if you put it if it is 5 more than 5, it will automatically delete the oldest backup file.
Compress Backup Files - Support compressed backup file.
Exclude Tables - The table in the database you do not want to backup.
Schedule Database Backups - Enable automatic backup.
Interval Backup - Automatically backup after a certain number of days.
File Change Detection
Features notice if there is something in the host file is altered, usually to detect the insertion shell files. But just in time to turn to because it requires resources.
Enable File Change detection - Enable detect file changes.
Scanning File Split - Split the section of code to check the turn instead of once, saves resources.
Include / Exclude Files and Folders - Option to remove or include files to detect.
Files and Folders List - a list of files / folders that you want to exclude / include to scan.
Ignore File Types - The file formats that it will be ignored.
Email File Change Notifications - Enable notification via email.
Hide Login Area
Enable change log path instead of / wp-admin same.
Login Slug - Slug path logged in, if you write the address is dangnhap your sign looks example.com/dangnhap.
Register Slug - Slug path register.
Enable Theme Compatibility - Optional automatic compatible theme.
Theme Compatibility Slug - Path 404 error.
Secure Socket Layer
This feature is applicable to our SSL if your website has SSL certificate. If you do not have SSL, most if not fault the original website.
Front End SSL Mode - Enable SSL for the website.
SSL for Login - Enable SSL for login system on the website.
SSL for Dashboard - Enable SSL for Dashboard.
Strong Password
Apply mandatory use complex passwords for security.
Enable strong password enforcement - Enable strong password required.
System Tweaks
These settings will intervene in this system are used to hosting your privacy. Since this is the advanced settings, so do not choose if you do not know what you're doing.
Protect System Files - Secure your important files of WordPress wp-config.php like, .htaccess files, wp-include, Instal ....
Disable Directory Browsing - Do not allow file browse file browser, which means that if you do not have the file directory index, it still does not show a list of files in it.
Request Methods Filter - Filter queries sent through the URL, it will block the query dangerous nature or suspicious.
Suspicious Filter Query Strings in the URL - Filtering and blocking queries dangerous nature on the URL, such as they are trying to access the files in the folder themes, plugins.
Filter Non-English Characters - One way to limit SQL Injection by blocking the query contains strange characters. Should choose.
Long Strings URL Filter - Filter the query is too long, usually in the form of SQL Injection attacker often write queries over a long URL to change the database. Should choose.
Remove File Permissions Writing - Auto CHMOD security for sensitive files, if enabled, the file will be CHMOD to 0444 instead of 0644 as the default.
Disable PHP in Uploads - Do not allow execution of PHP code in upload feature in WordPress to avoid shell membrane up to the host. Should choose.
WordPress Tweaks
These options will intervene in the WordPress source code for security.
Meta Tag Generator WordPress Remove - Delete the default WordPress meta tags themselves born to make hacking difficult to determine the version of WordPress you are using to find the bug.
Remove the Windows Live Writer header - Remove header tags to respond to queries from Windows Live Writer to avoid the form of attacks by taking advantage of this to post files illegally.
Remove the RSD (Really Simple Discovery) header - Remove header card contains xml-rpc header file to avoid the forms of attack by unauthorized taking advantage of the post.
Reduce Comment Spam - Anti-Spam in the comment.
Display Random Version - Automatically displays some random hacker version of WordPress difficult to determine the true version you are using.
Disable File Editor - Not allowed to edit themes, plug-in Dashboard.
Disable login error messages - Off to display the error log hacker is difficult to determine their error or error log.
Force users to choose a unique nickname - Do not use nicknames for members overlap.
Disables a user's author page post count is 0 if spend the weekend - Do not create separate paths author if they have not all.
After the change is done, just press the button Save all Changes.
Advanced
This is the advanced settings, restrict tampering if you fear failure or the best backup the entire database and code before using the tools in here.
Admin User
These changes will affect the website admin account.
Enable Change Admin User - Rename the username of admin.
New Admin Username - The name of the admin login.
Change User ID 1 - Change User ID of admin to avoid detection.
Change Content Directory
Options for how to change the wp-content directory, very dangerous if you used a long website. Should only apply to the new website.
Change Database Prefix
Change of database prefix instead wp_ default, this option will be less likely to error, so you can rest assured that use.
Epilogue
These are important features that you need to talk through the Security iThemes this plugin. Although the version developed by iThemes launched not long, but according to his assessment, it still works pretty well at the moment and will continue to edit and add quite a lot. Hope for iThemes Security plugin, you will have peace of mind in securing WordPress.
Post a Comment