Site Security

Characteristics

• SECURITY OF USER ACCOUNTS
  We will detect if there is a user account that has the default username “admin” and change the username to a value of your choice.
  We will also detect if you have WordPress user accounts that have identical login and display names. Having accounts where the display name is identical to the login name is bad security practice, so you make it 50% easier for hackers because they already know your login name.
  Password strength tool that allows you to create very strong passwords.
  Stop user enumeration so users/bots can't discover user information via author permalink.
• USER LOGIN SECURITY
  Protect yourself from “ Brute ForceAttack” with the Login Lockdown feature. Users with a specific IP address or range will be locked out of the system for a predetermined amount of time based on configuration settings, and you can also choose to be notified by email whenever someone is locked out due to too many login attempts.
  As an administrator, you can see a list of all blocked users displayed in an easy-to-read and navigable table, which also allows you to unblock individual or bulk IP addresses with the click of a button.
  Force logout of all users after a configurable period of time.
  Monitor/View failed login attempts showing the user's IP address, user ID/username and date/time of the failed login attempt.
  Monitor/View account activity of all user accounts on your system by tracking username, IP address, login date/time and logout date/time.
  Ability to automatically lock IP address ranges that attempt to connect with an invalid username.
  Ability to see a list of all users currently logged into your site.
  Allows you to specify one or more IP addresses in a special whitelist. Whitelisted IP addresses will have access to your WP login page.
  We will add Google reCaptcha or simple maths captcha to WordPress login form.
  We will add Google reCaptcha or simple math captcha to WP login forgot password form.
• USER REGISTRATION SECURITY
  We will enable manual approval of WordPress user accounts. If your site allows users to create their own accounts through the WordPress registration form, then you can minimize SPAM or bogus registrations by manually approving each registration.
  Ability to add Google reCaptcha or simple math captcha to WordPress user registration page to protect you from spam user registration.
  Ability to add Honeypot to WordPress user registration form to reduce bot registration attempts.
• DATABASE SECURITY
  We'll set the default wp_ database prefix to a value of your choice with the click of a button.
  We'll automatically schedule backups and email alerts, or create an instant database backup whenever you want with one click.
• FILE SYSTEM SECURITY
  We will identify files or folders that have unsafe permission settings and set the permissions to the recommended safe values with the click of a button.
  We will protect your PHP code and disable file editing from your WordPress admin area.
  Easily view and monitor all host system logs from one menu page and stay up to date on any problems or issues that occur on your server so you can quickly address them.
  Prevent users from accessing your WordPress site's readme.html, license.txt and wp-config-sample.php files.
  HTACCESS AND WP-CONFIG.PHP FILE COPY AND RESTORE
  Easily backup your original .htaccess and wp-config.php files in case you need to use them to restore broken functionality.
  Modify the contents of active .htaccess or wp-config.php files from the admin control panel with just a few clicks.
• OPTION TO CREATE A BLACKLIST
  Block users by specifying IP addresses or use a wildcard to specify IP ranges.
  Block users by specifying user agents
• FIREWALL
  Enable firewall on your website via htaccess file. An htaccess file is processed by your web server before any other code on your website.
  So these firewall rules will stop malicious scripts before they have a chance to reach the WordPress code on your site.
  Install access control.
  Instantly enable a choice of firewall settings ranging from basic, intermediate and advanced.
  Enable the famous “6G Blacklist” firewall rules courtesy of Perishable Press.
  Prohibition on posting of proxy comments.
  Block access to the debug log.
  Disable tracking and monitoring.
  Reject bad or malicious query strings.
  Protect yourself from Cross Site Scripting (XSS) by enabling the integrated advanced character string filter, or malicious bots that do not have a special cookie in their browser. You (the website administrator) will know how to set this special cookie and will be able to log in to your website.
  WordPress PingBack Vulnerability Protection Feature. This firewall feature allows the user to deny access to the xmlrpc.php file in order to protect against certain vulnerabilities in the pingback function. This is also useful to prevent bots from constantly accessing the xmlrpc.php file and wasting your server resource.
  Ability to block fake Googlebots from crawling your site.
  Ability to prevent image hotlinking. Use it to prevent others from creating hotlinks to your images.
  Ability to log all 404 events on your website. You can also choose to automatically block IP addresses that hit too many 404s.
  Ability to add custom rules to block access to various resources of your site.
• PREVENTING BRUTE FORCE CONNECTION ATTACKS
  Instant blocking from login attacks BRUTE FORCE  through a special cookie-based Brute Force Login Prevention feature. This firewall feature will block all login attempts by humans and bots.
  Ability to add a simple mathematical captcha to the WordPress login form to combat brute force login attacks.
  Ability to hide admin login page. Rename your WordPress login page URL so that bots and hackers cannot access your real WordPress login URL. This feature allows you to change the default login page (wp-login.php) to something you configure.
  Ability to use Login Honeypot to help reduce bot login attempts.
• SECURITY SCANNER
  The file change detection scanner can alert you if files have changed on your WordPress system. You can then investigate and see if this was a legitimate change or if bad code was introduced.
• COMMENT SPAM SAFETY
  Track the most active IP addresses that persistently generate the most SPAM comments and block them instantly with the click of a button.
  Prevent comments from being submitted if they are not from your domain (this will reduce SPAM comments being posted on your site).
  Adding a captcha to the wordpress comment form to add security against comment spam.
  Automatic and permanent blocking of IP addresses that have exceeded a certain number of comments marked as SPAM.
• FRONT-END COPY TEXT PROTECTION
  Ability to disable right click, text selection and copy selection for your site.
• ADDITIONAL FEATURES
  Ability to remove meta information generated by WordPress from your site's HTML source.
  Ability to remove WordPress version information from your site's included JS and CSS file.
  Ability to prevent people from accessing readme.html, license.txt and wp-config-sample.php files.
  Ability to temporarily lock your website interface from general visitors while doing various support tasks (investigating security attacks, performing site upgrades, maintenance work, etc.)
  export/import security settings.
  Prevent other sites from displaying your content via a box or iframe.