WordPress security enhancement plugin All in one WP Security ~ Firewall PHP settings explained

  • Misa
  • July 1, 2024
  • 10:00 PM
  • 0 comments

At HanamiWEB Online School,

●Ask questions in real-time in the virtual study room!

●Ask as many questions as you want via chat!

●E-learning materials that you can learn as much as you want, 24 hours a day!

All included for just 2,500 yen/month!

Sign up for a 30-day trial!

A must-read for those who are concerned about the security of their WordPress site
We explain how to enhance security with the free All in one WP Security plugin.

This time, we will explain Firewall > PHP rules settings.

For more information, please see the All in one WP Security explanation table of contents!

Securing your WordPress site

All in one WP Security Setting Explanation Table of Contents →

What is All in one WP Security Firewall PHP rules setting?

The PHP rules settings in the All in one WP Security firewall settings contain settings to block external attacks.

  • WP Security
  • Firewall
  • PHP rules

and set it up.

WP XML-RPC and Pingback Vulnerability Protection

XML-RPC is a function that allows processing on another computer via the Internet.

Some plugins, such as the one below, require the use of XML-RPC functionality. In that case, do not set "Block access to XML-RPC completely:" but turn on "Disable XML-RPC pingback function:".

  • Jetpack
  • WP iOs

It is better to leave this setting ON, but whether you check the top or bottom box will depend on the plugin you are using.

Disable WordPress RSS/ATOM

RSS and ATOM are functions that transmit site update information to external parties. Usually, you want to transmit the latest site information to external parties, but you can turn them on if you don't want your site to be scraped.

It is said that WordPress RRS/ATOM is crawled more frequently than XML sitemaps that convey site information. If you want to strengthen your search engine measures, it is a good idea to register with the Search Console!

Comments via proxy

Sites that do not accept comments do not need to set up comments.

Reject invalid query strings

It is OFF by default, so we recommend you turn it ON.

It controls the execution of site scripting known as XSS, but since we are using plugins, if turning it on causes the plugin to stop working, we will turn it off.

Advanced String Filters

This function prevents attacks from malicious strings via XSS.
We found that if the URL of a page, such as a blog post, contains Japanese characters, it will be blocked.
We recommend that you leave it turned OFF.

Firewall PHP rules configuration example

Released as soon as the next morning! Weekends and holidays are also available!

Super rush website creation plan

We offer a rush website creation plan for those who need a website in a hurry!

We can publish your content as soon as the next morning, even on weekends and holidays! If you have any questions, please check the details below!

Latest Articles

Even if Gmail POP is discontinued in January 2026, you can still continue to use Gmail!
READ MORE
How to make installment payments with Stripe
READ MORE
How to set up Cloudflare Turnstile for Contact Form7!
READ MORE
Data migration from WordPress 5.X series was also successful! Safe data migration with WPvivid Backup Plugin
READ MORE
en_USEnglish
ja日本語 en_USEnglish