Security settings are essential for anyone running a WordPress site!

All in one WP Security is free and allows you to set up basic settings, so it is recommended. If you are concerned about security, you can upgrade to a paid plan to use the automatic malware scanning function, allowing you to operate your site with even more peace of mind.

This plugin was created by the same company that makes the backup plugin upDraft Plus, so you can use it with confidence!

All in one WP Security Official Site

We are accepting consultations regarding WordPress. Please feel free to contact us.

Free consultation

What you can do with All in one WP Security

  • Changed the login URL to improve login security
  • Firewall Protection
  • WordPress File Protection
  • Brute Force Attack Prevention
  • File Change Detection
  • Comment spam prevention
  • Text copy protection

The above features are a completely free security plugin!


However, if you upgrade to the paid version, you can

  • Automatic malware scanning
  • Response Time Monitoring
  • Uptime Monitoring
  • Block 404 generating bots
  • 404 error log generation due to unauthorized access attacks
  • Block access by country (some users can be added to the whitelist)
  • Free support
Feature Comparison Chart

Introduction

General Settings

  • General Settings- Installation of the All in one WP Security plugin - Explanation of the general settings process
  • .htaccess file - Manual backup and restore of .htaccess file
  • wp-config.php file - Manual backup and restoration of your wp-config.php file
  • plugin delete setting- Settings when deleting the All in one WP Security plugin & database deletion settings
  • WP version information- Setting to hide the WordPress version. The default is OFF.
  • Import/Export - Export and import All in one WP Security settings. You can import settings to other sites.
  • Advanced Settings - This is the setting to notify PHP of visitor IP addresses, but if it is not set correctly, problems will occur, so it is okay not to set it.
  • Two-step authentication - This determines the user authority for setting up two-step authentication.

User Security

  • User account- We recommend that you strengthen your settings so that user information is not displayed on the site.
  • login lockout- Setting to lock out users who fail to log in
  • Force logout- Setting to require re-login after a certain period of time
  • Loggind in users - A list of users currently logged in
  • Manual Approval - Setting to require administrator approval for users who create new accounts
  • solt - An all-in-one WP Security feature that adds any string to your password

Database Security

  • Change your database prefix – if it defaults to “wp”, this poses a high security risk.Database PrefixFunctions that allow you to change

File Security

  • Change your database prefix – if it defaults to “wp”, this poses a high security risk.Database PrefixFunctions that allow you to change
  • File Protection - Restricting access to WordPress core files, preventing direct linking of image paths from outside, restricting editing of PHP files from the admin panel
  • Host System Log - Allows you to download the system log
  • Copy Protection - Prevent anyone from copying text on your site

Firewall

  • PHP Rule - Firewall PHP Settings
  • .htaccess rules - Add firewall settings via .htaccess
  • 6G firewall rules - Enables WP Security's proprietary 6G firewall settings
  • Online Bots - How to protect your site from fake Googlebots
  • Blacklist - You can block access by specifying an IP address.
  • WP RESET API - This will block RESETs for contact forms, etc., so you don't need to set this.

Brute force attacks

  • Login page name change - Login URL change
  • Prevention of cookie-based brute force attacks - This function will not be set because if it is set incorrectly, even the administrator will not be able to log in.
  • CAPTCHA Settings - Adding a CAPTCHA form to your login page or form
  • Login Whitelist - Allows access to the login page only from a set of IP addresses
  • 404 Detection - Monitors for malicious 404 attempts
  • Honeypot setup - Add robot-visible input fields to login and user registration forms to detect robots

Spam Prevention

  • comment spam setting - Setting to mark comments input from robots as spam and discard them
  • Comment Spam IP Monitoring - Setting up to block IP addresses that send comment spam from robots

scanner

  • File change detection - Notifications when file changes occur. Can be scheduled automatically.
  • Malware scan - If you upgrade to [premium], a malware scan will be performed once a day and you will be notified if any abnormality is found. No configuration is required and it will function automatically when you upgrade to Premium.

Tools

  • Password Tool - A tool that measures the strength of your passwords
  • WHOIS Lookup – Enter an IP address or domain and this tool will help you find the owner, helping you identify malicious sources.
  • Custom .htaccess rules - This is an advanced setting, so you don't need to configure it.
  • Visitor Lockout - A feature that locks out all users visiting the site at once and switches the site into maintenance mode when performing maintenance on the site.

Country Block [Premium]

  • Country blocking settings - Ability to block access by specifying countries
  • Secondary settings - Ability to block access to specific pages by country
  • whitelist - Block countries but allow specific IP addresses

smart 404 [Premium]

  • Smart 404 configuration - Ability to detect and block large numbers of 404 errors caused by robot attacks
  • blocked IP - displays a list of blocked IP addresses
  • statics - 404 event reporting

Two-factor authentication

  • Two-step authentication setting - Setting to require two-step authentication when logging in to a site
en_USEnglish
ja日本語 en_USEnglish