All in One WP Security & Firewall Plugin for WordPress 24


I’ve used a number of different security plugins for my WordPress sites.  Often 3 or 4 different plugins to block different security issues.  Recently though, I’ve started using a plugin called the All in One WP Security and Firewall plugin, and I am impressed.  I am using it together with Stop Spammers plugin, which I also like a lot, and the two together seem to behave quite well.  The All in One Security and Firewall plugin acts as a firewall, spam blocker and much more.  I recorded a video to explain how to set it up.

WARNING: Before you start applying the various security measures offered by this plugin, backup your htaccess file, WordPress database AND wp-config.php files.  The plugin offers an easy way to back these up.

One security plugin I have used up until now, effectively stopped visitors/hackers from accessing the WP-Admin folder.  That’s great if your site does not use AJAX, since it’s located in the WP-Admin folder.  However, a lot of themes and plugins do use AJAX these days, so blocking that folder is not actually such a good idea.  The All in One security plugin actually has this covered though.   All round, this plugin gets a big thumbs up for me.

Other plugins I used in the past, but no longer do because this All in One Security Plugin replaces them include:

  • WordFence (this is an excellent security plugin and if it is working OK on your site, I recommend you keep using WordFence instead).
  • WP-Secure
  • WP-Copy Protect

What security plugin(s) do you use?


Leave a comment

Your email address will not be published. Required fields are marked *

24 thoughts on “All in One WP Security & Firewall Plugin for WordPress

  • Alex

    Excellent video. I have experimented with this in the past and so far get a security score of around 230. If I try to beat that I get locked out or break the blog! I have not tried the db prefix or the secret word! It’s very useful hearing you discuss the options as you go!

        • Andy Williams Post author

          Hi Billy
          Sorry to hear you’re having problems.
          Since I don’t know what you set up in the plugin, it is difficult to know what went wrong. Did you setup the special keyword? If so, then you have to login via the special link they gave you.
          If you are doing that, and still having problems getting in, then you may need to reset your htaccess file and possible wp-config.php. Did you take backups of those? You can contact me via email and I’ll help you one on one if necessary.

          • Billy Roberts

            I have no idea of what I did. My .htaccess quit working. I uploaded another and the site works. I ftp’ed in to my site and deleted the plugin. I then logged into my site and reinstalled the plugin. It’s working great now. I will watch your video a few more times before I get to crazy with the settings. My security is now 230.

  • Marshall

    I have tried this plugin and many other security plugins and don’t think any beat bullet proof security for complete security.

  • Maurice

    Hi Andy

    Coincidentally, in addition to receiving your email I also received an email today promoting a security plugin called ‘WP Site Guardian’ at wpsiteguardian.com which looks quite interesting.

    Have you any experience of using this plug-in?

    • Andy Williams Post author

      Hi Maurice
      I think I got the same email. They tell you that all other security plugins suck at protection and show you a video of how easy it is to hack a site, then sell you their security plugin. I haven’t seen that one in action, but I can tell you that I have used a commercial plugin (that I bought resale rights to) for the last 7 or 8 years and never had a site hacked that used it. That plugin did just ONE of the protection methods offered by the one in my video, and it’s free! The All in one plugin I show in the video is also one that has been around a while, and has a large userbase. That’s something that is important with security plugins.
      Cheers
      Andy

      • Maurice

        Yep – highlight the problems with all the competition then offer them your solution!!

        Thanks for your input Andy, after all free is a big incentive in addition to doing the job effectively.

  • Linda Peppin

    Another great video Andy. I have stopped using the same plugins you were using and have activated this on one site instead, all seems well so far at 330. I’ll give it a couple of days then use the Export / Import facility to update my other sites.

    The plugin is very easy to navigate and the help sections are good too.

    I have to change my db prefix on one of the sites but I’m a but worried. Have you done a db prefix change via the tool yet?

    • Andy Williams Post author

      Yes Linda, I have changed the prefix on a few older sites and everything went smoothly. It sounds like a major task but it really isn’t. However, backup your DB, htaccess file and wp.config.php before starting to enable security measures with this or any plugin. This plugin makes it super easy to backup those important files.

      • Linda Peppin

        Thanks Andy.

        I’ve actually stopped using this plugin now.

        I installed it without any issues on one website then I used the export facility and import the settings to another website and it broke! I deleted the plugin and restored everything from my backup then loaded the plugin again and went through the process manually but it still caused a problem so I am not going to install on my other websites. I suppose I could work through each step to see what is causing it to break but having to reinstall all files each time isn’t fun so I’ve decided to give it a miss.

  • John.N

    Hi Andy –

    Thanks for the great and detailed step by step video!

    “… That plugin did just ONE of the protection methods offered by the one in my video, and it’s free!”
    I am not completely clear which plugin it is that used only ONE of the protection methods? Was it the commercial one you bought reseller rights to and have used for the last 7/8 years?

    John

  • Jason

    Andy how does all in one compete with iThemes Security?

    I have this protecting all my sites. Have you used iThemes Security and if so why are you now using all in one?

    • Andy Williams Post author

      No idea other than this one is free. I would say though that I’d prefer to trust my site security to an established suite of tools like the all in one plugin, rather than a tool that was released less than a month ago by the look of the date the domain was registered.

  • Jay

    Thanks for the info Andy. Very helpful! This plugin puts the Kabash on any avg hacker. Nothing is 100% except close is ip blocking, if you have a local site or just something that is directed at one country block the rest out. It saves on bandwidth and reduces the hassle. But from what I see you can slow the majority of them down with this nice plugin. Got my scores up to 330-340 and I did use the Db prefix without any problems. (always backup first) Thanks so much for pointing it out.

  • Sarah

    Thank you so much Andy for this tutorial. It was really easy to follow, especially for a novice like me and I now feel much happier about the security of my site.

  • damjuste

    Hello, I install the plugin in november 2016. And at the beginning of december, I hat :

    a lot of 500
    Admin Block with “Forbidden” because of a tentative of intrusion. So intrusion, … and after it is my admin login that is blocked ???
    No more received my email … this was very penalised

    Fortunatly, I have an old htacces saved . I was able to unlock the situation by reconnecting. I destroyed all the plugin settings, which restored the situation on my mail already. I set everything up again without activating the firewall … which seems to be a problem.

    Also the score is 140

    Regards,
    Damien