'}}

WordPress security enhancement plugin All in one WP Security ~ Firewall PHP settings explained

  • Misa
  • July 1, 2024
  • 10:00 PM
  • 0 comments

At HanamiWEB Online School,

●Ask questions in real-time in the virtual study room!

●Ask as many questions as you want via chat!

●E-learning materials that you can learn as much as you want, 24 hours a day!

All included for just 2,500 yen/month!

Sign up for a 30-day trial!

A must-read for those who are concerned about the security of their WordPress site
We explain how to enhance security with the free All in one WP Security plugin.

This time, we will explain Firewall > PHP rules settings.

For more information, please see the All in one WP Security explanation table of contents!

Securing your WordPress site

All in one WP Security Setting Explanation Table of Contents →

What is All in one WP Security Firewall PHP rules setting?

The PHP rules settings in the All in one WP Security firewall settings contain settings to block external attacks.

  • WP Security
  • Firewall
  • PHP rules

and set it up.

WP XML-RPC and Pingback Vulnerability Protection

XML-RPC is a function that allows processing on another computer via the Internet.

Some plugins, such as the one below, require the use of XML-RPC functionality. In that case, do not set "Block access to XML-RPC completely:" but turn on "Disable XML-RPC pingback function:".

  • Jetpack
  • WP iOs

It is better to leave this setting ON, but whether you check the top or bottom box will depend on the plugin you are using.

Disable WordPress RSS/ATOM

RSS and ATOM are functions that transmit site update information to external parties. Usually, you want to transmit the latest site information to external parties, but you can turn them on if you don't want your site to be scraped.

It is said that WordPress RRS/ATOM is crawled more frequently than XML sitemaps that convey site information. If you want to strengthen your search engine measures, it is a good idea to register with the Search Console!

Comments via proxy

Sites that do not accept comments do not need to set up comments.

Reject invalid query strings

It is OFF by default, so we recommend you turn it ON.

It controls the execution of site scripting known as XSS, but since we are using plugins, if turning it on causes the plugin to stop working, we will turn it off.

Advanced String Filters

This function prevents attacks from malicious strings via XSS.
We found that if the URL of a page, such as a blog post, contains Japanese characters, it will be blocked.
We recommend that you leave it turned OFF.

Firewall PHP rules configuration example

Leave the reskilling of your website to us!

Since 2019, we have been sharing skills related to WordPress and websites. We have accumulated case studies and know-how, and are good at quickly and accurately solving problems. If you have any concerns about your website, please feel free to contact us via our official LINE account!

↑Click to open the official LINE page

Latest Articles

'}}
Explains how to customize the LifterLMS system automatic output page
READ MORE
'}}
LifterLMS Customization example when the registration date and active date are different due to bank transfer, etc.
READ MORE
'}}
(Solved) Emails sent from WordPress to Gmail are not being sent [Lollipop]
READ MORE
'}}
Explaining package (ticket) settings for the WordPress reservation system Amelia
READ MORE
WP Rocket - WordPress Caching Plugin
en_USEnglish
ja日本語 en_USEnglish