If you’re worried about the security of your WordPress websites and your computer while accessing the Internet, now is the time to set up a firewall. By adding a firewall, you can protect your website from spambots, viruses, and other security threats.
There are plenty of WordPress plugins to help you set up a firewall. If you go to your WordPress Dashboard >> Plugins >> Add New, you can do a search of WordPress firewall plugins.
One particular plugin that we like is the All in One WP Security & Firewall plugin.
This comprehensive, easy-to-use, and well-supported security plugin helps reduce security risk by checking for vulnerabilities, and implements the latest recommended WordPress security techniques and practices.
To install the plugin, simply click on Install Now, and then Activate Plugin.
To edit the plugin, click on the green shield icon found on the left-hand side of the screen, where a drop-down menu will appear. Click on Dashboard.
From here, you’ll be able to see a security strength meter gauge. This will keep you informed of how secure your website is based on how many of the available security features you’ve applied to your website.
If you’re just getting started, you’ll notice that all the current status of the critical features are turned off. Activating them will help you achieve a minimal acceptable level of security.
Turning them on will tell you exactly what they can do. Admin Username will want you to change your username if your username is ‘Admin’. Login Lockdown allows you to lock down the login area to prevent brute force login attacks. You can specify the number of login attempts that you want until you lock somebody out. File Permission locks down specific files (I recommend you activate this once you’ve edited the whole site and you know you’re not going to edit any specific files).
With the Basic Firewall feature, you can apply firewall rules progressively without breaking your WordPress website’s functionality. These firewall rules will stop malicious script(s) before it reaches the WordPress code on your site.
The firewall rules are categorized into basic, intermediate and advanced.
With the Brute Force Login Attack Prevention feature, you can instantly block brute force login attacks via the plugin’s special cookie-based brute force login prevention feature. This particular firewall functionality will block all login attempts from people and bots.
Here, you can add a simple math CAPTHA to the login form, hide the admin login page by renaming your login page URL, and you can use Login Honeypot to reduce brute force login attempts by bots.
The All in One WP Security & Firewall plugin offers a lot of security features. Take note, however, that this is not an antivirus software. Its main purpose is to block people and bots out that don’t need to be in your site.