7!CZ Z- Z ;Z"IZlZ {ZZ0Z.Z[U[[[s[[[[D[" \-\6E\E|\ \\]`]!I^Fk^^;_T ` _`m`C```` aa7aVa~a|cbbc:d2Sd2d\dLedceEeOfe^fbf'ggBZh?hhi6:jsqjjXkll-mmmm%m+!nMnjnnzooooo op^pqpUpLq9qr\r.zr-rr3risCs)s:s/tEt`t;Au}uuvww3w wwxxyy!yy(yz%z;zQzfzzzzz zzzz {${~{W||| }(}G}g}}}}$} }}(} ~!~A~pZ~ ~~KV{_^3V !2I]fmxԇyMLj^KlLcrNdG&knkڌtFr4.=cv2KKyHOF5:|X>jO7\OOUEy;AIDAKwҕkJj^!DJŗp^XQ9]10+L'x-RΚ !BxFrfN PoKA FN ͞!)Ɵ# ";'KshcIW-բ&6,]ۣ"  G*r 9C+U ĥӥۥ&=!4Rf* ħLd S˩&{&-ɬ  #$H'f%+" $:(_.#׮$#=(a/ѯ 1$Ot$$հ" (,Ur $ű+4HcvVin,60c%-ӵ8 0Y[FM-{08iou=fBɺ,޺ )o %2%I o}T ! .<L] s} ν <;  0'X_L%6Q%ee t. * 4SgMFgI< d 7 NQ[]# $/ Ta wQXAeKR}(E paq  m> N\x$/>\,l# # %6PN"  !"2Pc& 8 7-3ae[q]n&CySrw 2*=];A<8V@@G<Y3-2C+/o8/,+5,a6j0?O/nC9@J^(  .:?HWi  =*E2p3"'."(Q!zjhp/ A"*0CTm1  0#Bf"|/1  +HZu''!<!Y{ (C#c4  2=Xx _ZF:GK$p~  , $2WuA`1/Xa_*)Cml   g#YRJ~:  1_  k= | &   rS@Z9Yrmek\kws6WK+,-3.a/0^W5TV]OZP36/6f[MNG30C/?.o10-,/,\._x/U 7 - 4  !!"##$g%i%tT&[&d%'Q'y'QV((:))b**+,[,v5--wS.o.i;//H0=0Q2xj2I2-3P3V4lf4o4GC55W6_7|7}7}89U9Q:r;;F<|[<p<kI=I=X=jX>>H?F@cf@R@A\A3BpB@*CkCCRD{D{kE\EDFDFyG:G|GCLH/H=H HI.ԧ6bJ0Jި])Y;<7Z4MǪ9WO66ޫOSeDsErHIFKoSfV_AH_YVVYMZ0Y.ز5=*(hs*0RϴH"Ck6BP)z ĶF_#o"· "X/=;Ƹqvt 9F"\% Ӻ$ 2 B6OVf%| üǼ !4Ga  (ATlоF* CP;c\!q(3   "?Y#x$ +%-Q!'!!! ,/,\  4G c!<Qp! NnXa<)Q6{..&;F4gLBl3H|_j8^w/+nat  $B7z    .H[ lv *>W jw({DI %$8]mk+\V ^ls~  ' knARn^:tp  w&QZ%P*o+r.rKs!n /(9 boh">Xq . KX!n  E2 E R_~%3 )962ps{$\?<h|ji 0H_r.26:<4w+19 :D2+,. 7:(r3(##*@4kr#6U:u_1f7$9\L" (3Jg~     2K1d$+4%;.a&``4$  <s"$7$Jo   q~    *-B pz  ##=a y%  0 C V  r     ! .   ' 1 J  N X h  x  !      @+ 1l * - @ }8  m + B *X x {  x"!-Y$G~NR hu, [  ,9OP.&A<o(owq$sW7e``(V4c+y\.YaZ_<` B$a%$%'( H n!@o!!!!H!Q.""<#>B#)#,#)#F$5I$8$)$)$2 %?%_%%%&%%& &J@&&i'{&(#(.((.)D))l**+~T,r,KF-J-;-i.C._.E'/m//bv0t0xN1|1D2@2^<3~3\4kw4U495~5#V6Bz7z7A88iz8U8U:9[9\9=I::B;R;y1<p<==B{>>W[?n?."@jQ@v@V3ACADA\BspBBC]CO6DDM]EiE\F4rFtFGHG^G_]HFHI<IzI6DJS{J;J0 K9z.{8g#nW,\_T7BP@K"[H1l/9 T-!%dy |knz;^"O0px5 yYW:0?o4-aL V`kq7.- w_"5 < J:Zp5Z a3Nf&g(M'j r2QJ6_+1+F?kH0vM q 6/Dt]l1)(u[&J&Xu'uhZPmm%MN$4w=CDV]REy}]6-U@D#-I{wVl)$sDx1[sE Y]<)8= {3*ov,L IR/FQ;?g=Sz2%/% shOj9X5bi r7Ei;",RO(|dSU|obnB4l>~6aWq6n<)&CT,Yd'~fG hX9F+$4 \%d U ^.Q*b~Jb*cf ^HV`5m@}*~38N tg3}o(!>pFQf;yAHL2?[Ah.Be0ti#i mrqW/v uw'!>eM{@Z7OAS S!G&x7IU "CKK <sjtP:+TXC2j1}E\er0$  MB already exists. Please enter another value. generated on is not a valid ip address format. is now active%1$s %2$d%s table name update failed%s tables had their prefix updated successfully!%s view definitions were updated successfully!%s?(Minutes) The user will be forced to log back in after this time period has elapased.. Scan was generated on....and much more..htaccess File Operations.htaccess file to restore from1 sec1) Block forbidden characters commonly used in exploitative attacks.1) Denial of Service (DoS) attacks1) Enable the checkbox.1) Protect your htaccess file by denying access to it.2) Block malicious encoded URL characters such as the ".css(" string.2) Disable the server signature.2) Enter a secret word consisting of alphanumeric characters which will be difficult to guess. This secret word will be useful whenever you need to know the special URL which you will use to access the login page (see point below).2) Hacking internal routers.3) Guard against the common patterns and specific exploits in the root portion of targeted URLs.3) Limit file upload size (10MB).3) Scanning ports in internal networks to get info from various hosts.3) You will then be provided with a special login URL. You will need to use this URL to login to your WordPress site instead of the usual login URL. NOTE: The system will deposit a special cookie in your browser which will allow you access to the WordPress administration login page.4) Protect your wp-config.php file by denying access to it.4) Stop attackers from manipulating query strings by disallowing illicit characters.404 Detection404 Detection Configuration404 Detection Feature - Delete all 404 event logs operation failed!404 Detection Options404 Event Logs404 Lockout Redirect URL5G/6G Blacklist6G Blacklist Firewall Rules6G Blacklist/Firewall SettingsACCOUNT PENDING: Your account is currently not active. An administrator needs to activate your account before you can login.Attention: Sometimes non-malicious Internet organizations might have bots which impersonate as a "Googlebot".ERROR: Access from your IP address has been blocked for security reasons. Please contact the administrator.ERROR: Cookies are blocked due to unexpected output. For help, please see this documentation or try the support forums.ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.ERROR: Enter a username or email address.ERROR: Invalid login credentials.ERROR: Invalid username or email.ERROR: The table prefix can only contain numbers, letters, and underscores.ERROR: There is no user registered with that email address.ERROR: You are not allowed to register because your IP address is currently locked!ERROR: Your answer was incorrect - please try again.Warning: Only use this feature if you know what you are doing.You have successfully updated WordPress! Please log back in to see what’s new.A 404 or Not Found error occurs when somebody tries to access a non-existent page on your website.A Brute Force Attack is when a hacker tries many combinations of usernames and passwords until they succeed in guessing the right combination.A Hotlink is where someone displays an image on their site which is actually located on your site by using a direct link to the source of the image on your server.A backup copy of your wp-config.php file was created successfully!A blocked visitor will be automatically redirected to this URL.A bot is a piece of software which runs on the Internet and performs automatic tasks. For example when Google indexes your pages it uses automatic bots to achieve this task.A comment submitted by a spambot is done by directly calling the comments.php file, which usually means that the HTTP_REFERRER value is not your domain and often times empty.A file change was detected on your system for site URLA large portion of WordPress blog comment SPAM is mainly produced by automated bots and not necessarily by humans. A legitimate comment is one which is submitted by a human who physically fills out the comment form and clicks the submit button. For such events, the HTTP_REFERRER is always set to your own domain.A lockdown event has occurred due to too many failed login attempts or invalid username:A lot of bots are legitimate and non-malicous but not all bots are good and often you will find some which try to impersonate legitimate bots such as "Googlebot" but in reality they have nohing to do with Google at all.A lot of hackers try to take advantage of this information by attempting "Brute Force Login Attacks" where they repeatedly try to guess the password by using "admin" for username.A summary of the scan results is shown below:Account Activity LogsAccount Login NameActive PluginsAdd Captcha To BBPress New Topic FormAdd Captcha To BuddyPress Registration FormAdd Captcha To Comments FormAdding a captcha field in the comment form is a simple way of greatly reducing SPAM comments from bots without using .htaccess rules.Adding a captcha field in the registration form is a simple way of greatly reducing SPAM signups from bots without using .htaccess rules.Additional Firewall ProtectionAdditional Firewall RulesAdmin User SecurityAdmin UsernameAdvancedAdvanced Character String FilterAdvanced SettingsAfter clicking the above link you will be able to login to the WordPress administration panel.After selecting your file click the button below to restore your site using the backed up wp-config file (wp-config.php.backup.txt).After selecting your file, click the button below to apply the settings to your site.After selecting your file, click the button below to restore your site using the backed up htaccess file (htaccess_backup.txt).All 404 event logs were deleted from the DB successfully!All In One WP SecurityAll In One WP Security & Firewall has detected that there was a change in your host's files.All In One WP Security - File change detected!All In One WP Security - Site Database BackupAll Time Total: All firewall rules have been disabled successfully!All other bots from other organizations such as "Yahoo", "Bing" etc will not be affected by this feature.All records from the Failed Logins table were deleted successfully!All round best WordPress security plugin!All the security features have been disabled successfully!Allow Unlock RequestsAlthough most of the bots out there are relatively harmless sometimes website owners want to have more control over which bots they allow into their site.An effective Brute Force prevention technique is to change the default WordPress login page URL.An email has been sent to you with the unlock instructions.Any person trying to access your login page who does not have the special cookie in their browser will be automatically blocked.Apart from choosing strong passwords, monitoring and blocking IP addresses which are involved in repeated login failures in a short period of time is a very effective way to stop these types of attacks.Apart from the security protection benefit, this feature may also help reduce load on your server, particularly if your site currently has a lot of unwanted traffic hitting the XML-RPC API on your installation.ApplyApprove Registered UsersAttached is your latest DB backup file for site URLAttention!Attention: If in addition to enabling the white list feature, you also have one of the %s or %s features enabled, you will still need to use your secret word or special slug in the URL when trying to access your WordPress login page.Attention: You have enabled the "Completely Block Access To XMLRPC" checkbox which means all XMLRPC functionality will be blocked.Auto Block SPAMMER IPsAutomated Scheduled BackupsAutomatic Daily Scan of 1 WebsiteAutomatic Email AlertingAutomatic Malware & Blacklist MonitoringBBPress SPAM SettingsBackup .htaccess FileBackup .htaccess fileBackup Time IntervalBackup wp-config.php FileBackup wp-config.php fileBackup your databaseBad Query StringsBan IPs or User AgentsBan UsersBasicBasic FirewallBasic Firewall RulesBasic Firewall SettingsBefore using this feature you are required to perform a cookie test first. This is to make sure that your browser cookie is working correctly and that you won't lock yourself out.Being informed of any changes in your files can be a good way to quickly prevent a hacker from causing damage to your website.Below is the current status of the critical features that you should activate on your site to achieve a minimum level of recommended securityBlacklist ManagerBlacklist RemovalBlock Access to Debug Log FileBlock Access to debug.log FileBlock Accesss to Debug Log FileBlock Fake GooglebotsBlock Spambot CommentsBlock SpambotsBlock Spambots From Posting CommentsBrute ForceBrute Force Login AttackBrute Force Prevention Firewall SettingsBuddyPressBuddyPress Registration CaptchaBuddyPress SPAM SettingsBuddyPress is not active! In order to use this feature you will need to have BuddyPress installed and activated.Bulk ActionsBy allowing/blocking IP addresses via the .htaccess file your are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page.By blocking people via the .htaccess file your are using the most secure first line of defence which denies all access to blacklisted visitors as soon as they hit your hosting server.By default the nickname is set to the login (or user) name of your account.By default this plugin uses the $_SERVER['REMOTE_ADDR'] variable to retrieve the visitor IP address. This should normally be the most accurate safest way to get the IP.By default, WordPress sets the administrator username to "admin" at installation time.By default, an Apache server will allow the listing of the contents of a directory if it doesn't contain an index.php file.By doing this, malicious bots and hackers will not be able to access your login page because they will not know the correct login page URL.By enabling this checkbox the plugin will add the necessary rules and exceptions to your .htacces file so that AJAX operations will work as expected.By enabling this checkbox the plugin will add the necessary rules and exceptions to your .htacces file so that people trying to access these pages are not automatically blocked.By forbidding proxy comments you are in effect eliminating some SPAM and other proxy requests.By inspecting the IP address data coming from spammers you will be in a better position to determine which addresses or address ranges you should block by adding them to the permanent block list.By leaving this feature enabled you will prevent Jetpack or Wordpress iOS or other apps which need XMLRPC from working correctly on your site.By occassionally viewing the contents of these logs files you can keep informed of any underlying problems on your system which you might need to address.By preventing access to these files you are hiding some key pieces of information (such as WordPress version info) from potential hackers.Change Admin UsernameChange DB PrefixChange Database PrefixChange Display NameChange UsernameCheck this box if you want this plugin to automatically block IP addresses which submit SPAM comments.Check this if you are not using the WP XML-RPC functionality and you want to completely block external access to XMLRPC.Check this if you are using the native WordPress password protection feature for some or all of your blog posts or pages.Check this if you want all visitors except those who are logged in as administrator to be locked out of the front-end of your site.Check this if you want the plugin to generate a random 6 character string for the table prefixCheck this if you want the system to automatically generate backups periodically based on the settings belowCheck this if you want the system to automatically/periodically scan your files to check for file changes based on the settings belowCheck this if you want the system to email you if a file change was detectedCheck this if you want the system to email you the backup file after a DB backup has been performedCheck this if you want to allow users to generate an automated unlock request link which will unlock their accountCheck this if you want to apply a firewall rule which will block comments originating from spambots.Check this if you want to apply basic firewall protection to your site.Check this if you want to apply the 5G Blacklist firewall protection from perishablepress.com to your site.Check this if you want to apply the 6G Blacklist firewall protection from perishablepress.com to your site.Check this if you want to automatically disable all newly registered accounts so that you can approve them manually.Check this if you want to block access to the debug.log file that WordPress creates when debug logging is enabled.Check this if you want to block all fake Googlebots.Check this if you want to disable directory and file listing.Check this if you want to disable the "Right Click", "Text Selection" and "Copy" option on the front end of your site.Check this if you want to disable trace and track.Check this if you want to enable custom rules entered in the text box belowCheck this if you want to enable debug. You should keep this option disabled after you have finished debugging the issue.Check this if you want to enable the banning (or blacklisting) of selected IP addresses and/or user agents specified in the settings belowCheck this if you want to enable the honeypot feature for the login pageCheck this if you want to enable the honeypot feature for the registration pageCheck this if you want to enable the lockout of selected IP addresses.Check this if you want to enable the logging of 404 eventsCheck this if you want to enable the login lockdown feature and apply the settings belowCheck this if you want to enable the rename login page featureCheck this if you want to enable the whitelisting of selected IP addresses specified in the settings belowCheck this if you want to forbid proxy comment posting.Check this if you want to force a wp user to be logged out after a configured amount of timeCheck this if you want to insert a captcha field on the BBPress new topic formsCheck this if you want to insert a captcha field on the BuddyPress registration formsCheck this if you want to insert a captcha field on the comment formsCheck this if you want to insert a captcha form on the WordPress user registration page (if you allow user registration).Check this if you want to insert a captcha form on the login pageCheck this if you want to insert a captcha form on the lost password pageCheck this if you want to insert captcha on a Woocommerce login formCheck this if you want to insert captcha on a Woocommerce registration formCheck this if you want to insert captcha on a custom login form generated by the following WP function: wp_login_form()Check this if you want to instantly lockout login attempts with usernames which do not exist on your systemCheck this if you want to place your custom rules at the beginning of all the rules applied by this pluginCheck this if you want to prevent access to readme.html, license.txt and wp-config-sample.php.Check this if you want to prevent hotlinking to images on your site.Check this if you want to protect your login page from Brute Force Attack.Check this if you want to receive an email when someone has been locked out due to maximum failed login attemptsCheck this if you want to remove the ability for people to edit PHP files via the WP dashboardCheck this if you want to remove the version and meta info produced by WP from all pagesCheck this if you want to show a generic error message when a login attempt failsCheck this if you want to stop other sites from displaying your content in a frame or iframe.Check this if you want to stop users enumeration.Check this if your site uses AJAX functionality.Check your email for the confirmation link.Check your email for your new password.Checking for MySQL tables of type "view".....Choose a $_SERVER variable you would like to retrieve the visitor IP address from.Choose a new username for admin.Choose a secret word consisting of alphanumeric characters which you can use to access your special URL. Your are highly encouraged to choose a word which will be difficult to guess.Choose your own DB prefix by specifying a string which contains letters and/or numbers and/or underscores. Example: xyz_Click on the link to edit the settings of that particular user accountClick the button below to backup and download the contents of the currently active wp-config.php file.Click the button below to backup and save the currently active .htaccess file.Click the button below to view the saved file change results from the last scan.Click this button if you wish to delete all failed login records in one go.Click this button if you wish to download this log in CSV format.Click this button if you wish to purge all 404 event logs from the DB.Comment CaptchaComment SPAMComment SPAM IP MonitoringComment SPAM SettingsComments are usually labelled as SPAM either by the Akismet plugin or manually by the WP administrator when they mark a comment as "spam" from the WordPress Comments menu.Completely Block Access To XMLRPCConfirm new passwordCookie Based Brute Force Login PreventionCookie Based Brute Force PreventionCookie DomainCookie-Based Brute ForceCopy ProtectionCopy Protection feature settings saved!Copy/Paste Import DataCould not delete the Cookie-based directives from the .htaccess file. Please check the file permissions.Could not process the request because the IP addresses for the selected entries could not be found!Could not write to the .htaccess file. Please check the file permissions.Could not write to the .htaccess file. Please restore your .htaccess file manually using the restore functionality in the ".htaccess File".Could not write to the wp-config.php. Please restore your wp-config.php file manually using the restore functionality in the "wp-config.php File".Create DB Backup NowCritical Feature StatusCurrent DB Table PrefixCurrent PermissionsCurrent Score of Your Site: Currently Locked Out IP Address RangesCurrently Locked Out IP Addresses and RangesCurrently Logged In UsersCustom .htaccess RulesCustom .htaccess Rules SettingsCustom Login CaptchaCustom Login Form Captcha SettingsCustom RulesDB BackupDB Backup failed. Please check the permissions of the backup directory.DB Backup was successfully completed! You will receive the backup file via email if you have enabled "Send Backup File Via Email", otherwise you can retrieve it via FTP from the following directory:DB PrefixDB Prefix OptionsDB prefix change tasks have been completed.DashboardDatabase SecurityDateDaysDebug File Write PermissionsDebug SettingsDefaultDelete All 404 Event LogsDelete All Failed Login RecordsDeny Bad QueriesDeny Bad Query StringsDepending on the nature and cause of the error or warning, your hosting server can create multiple instances of this file in numerous directory locations of your WordPress installation.Disable Ability To Edit PHP FilesDisable All Firewall RulesDisable All Security FeaturesDisable Index ViewsDisable PHP File EditingDisable Pingback Functionality From XMLRPCDisable Security FeaturesDisable The Ability To Copy TextDisable Trace and TrackDisable Users EnumerationDisabling trace and track on your site will help prevent HTTP Trace attacks.Display Generic Error MessageDisplay NameDisplay Name SecurityDisplaying results for IP addresses which have posted a minimum of %s SPAM commentsDue to the constantly changing and complex nature of Malware, scanning for such things using a standalone plugin will not work reliably. This is something best done via an external scan of your site regularly.Due to the fact that at any one time there may be many concurrent login attempts occurring on your site via malicious automated robots, this also has a negative impact on your server's memory and performance.Due to the fact that the image being displayed on the other person's site is coming from your server, this can cause leaking of bandwidth and resources for you because your server has to present this image for the people viewing it on someone elses's site.Due to the nature of the code being inserted to the .htaccess file, this feature may break some functionality for certain plugins and you are therefore advised to take a %s of .htaccess before applying this configuration.ERROR: Unable to process your request!Each IP address must be on a new line.Each user agent string must be on a new line.EmailEmail AddressEnable 404 Event LoggingEnable 404 IP Detection and LockoutEnable 6G Firewall ProtectionEnable Advanced Character String FilterEnable Auto Block of SPAM Comment IPsEnable Automated File Change Detection ScanEnable Automated Scheduled BackupsEnable Basic FirewallEnable Basic Firewall ProtectionEnable Brute Force Attack PreventionEnable Captcha On BBPress New Topic FormEnable Captcha On BuddyPress Registration FormEnable Captcha On Comment FormsEnable Captcha On Custom Login FormEnable Captcha On Login PageEnable Captcha On Lost Password PageEnable Captcha On Registration PageEnable Captcha On Woocommerce Login FormEnable Captcha On Woocommerce Registration FormEnable Copy ProtectionEnable Custom .htaccess RulesEnable DebugEnable Force WP User LogoutEnable Front-end LockoutEnable Honeypot On Login PageEnable Honeypot On Registration PageEnable IP WhitelistingEnable IP blocking for 404 detectionEnable IP or User Agent BlacklistingEnable Login HoneypotEnable Login Lockdown FeatureEnable Login Lockdown IP WhitelistEnable Pingback Vulnerability ProtectionEnable Registration HoneypotEnable Rename Login PageEnable Rename Login Page FeatureEnable iFrame ProtectionEnable legacy 5G Firewall ProtectionEnable manual approval of new registrationsEnter Custom .htaccess Rules:Enter IP Addresses:Enter System Log File NameEnter User Agents:Enter Whitelisted IP Addresses:Enter a Message:Enter a message you wish to display to visitors when your site is in maintenance mode.Enter an email addressEnter each file or directory on a new line which you wish to exclude from the file change detection scan.Enter each file type or extension on a new line which you wish to exclude from the file change detection scan.Enter one or more IP addresses or IP ranges you wish to include in your whitelist. Only the addresses specified here will have access to the WordPress login page.Enter one or more IP addresses or IP ranges you wish to include in your whitelist. The addresses specified here will never be blocked by the login lockdown feature.Enter one or more IP addresses or IP ranges.Enter one or more email addresses on a new line.Enter one or more user agent strings.Enter something special:Enter your custom .htaccess rules/directives.Enter your new password below.Enter your system log file name. (Defaults to error_log)Error - Could not get tables or no tables found!Error updating user_meta table where new meta_key = %s, old meta_key = %s and user_id = %s.Error: No locked entry was found in the DB with your IP address range!Error: You entered an incorrect CAPTCHA answer. Please go back and try again.Even though this feature should not have any impact on your site's general functionality you are strongly encouraged to take a %s of your .htaccess file before proceeding.Example 1 - A single user agent string to block:Example 1: 195.47.89.*Example 1: Setting this value to "0" or "1" will list ALL IP addresses which were used to submit SPAM comments.Example 1: Setting this value to "1" will block ALL IP addresses which were used to submit at least one SPAM comment.Example 2 - A list of more than 1 user agent strings to blockExample 2: 195.47.*.*Example 2: Setting this value to "5" will block only those IP addresses which were used to submit 5 SPAM comments or more on your site.Example 2: Setting this value to "5" will list only those IP addresses which were used to submit 5 SPAM comments or more on your site.Example 3: 195.*.*.*Example 4: 4102:0:3ea6:79fd:b:46f8:230f:bb05Example 5: 2205:0:1ca2:810d::Example: If you want the scanner to ignore certain files in different directories or whole directories, then you would enter the following:Example: If you want the scanner to ignore files of type jpg, png, and bmp, then you would enter the following:Excerpt ViewExport AIOWPS SettingsExport or Import Your AIOWPS SettingsExport to CSVFailed Login RecordsFailed to make a backup of the wp-config.php file. This operation will not go ahead.FileFile Change DetectionFile Change Detection SettingsFile EditingFile ModifiedFile PermissionFile PermissionsFile Permissions ScanFile SizeFile Types To IgnoreFile/FolderFiles/Directories To IgnoreFilesystem SecurityFind IP AddressesFirewallFirewall SettingsFollow usFor Example: If a settings item relies on the domain URL then it may not work correctly when imported into a site with a different domain.For information, updates and documentation, please visit theForbid Proxy Comment PostingForbid Proxy CommentsForce LogoutForce User Logout OptionsFrame Display Prevention feature settings saved!FramesFrom a security perspective, changing the default "admin" user name is one of the first and smartest things you should do on your site.From a security perspective, leaving your nickname the same as your user name is bad practice because it gives a hacker at least half of your account's login credentials.From now on you will need to log into your WP Admin using the following URL:General SettingsGeneral Visitor LockoutGenerate New DB Table PrefixGet New PasswordGet To Know The DevelopersGo through each menu items and enable the security options to add more security to your site. Start by activating the basic features first.Go to the %s menu to see more detailsGooglebots have a unique indentity which cannot easily be forged and this feature will indentify any fake Google bots and block them from reading your site's pages.HTTP Trace attack (XST) can be used to return header requests and grab cookies and other information.Hackers can exploit various vulnerabilities in the WordPress XML-RPC API in a number of ways such as:Helpful Tip:HoneypotHost System LogsHoursHowever in some setups such as those using proxies, load-balancers and CloudFlare, it may be necessary to use a different $_SERVER variable.However, in some cases you may find many repeated 404 errors which occur in a relatively short space of time and from the same IP address which are all attempting to access a variety of non-existent page URLs.However, sometimes people or other plugins modify the various permission settings of certain core WP folders or files such that they end up making their site less secure because they chose the wrong permission values.IPIP Address:IP Hosts and User Agent Blacklist SettingsIP Range:IP Retrieval SettingsIP and User Agent BlacklistingIf given an opportunity hackers can insert their code or files into your system which they can then use to carry out malicious acts on your site.If the bot fails the checks then the plugin will mark it as being a fake Googlebot and it will block itIf the maximum number of failed login attempts for a particular IP address occur within this time period the plugin will lock out that addressIf this feature is not used correctly, you can get locked out of your site. A backed up .htaccess file will come in handy if that happens.If this was a mistake, just ignore this email and nothing will happen.If you break your site you will need to access your server via FTP or something similar and then edit your .htaccess file and delete the changes you made.If you do not use the WordPress password protection feature for your posts or pages then it is highly recommended that you leave this checkbox disabled.If you still need XMLRPC then uncheck the "Completely Block Access To XMLRPC" checkbox and enable only the "Disable Pingback Functionality From XMLRPC" checkbox.If you suspect there is a user or users who are logged in which should not be, you can block them by inspecting the IP addresses from the data below and adding them to your blacklist.If you think that some plugin functionality on your site is broken due to a security feature you enabled in this plugin, then use the following option to turn off all the security features of this plugin.If you use Jetpack or WP iOS or other apps which need WP XML-RPC functionality then check this. This will enable protection against WordPress pingback vulnerabilities.If you want to temporarily block or blacklist an IP address, simply click the "Temp Block" or "Blacklist IP" link for the applicable IP entry in the "404 Event Logs" table below.If your chosen server variable fails the plugin will automatically fall back to retrieving the IP address from $_SERVER["REMOTE_ADDR"]If your site allows people to create their own accounts via the WordPress registration form, then you can minimize SPAM or bogus registrations by manually approving each registration.Import AIOWPS SettingsImport FileImport/ExportIn general, WordPress core and plugin files and file types such as ".php" or ".js" should not change often and when they do, it is important that you are made aware when a change occurs and which file was affected.In other words, if the comment was not submitted by a human who physically submitted the comment on your site, the request will be blocked.In the cases where you are protecting some of your posts or pages using the in-built WordPress password protection feature, a few extra lines of directives and exceptions need to be added to your .htacces file so that people trying to access pages are not automatically blocked.In the cases where your WordPress installation has a theme or plugins which use AJAX, a few extra lines of directives and exceptions need to be added to your .htacces file to prevent AJAX requests from being automatically blocked by the brute force prevention feature.Incorrect .htaccess rules or directives can break or prevent access to your site.Insert one username per line. Existing usernames are not blocked even if present in the list.Instantly Lockout Invalid UsernamesInstantly Lockout Specific UsernamesIntermediateInternet Bot SettingsInternet BotsIt is a good practice to take a backup of your .htaccess file, database and wp-config.php file before activating the security features. This plugin has options that you can use to backup those resources easily.It is important that you save this URL value somewhere in case you forget it, OR,It is recommended that you perform a %s before using this featureIt is useful for when you want to tweak our existing firewall rules or when you want to add your own.It is your responsibility to ensure that you are entering the correct code!It will then perform a few tests to verify if the bot is legitimately from Google and if so it will allow the bot to proceed.It would take a desktop PC approximatelyIt's a good idea to not redirect attempted brute force login attempts to your site because it increases the load on your server.Just be aware that if you activate this feature the plugin will block all bots which use the "Googlebot" string in their User Agent information but are NOT officially from Google (irrespective whether they are malicious or not).Last 5 LoginsLast 5 logins summary:Latest File Change Scan ResultsLeave this feature disabled and use the feature below if you want pingback protection but you still need XMLRPC.Library PresentList SPAMMER IP AddressesList ViewList of Administrator AccountsListing of Directory ContentsLoading...Locked IP AddressesLocking your site down to general visitors can be useful if you are investigating some issues on your site or perhaps you might be doing some maintenance and wish to keep out all traffic for security reasons.Log InLog inLog into your site's WordPress administration panel to see the duration of the lockout or to unlock the user.Logged In UsersLogin CaptchaLogin Form Captcha SettingsLogin Form Honeypot SettingsLogin IP Whitelist SettingsLogin IP WhitelistingLogin LockdownLogin Lockdown ConfigurationLogin Lockdown IP Whitelist SettingsLogin Lockdown OptionsLogin Page URLLogin Retry Time Period (min)Login WhitelistLogin to your site to view the scan details.Logout the WP User After XX MinutesLost PasswordLost Password CaptchaLost Password Form Captcha SettingsLost your password?MaintenanceMaintenance ModeMaintenance Mode StatusMaintenance mode is currently enabled. Remember to turn it off when you are doneMaintenance mode is currently off.Malware ScanManual ApprovalManual BackupManual File Change Detection ScanManually Approve New RegistrationsMany people fall into the trap of using a simple word or series of numbers as their password. Such a predictable and simple password would take a competent hacker merely minutes to guess your password by using a simple script which cycles through the easy and most common combinations.Max Login AttemptsMinimum number of SPAM commentsMinimum number of SPAM comments per IPMiscellaneousModify Accounts With Identical Login Name & Display NameMore InfoMy Site Has Posts Or Pages Which Are Password ProtectedMy Site Has a Theme or Plugins Which Use AJAXN/ANEW SCAN COMPLETED: The plugin has detected that you have made changes to the "File Types To Ignore" or "Files To Ignore" fields. In order to ensure that future scan results are accurate, the old scan data has been refreshed.NOTE: Before importing, it is your responsibility to know what settings you are trying to import. Importing settings blindly can cause you to be locked out of your site.NOTE: If you already had the Cookie-Based Brute Force Prevention feature active, the plugin has automatically deactivated it because only one of these features can be active at any one time.NOTE: If you already had the Rename Login Page feature active, the plugin has automatically deactivated it because only one of these features can be active at any one time.NOTE: If you are currently logged in as "admin" you will be automatically logged out after changing your username and will be required to log back in.NOTE: If you are hosting your site on WPEngine or a provider which performs server caching, you will need to ask the host support people to NOT cache your renamed login page.NOTE: If you use Jetpack or the Wordpress iOS or other apps then you should enable this feature but leave the "Completely Block Access To XMLRPC" checkbox unchecked.NOTE: In order for this feature to work "AllowOverride" of the Indexes directive must be enabled in your httpd.conf file. Ask your hosting provider to check this if you don't have access to httpd.confNOTE: Some of these strings might be used for plugins or themes and hence this might break some functionality.NOTE: Some strings for this setting might break some functionality.NOTE: The .htaccess file was not modified because you have disabled the "Enable IP or User Agent Blacklisting" check box.NOTE: This feature does NOT use the .htaccess file to permanently block the IP addresses so it should be compatible with all web servers running WordPress.NOTE: You should only enable this feature if you are not currently using the XML-RPC functionality on your WordPress installation.NameNew Admin UsernameNew passwordNo Action RequiredNo Contract (Cancel Anytime)No action required! No action required.No data found!No items found.No system logs were found!Nonce check failed for DB prefix change operation!Nonce check failed for block IP operation of registered user!Nonce check failed for delete all 404 event logs operation!Nonce check failed for delete all failed login records operation!Nonce check failed for delete failed login record operation!Nonce check failed for delete lockdown record operation!Nonce check failed for delete registered user account operation!Nonce check failed for delete selected 404 event logs operation!Nonce check failed for delete selected account activity logs operation!Nonce check failed for delete selected blocked IP operation!Nonce check failed for force user logout operation!Nonce check failed for list SPAM comment IPs!Nonce check failed for manual DB backup operation!Nonce check failed for manual file change detection scan operation!Nonce check failed for save blacklist settings!Nonce check failed for save lockdown whitelist settings!Nonce check failed for save whitelist settings!Nonce check failed for unblock IP operation!Nonce check failed for unlock IP operation!Nonce check failed for users logged in list!Nonce check failed on admin username change operation!Normally if you wanted to login to WordPress you would type your site's home URL followed by wp-login.php.Not available.Notify By EmailNumber of Backup Files To KeepNumber of temporarily locked out IP addresses: Number of users currently logged into your site (including you) is:OROffOften when malware code has been inserted into your site you will normally not notice anything out of the ordinary based on appearances, but it can have a dramatic effect on your site's search ranking.OnOne of the ways hackers try to compromise sites is via a One way to add a layer of protection for your DB is to change the default WordPress table prefix from "wp_" to something else which will be difficult for hackers to guess.Only the "superadmin" can block IP addresses from the main site.Operation failed! Unable to modify or make a backup of wp-config.php file!Or you can enter an IPv6 address (NOTE: ranges/wildcards are currently not supported for ipv6)PHP Allow URL fopenPHP Display ErrorsPHP File EditingPHP InfoPHP Max Post SizePHP Max Script Execution TimePHP Max Upload SizePHP Memory LimitPHP Memory UsagePHP VersionPagePasswordPassword ResetPassword StrengthPassword Strength ToolPassword ToolPerform Cookie TestPerform Scan NowPermanent Block ListPermanently Blocked IP AddressesPlace custom rules at the topPlease change the prefix manually for the above tables to: %sPlease choose a .htaccess to restore from.Please choose a file to import your settings from.Please choose a wp-config.php file to restore from.Please enter a valid email addressPlease enter a value for the DB prefix.Please enter a value for your login page slug.Please enter a value for your username. Please enter an answer in digits:Please enter your email address and you will receive an email with instructions on how to unlock yourself.Please enter your username or email address. You will receive a link to create a new password via email.Please log back in to continue.Please select some records using the checkboxesPlugin URLPlugin VersionPoor password selection is one of the most common weak points of many sites and is usually the first thing a hacker will try to exploit when attempting to break into your site.Possible reason: your host may have disabled the mail() function.Powered by WordPressPrevent Access to Default WP FilesPrevent Access to WP Default Install FilesPrevent HotlinkingPrevent HotlinksPrevent Image HotlinkingPrevent Users EnumerationPrevent Your Site From Being Displayed In a FrameProxy Comment PostingRe-direct URLRecommended ActionRecommended PermissionsRedirecting a hacker or malicious bot back to "http://127.0.0.1" is ideal because it deflects them back to their own local host and puts the load on their server instead of yours.Refresh DataRefresh Logged In User DataRegisterRegister For This SiteRegistration ApprovalRegistration CaptchaRegistration FormRegistration Form Honeypot SettingsRegistration HoneypotRegistration Page Captcha SettingsRegistration complete. Please check your email.Registration confirmation will be emailed to you.Remember MeRemove WP Generator Meta InfoRemove WP Generator Meta TagRename Login PageRename Login Page SettingsRequest UnlockReset PasswordRestore .htaccess FileRestore from a backed up .htaccess fileRestore from a backed up wp-config fileRestore wp-config FileSPAM PreventionSPAMMER IP Address ResultsSave 5G/6G Firewall SettingsSave Additional Firewall SettingsSave Basic Firewall SettingsSave Copy Protection SettingsSave Custom RulesSave Debug SettingsSave Feature SettingsSave Internet Bot SettingsSave SettingSave SettingsSave Site Lockout SettingsSave the current .htaccess fileSave the current wp-config.php fileScan Complete - There were no file changes detected!Scan Time IntervalScannerScanning For MalwareSecondsSecret WordSecurity Points BreakdownSecurity Strength MeterSelect AllSend Backup File Via EmailSend Email When Change DetectedSend Unlock RequestServer NameService Temporarily UnavailableSession Save PathSet Recommended PermissionsSet the length of time for which a blocked IP address will be prevented from visiting your siteSet the length of time for which a particular IP address will be prevented from logging inSet the value for how often you would like a scan to occurSet the value for how often you would like an automated backup to occurSet the value for the maximum login retries before IP address is locked outSetting an expiry period for your WP administration session is a simple way to protect against unauthorized access to your site from your computer.SettingsSettings have not been saved - your secret word must consist only of alphanumeric characters, ie, letters and/or numbers only!Settings successfully updated.Settings were successfully savedShowing latest entries of error_log file: %sSince robots usually fill in every input field from a login form, they will also submit a value for the special hidden honeypot field.Since robots usually fill in every input field from a registration form, they will also submit a value for the special hidden honeypot field.Site InfoSite Lockout NotificationSite lockout feature settings saved!Site response time monitoringSite uptime monitoringSomeone has requested a password reset for the following account:Sometimes your hosting platform will produce error or warning logs in a file called "error_log".Spammer IPs Added To Permanent Block List Today: Specify a URL to redirect a hacker to when they try to access your WordPress login page.Specify the minimum number of SPAM comments for an IP address before it is permanently blocked.Spread the WordStart typing a password.Starting DB prefix change operations.....Strength indicatorSuch behaviour can mean that a hacker might be trying to find a particular page or URL for sinister reasons.System InfoSystem LogsTable PrefixTake note of the IP addresses you want blocked and ask the superadmin to add these to the blacklist using the "Blacklist Manager" on the main site.Thank you for using our WordPress security plugin. There are a lot of security features in this plugin.The "File Change Detection Feature" will notify you of any file change which occurs on your system, including the addition and deletion of files by performing a regular automated or manual scan of your system's files.The "wp-config.php" file was not able to be modified. Please modify this file manually using your favourite editor and search for variable "$table_prefix" and assign the following value to that variable: %sThe %s feature is currently active.The %s table records which had references to the old DB prefix were updated successfully!The .htaccess file was successfully modified to include the selected IP addresses.The 6G Blacklist is a simple, flexible blacklist that helps reduce the number of malicious URL requests that hit your website.The 6G Blacklist is updated and improved version of 5G Blacklist. If you have 5G Blacklist active, you might consider activating 6G Blacklist instead.The All In One WP Security Blacklist feature gives you the option of banning certain host IP addresses or ranges and also user agents.The All In One WP Security Whitelist feature gives you the option of only allowing certain IP addresses or ranges to have access to your WordPress login page.The DB is also a target for hackers via methods such as SQL injections and malicious and automated code which targets certain tables.The Internet bot settings were successfully savedThe URL specified here can be any site's URL and does not have to be your own. For example you can be as creative as you like and send hackers to the CIA or NSA home page.The Wordpress Dashboard by default allows administrators to edit PHP files, such as plugin and theme files.The above firewall features will be applied via your .htaccess file and should not affect your site's overall functionality.The above meta information shows which version of WordPress your site is currently running and thus can help hackers or crawlers scan your site to see if you have an older version of WordPress or one with a known exploit.The added advantage of applying the 6G firewall to your site is that it has been tested and confirmed by the people at PerishablePress.com to be an optimal and least disruptive set of .htaccess security rules for general WP sites running on an Apache server or similar.The advanced firewall rules are applied via the insertion of special code to your currently active .htaccess file.The contents of your settings file appear invalid. Please check the contents of the file you are trying to import settings from.The cookie test failed on this server. So this feature cannot be used on this site.The cookie test was successful. You can now enable this feature.The core default behaviour for WordPress Multi Site regarding user registration is that all users are registered via the main site.The database update operation of the user account failed!The deletion of the import file failed. Please delete this file manually via the media menu for security purposes because it contains security settings details.The deletion of the import file failed. Please delete this file manually via the media menu for security purposes.The email could not be sent.The feature will still allow XMLRPC functionality on your site but will disable the pingback methods.The features in this tab allow you to activate some basic firewall security protection rules for your site.The features in this tab will stop the majority of Brute Force Login Attacks at the .htaccess level thus providing even better protection for your WP login page and also reducing the load on your server because the system does not have to run PHP code to process the login attempts.The file you uploaded was also deleted for security purposes because it contains security settings details.The firewall functionality is achieved via the insertion of special code into your currently active .htaccess file.The following accounts failed to update successfully: The following address was removed because it is not a valid email address: The following files were added to your hostThe following files were added to your host.The following files were changed on your hostThe following files were changed on your host.The following files were removed from your hostThe following files were removed from your host.The information below can be handy if you need to do security investigations because it will show you the IP range, username and ID (if applicable) and the time/date of the failed login attempt.The longer and more complex your password is the harder it is for hackers to "crack" because more complex passwords require much greater computing power and time.The options table records which had references to the old DB prefix were updated successfully!The passwords do not match.The permissions for %s were succesfully changed to %sThe plugin achieves this by making appropriate modifications to your .htaccess file.The plugin achieves this by writing the appropriate directives to your .htaccess file.The plugin has detected that it cannot write to the wp-config.php file. This feature can only be used if the plugin can successfully write to the wp-config.php file.The plugin has detected that you are using a Multi-Site WordPress installation.The plugin was unable to write to the .htaccess file. Please edit file manually.The selected IP address is now temporarily blocked!The selected IP addresses are now permanently blocked!The selected IP addresses are now temporarily blocked!The selected IP addresses have been added to the blacklist and will be permanently blocked!The selected IP addresses were saved in the blacklist configuration settings.The selected IP addresses were successfully added to the permanent block list!The selected IP entries were unlocked successfully!The selected IP entry was unlocked successfully!The selected IP was successfully added to the permanent block list!The selected account was approved successfully!The selected account was deleted successfully!The selected accounts were approved successfully!The selected accounts were deleted successfully!The selected entry is not a valid IP address!The selected entry was deleted successfully!The selected record(s) deleted successfully!The selected user was logged out successfully!The usermeta table records which had references to the old DB prefix were updated successfully!The way honeypots work is that a hidden field is placed somewhere inside a form which only robots will submit. If that field contains a value when the form is submitted then a robot has most likely submitted the form and it is consequently dealt with.The word Malware stands for Malicious Software. It can consist of things like trojan horses, adware, worms, spyware and any other undesirable code which a hacker will try to inject into your website.There are also other ways wordpress reveals version info such as during style and script loading. An example of this is:There are no IP addresses currently locked out.There are no other site-wide users currently logged in.There are no other users currently logged in.There have been no file changes since the last scan.Therefore the 6G firewall rules should not have any impact on your site's general functionality but if you wish you can take a %s of your .htaccess file before proceeding.Therefore to further tighten your site's security you are advised to change your nickname and Display name to be different from your Username.Therefore, adding a captcha form on the registration page is another effective yet simple SPAM registration prevention technique.Therefore, if the plugin detects that this field has a value when the login form is submitted, then the robot which is attempting to login to your site will be redirected to its localhost address - http://127.0.0.1.Therefore, if the plugin detects that this field has a value when the registration form is submitted, then the robot which is attempting to register on your site will be redirected to its localhost address - http://127.0.0.1.Therefore, if you would like to add a captcha form to the registration page for a Multi Site, please go to "Registration Captcha" settings on the main site.These features are NOT functionally related. Having both of them enabled on your site means you are creating 2 layers of security.Thie field allows you to choose the number of backup files you would like to keep in the backup directoryThis addon allows you to automatically and permanently block IP addresses based on how many 404 errors they produce.This addon allows you to automatically block IP addresses based on their country of origin.This can be handy if you wanted to save time by applying the settings from one site to another site.This feature allows you to activate more advanced firewall settings to your site.This feature allows you to activate the %s (or legacy %s) firewall security protection rules designed and produced by %s.This feature allows you to add a captcha form on the WordPress registration page.This feature allows you to add a special hidden "honeypot" field on the WordPress login page. This will only be visible to robots and not humans.This feature allows you to add a special hidden "honeypot" field on the WordPress registration page. This will only be visible to robots and not humans.This feature allows you to automatically and permanently block IP addresses which have exceeded a certain number of comments labelled as SPAM.This feature allows you to backup and save your currently active .htaccess file should you need to re-use the the backed up file in the future.This feature allows you to backup and save your currently active wp-config.php file should you need to re-use the the backed up file in the future.This feature allows you to block bots which are impersonating as a Googlebot but actually aren't. (In other words they are fake Google bots)This feature allows you to change the login URL by setting your own slug and renaming the last portion of the login URL which contains the wp-login.php to any string that you like.This feature allows you to disable the ability to select and copy text from your front end.This feature allows you to easily change the prefix to a value of your choice or to a random value set by this plugin.This feature allows you to monitor all 404 events which occur on your site, and it also gives you the option of blocking IP addresses for a configured length of time.This feature allows you to prevent access to files such as %s, %s and %s which are delivered with all WP installations.This feature allows you to prevent external users/bots from fetching the user info with urls like "/?author=1".This feature allows you to prevent other sites from displaying any of your content via a frame or iframe.This feature allows you to put your site into "maintenance mode" by locking down the front-end to all visitors except logged in users with super admin privileges.This feature allows you to specify a time period in minutes after which the admin session will expire and the user will be forced to log back in.This feature also allows you to exclude certain files or folders from the scan in cases where you know that they change often as part of their normal operation. (For example log files and certain caching plugin files may change often and hence you may choose to exclude such files from the file change detection scan)This feature can be used to apply your own custom .htaccess rules and directives.This feature can lock you out of admin if it doesn't work correctly on your site. You %s before activating this feature.This feature can only be configured by the "superadmin" on the main site.This feature has detected that %s is not active. It is highly recommended that you activate the Akismet plugin to make the most of this feature.This feature will add a simple math captcha field in the BBPress new topic form.This feature will add a simple math captcha field in the BuddyPress registration form.This feature will allow you to change your default "admin" user name to a more secure name of your choosing.This feature will allow you to remove the WP generator meta info and other version info from your site's pages.This feature will also remove the "X-Pingback" header if it is present.This feature will automatically set a newly registered account to "pending" until the administrator activates it. Therefore undesirable registrants will be unable to log in without your express approval.This feature will check and block comment requests which are not referred by your domain thus greatly reducing your overall blog SPAM and PHP requests done by the server to process these comments.This feature will check if the User Agent information of a bot contains the string "Googlebot".This feature will deny access to your WordPress login page for all people except those who have a special cookie in their browser.This feature will deny login access for all IP addresses which are not in your whitelist as configured in the settings below.This feature will deny total site access for users which have IP addresses or user agents matching those which you have configured in the settings below.This feature will disable all firewall rules which are currently active in this plugin and it will also delete these rules from your .htacess file. Use it if you think one of the firewall rules is causing an issue on your site.This feature will disable the ability for people to edit PHP files via the dashboard.This feature will greatly minimize the useless and unecessary traffic and load on your server resulting from SPAM comments by blocking all comment requests which do not originate from your domain.This feature will implement a firewall rule to block all comment attempts which do not originate from your domain.This feature will prevent people from directly hotlinking images from your site's pages by writing some directives in your .htaccess file.This feature will prevent the listing of contents for all directories.This feature will scan the critical WP core folders and files and will highlight any permission settings which are insecure.This feature will write rules in your .htaccess file to prevent malicious string attacks on your site using XSS.This field allows you to list only those IP addresses which have been used to post X or more SPAM comments.This field will default to: http://127.0.0.1 if you do not enter a value.This hacking technique is usually used together with cross site scripting attacks (XSS).This information can be handy for identifying the most persistent IP addresses or ranges used by spammers.This is an advanced character string filter to prevent malicious string attacks on your site coming from Cross Site Scripting (XSS).This is because the bots and spiders from search engines such as Google have the capability to detect malware when they are indexing the pages on your site, and consequently they can blacklist your website which will in turn affect your search rankings.This is good security practice.This is often the first tool an attacker will use if able to login, since it allows code execution.This is where attackers use repeated login attempts until they guess the password.This is why we have created an easy-to-use scanning service which is hosted off our own server which will scan your site for malware once every day and notify you if it finds anything.This section allows you to export or import your All In One WP Security & Firewall settings.This section contains a useful password strength tool which you can use to check whether your password is sufficiently strong enough.This section displays a list of the IP addresses of the people or bots who have left SPAM comments on your site.This setting allows you to enable/disable debug for this plugin.This setting matches for common malicious string patterns and exploits and will produce a 403 error for the hacker attempting the query.This setting will add a directive in your .htaccess to disable access to the WordPress xmlrpc.php file which is responsible for the XML-RPC functionality in WordPress.This setting will deny any requests that use a proxy server when posting comments.This setting will implement the 5G security firewall protection mechanisms on your site which include the following things:This setting will implement the 6G security firewall protection mechanisms on your site which include the following things:This setting will implement the following basic firewall protection mechanisms on your site:This should not have any impact on your site's general functionality but if you wish you can take a %s of your .htaccess file before proceeding.This tab displays all users who are currently logged into your site.This tab displays the activity for accounts registered with your site that have logged in using the WordPress login form.This tab displays the failed login attempts for your site.This tab displays the list of all IP addresses which are currently temporarily locked out due to the Login Lockdown feature:This tab displays the list of all permanently blocked IP addresses.This will block bad character matches from XSS.This will help protect you against malicious queries via XSS.Time Length of 404 Lockout (min)Time Length of Lockout (min)Tips and Tricks HQ, Peter Petreski, Ruhul, IvyTo add one or more of the IP addresses displayed in the table below to your blacklist, simply click the "Block" link for the individual row or select more than one address using the checkboxes and then choose the "block" option from the Bulk Actions dropdown list and click the "Apply" button.To block these IP addresses you will need to enable the above flag in the %s menuTo create a new DB backup just click on the button below.To export your All In One WP Security & Firewall settings click the button below.To learn more about how to use this feature please watch the following %s.To learn more please %s.To perform a manual file change detection scan click on the button below.To reset your password, visit the following address:To see a list of all locked IP addresses and ranges go to the %s tab in the dashboard menu.To specify an IP range use a wildcard "*" character. Acceptable ways to use wildcards is shown in the examples below:To specify an IPv4 range use a wildcard "*" character. Acceptable ways to use wildcards is shown in the examples below:To temporarily lock an IP address, hover over the ID column and click the "Temp Block" link for the applicable IP entry.To use this feature do the following:Total Achievable Points: Trace and TrackTypically, most 404 errors happen quite innocently when people have mis-typed a URL or used an old link to page which doesn't exist anymore.Unable to change permissions for %s!Unlock Request NotificationUnlock link: %sUpdate of table %s failed: unable to change %s to %sUpdate of the following MySQL view definition failed: %sUse this section to import your All In One WP Security & Firewall settings from a file. Alternatively, copy/paste the contents of your import file into the textarea below.Useful Tip:UserUser AccountsUser LoginUser Login Feature - Delete all failed login records operation failed!User RegistrationUser Registration SettingsUser account not found!User registration is currently not allowed.UsernameUsername Username Successfully Changed!Username:Username: %sUsers EnumerationUsers Enumeration Prevention feature settings saved!Users who attempt to register will also need to enter the answer to a simple mathematical question - if they enter the wrong answer, the plugin will not allow them to register.Using this optoin will block external access to this file. You can still access this file by logging into your site via FTPVersionView Blocked IPsView Last File ChangeView Last Saved File Change ResultsView Latest System LogsView Scan Details & Clear This MessageView System LogsVisitor LockoutWP Directory and File Permissions Scan ResultsWP File AccessWP Generator Meta InfoWP Generator Meta Tag & Version InfoWP SecurityWP Security PluginWP UsernameWP VersionWP Version InfoWanna know more about the developers behind this plugin?We are working hard to make your WordPress site more secure. Please support us, here is how:We provide advice for malware cleanupWeeksWhat is Malware?When admin user is logged in, the feature is automatically disabled for his session.When enabled, this feature will print a "forbidden" error rather than the user information.When enabled, this feature will set the "X-Frame-Options" paramater to "sameorigin" in the HTTP header.When you enable this checkbox, all 404 events on your site will be logged in the table below. You can monitor these events and select some IP addresses listed in the table below and block them for a specified amount of time. All IP addresses you select to be blocked from the "404 Event Logs" table section will be unable to access your site during the time specified.When you sign up for this service you will get the following:When you submit a post or answer a comment, WordPress will usually display your "nickname".Woocommerce Forms Captcha SettingsWordPress FilesWordPress Files AccessWordPress XMLRPC & Pingback Vulnerability ProtectionWordPress has an option to turn on the debug logging to a file located in wp-content/debug.log. This file may contain sensitive information.Wordpress generator automatically adds some meta information inside the "head" tags of every page on your site's front end. Below is an example of this:Would you like All In One WP Security & Firewall to re-insert the security rules in your .htaccess file which were cleared when you deactivated the plugin?You are here because you have been locked out due to too many incorrect login attempts.You are now logged out.You are still advised to take a backup of your active .htaccess file just in case.You are therefore strongly advised to take a backup of your active .htaccess file before applying this feature.You can also instantly log them out by clicking on the "Force Logout" link when you hover over the row in the User Id column.You can also restore your site's .htaccess settings using a backed up .htaccess file.You can also restore your site's wp-config.php settings using a backed up wp-config.php file.You can copy and paste this address in the text box below if you want to include it in your login whitelist.You can exclude file types from the scan which would not normally pose any security threat if they were changed. These can include things such as image files.You can exclude specific files/directories from the scan which would not normally pose any security threat if they were changed. These can include things such as log files.You can lock any IP address which is recorded in the "404 Event Logs" table section below.You can use the settings below to configure which $_SERVER global you would like to use for retrieving the IP address.You can view all accounts which have been newly registered via the handy table below and you can also perform bulk activation/deactivation/deletion tasks on each account.You cannot ban your own IP address: You cannot use the value "wp-admin" for your login page slug.You currently have no IP addresses permanently blocked due to SPAM.You entered a non numeric value for the "backup time interval" field. It has been set to the default value.You entered a non numeric value for the "number of backup files to keep" field. It has been set to the default value.You entered a non numeric value for the lockout time length field. It has been set to the default value.You entered a non numeric value for the login retry time period field. It has been set to the default value.You entered a non numeric value for the logout time period field. It has been set to the default value.You entered a non numeric value for the max login attempts field. It has been set to the default value.You entered a non numeric value for the minimum SPAM comments per IP field. It has been set to the default value.You entered a non numeric value for the minimum number of spam comments field. It has been set to the default value.You entered an incorrect format for the "Redirect URL" field. It has been set to the default value.You entered an invalid username. Please enter another value. You have entered an incorrect email address format. It has been set to your WordPress admin email as default.You have logged in successfully.You have requested for the account with email address %s to be unlocked. Please click the link below to unlock your account:You have successfully enabled the cookie based brute force prevention featureYou have successfully saved cookie based brute force prevention feature settings.You have successfully saved the 5G/6G Firewall Protection configurationYou have successfully saved the Additional Firewall Protection configurationYou have successfully saved the Prevent Access to Default WP Files configuration.You may also be interested in our %s.You may also be interested in the following alternative brute force prevention features:You may also want to checkout our %s feature for another secure way to protect against these types of attacks.You must enter an integer greater than zero for minimum number of spam comments field. It has been set to the default value.You must use alpha numeric characters for your login page slug.You were logged out because you just changed the "admin" username.Your ".htaccess" file is a key component of your website's security and it can be modified to implement various levels of protection mechanisms.Your "wp-config.php" file is one of the most important in your WordPress installation. It is a primary configuration file and contains crucial things such as details of your database and other critical components.Your .htaccess file has successfully been restored!Your .htaccess file was successfully backed up! Using an FTP program go to the "/wp-content/aiowps_backups" directory to save a copy of the file to your computer.Your AIOWPS settings were successfully imported via file input.Your AIOWPS settings were successfully imported via text entry.Your AIOWPS settings were successfully imported. The file you uploaded was also deleted for security purposes because it contains security settings details.Your CAPTCHA answer was incorrect - please try again.Your Current IP AddressYour DB Backup File location: Your PHP file editing settings were saved successfully.Your WP installation already comes with reasonably secure file permission settings for the filesystem.Your WordPress DB is the most important asset of your website because it contains a lot of your site's precious information.Your WordPress file and folder permission settings govern the accessability and read/write privileges of the files and folders which make up your WP installation.Your WordPress login page URL has been renamed.Your WordPress system has a total of %s tables and your new DB prefix will be: %sYour account is now activeYour account with username: Your current login URL is:Your new WordPress login URL is now:Your password has been reset.Your password reset link appears to be invalid. Please request a new link below.Your password reset link has expired. Please request a new link below.Your registration is pending approval.Your session has expired because it has been over %d minutes since your last login.Your site currently has the following accounts which have an identical login name and display name.Your site does not have a user account where the display name is identical to the username.Your site does not have any account which uses the default "admin" username. Your site is currently using the default WordPress DB prefix value of "wp_". To increase your site's security you should consider changing the DB prefix value to another value.Your wp-config.php file has successfully been restored![%s] Password Resetblockedbmpcache/config/master.phpeighteighteenelevenfifteenfivefourfourteenhtaccess Restore operation failed! Please check the contents of the file you are trying to restore from.htaccess backup failed.htaccess file rename failed during backup. Please check your root directory for the backup file using FTP.htaccess file restore failed. Please attempt to restore the .htaccess manually using FTP.http://wordpress.org/https://codex.wordpress.org/Cookieshttps://wordpress.org/https://wordpress.org/support/https://www.tipsandtricks-hq.com/https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-pluginjpgmodified on: ninenineteenonepaging%1$s of %2$spngsevenseventeensimply remember to add a "?%s=1" to your current site URL address.sixsixteensomedirectorytenthirteenthreeto crack your password!twelvetwentytwowp-config file to restore fromwp-config.php File Operationswp-config.php Restore operation failed! Please check the contents of the file you are trying to restore from.wp-config.php file restore failed. Please attempt to restore this file manually using FTP.wp-config.php file was updated successfully!PO-Revision-Date: 2022-01-24 14:13:46+0000 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=1; plural=0; X-Generator: GlotPress/3.0.0-alpha.2 Language: zh_CN Project-Id-Version: Plugins - All In One WP Security & Firewall - Stable (latest release) MB 已经存在. 请输入另一个值. 已生成 不是有效的 IP 地址格式. 现已启用%1$s %2$d%s 数据表名更新失败%s 数据表的前缀已成功更新!%s视图定义成功更新!%s?(分钟)在此时间段过后,用户将被强制重新登录。. 扫描已生成....以及更多..htaccess 文件操作从文件恢复 .htaccess 文件1 秒1) 阻止压榨性攻击常用的禁止非法字符.1) 拒绝服务 (DoS) 攻击1) 启用此复选框.1)通过拒绝访问,保护你的 htaccess 文件。2) 阻止恶意编码的网址字符, 如 ".css(" 字符串.2) 禁用服务器签名.2) 输入一个由字母数字字符组成的保密字, 这将是难以猜测. 当您需要知道访问登录页面的特殊网址时, 这个保密字将非常有用(请参阅下面的内容).2) 黑客内部路由器.3) 防范目标网址根部的常见模式和具体漏洞.3) 限制文件上传大小 (10MB).3) 扫描内部网络中的端口以获取来自各种主机的信息.3) 您将获取一个特殊的登录网址. 您将需要使用此网址登录到您的 WordPress 网站, 而不是通常的登录网址. 注意: 系统将在您的浏览器中存储一个特殊的 cookie, 这将允许您访问 WordPress 管理登录页面.4)通过拒绝访问,保护你的 wp-config.php 文件。4) 阻止攻击者通过禁止非法字符来操纵查询字符串.404检测404 检测配置404 检测功能 - 删除所有 404 事件日志操作失败!404 检测选项404 事件日志404 锁定重定向 URL5G/6G 黑名单6g 黑名单防火墙规则6G 黑名单/防火墙设置账号待处理: 您的账号目前处于未激活状态. 需要管理员先帮您激活账号后才能登录.注意: 有时候非恶意的互联网组织可能会有机器人模仿为 "Googlebot".错误:出于安全考虑, 您的 IP 地址的访问权限已被阻止。请与管理员联系。错误: Cookies 由于意外输出而被阻止. 如需帮助, 请参阅 此文档 或尝试 支持论坛.错误: Cookies 被浏览器阻止或不支持. 您必须 启用 cookies 才能使用 WordPress.错误: 输入用户名或邮箱地址.错误:无效的登录凭据。错误:无效用户名或邮箱。错误: 数据表前缀只能包含数字, 字母和下划线.错误: 没有用户注册该邮箱地址.错误: 您无法注册, 因为您的 IP 地址目前处于锁定状态!错误:您的验证码答案不正确 - 请再试一次。警告: 只有在知道自己在做什么的情况下才能使用此功能.您已成功更新 WordPress! 请重新登录以查看新功能.当有人尝试访问您网站上不存在的页面时,会出现 404 或未发现的错误.暴力攻击是黑客在尝试许多用户名和密码组合之后才能成功猜测到正确的组合.盗链是指用户通过直接链接到服务器上的图片来源, 在其网站上显示实际位于您网站上的图片.您的 wp-config.php 文件的备份副本已成功创建!被阻止的访客将被自动重定向到此网址.机器人是一款运行在互联网上并执行自动任务的软件. 例如, 当 Google 为您的网页编制索引时, 其会使用自动机器人来完成此任务.由垃圾评论机器人提交的评论通过直接调用 comments.php 文件来完成, 这通常意味着 HTTP_REFERRER 值不是您的域名, 并且通常是空的.在您的系统上检测到站点 URL 的文件更改WordPress 博客垃圾评论的大部分主要由自动化机器人产成, 而不是由人类产成. 合法评论是由实际填写评论表单并点击提交按钮的人提交的评论. 对于此类事件, HTTP_REFERRER 始终设置为您自己的域名.由于登录尝试失败或用户名无效, 导致发生锁定事件:很多机器人都是合法的, 非恶意的, 但并不是所有的机器人都是良好的, 而且你会发现一些人尝试模仿一些合法的机器人, 比如 "Googlebot", 但实际上他们根本就没有与谷歌有合作.许多黑客尝试通过尝试 "暴力登录攻击" 来利用这些信息, 他们反复尝试使用 "admin" 作为用户名来猜测密码.简要扫描结果如下:账号活动日志账号登录名已启用插件将验证码添加到BBPress新主题表单添加验证码到 BuddyPress 注册表单添加验证码到评论表单在评论表单中添加验证码字段是一种非常简单的方法, 可以在不使用 .htaccess 规则的情况下大幅减少机器人发送的垃圾评论.在注册表单中添加验证码字段是一种简单的方法, 可以在不使用 .htaccess 规则的情况下大大减少机器人进行注册并发布垃圾评论.其他防火墙保护其他防火墙规则管理员用户安全管理员用户名高级高级字符文本过滤高级设置点击上面的链接后, 您将能够登录到 WordPress 管理面板.选择文件后, 点击下面的按钮, 使用备份的 wp-config 文件 (wp-config.php.backup.txt) 恢复到您的网站.选择文件后, 点击下面的按钮将设置应用到您的网站.选择文件后, 点击下面的按钮, 使用备份的 htaccess 文件 (htaccess_backup.txt) 恢复到您的网站.所有 404 事件日志都已成功从数据库中删除!All In One WP SecurityAll In One WP Security & Firewall 检测到您的主机文件发生了变化.All In One WP Security - 检测到文件更改!All In One WP 安全- 站点数据库备份所有时间总计:所有防火墙规则已成功禁用!来自其他机构的其他机器人, 如 "Yahoo", "Bing" 等不会受此功能的影响.失败登录表中的所有记录都已成功删除!全方位最好的 WordPress 安全插件!所有安全功能已成功禁用!允许解锁请求尽管大部分的机器人都是相对无害的, 有时网站所有者要加强对它们允许进入其网站的哪个机器人更多的控制.有效的暴力预防技术是更改默认的 WordPress 登录页面网址.有关解锁说明已通过邮件发送给您。任何尝试访问您的登录页面的人在浏览器中没有特殊的 cookie 将被自动屏蔽.除了选择强密码之外, 在短时间内监控和阻止重复登录失败所涉及的 IP 地址是阻止这些类型攻击的一种非常有效的方法.除了安全保护优势之外, 此功能还可以帮助减少服务器上的负载, 尤其是当您的网站在安装时当中有大量不需要的流量击中 XML-RPC API 时候.应用批准注册用户为您的站点 URL 附加最新的数据库备份文件注意!注意: 如果除了启用白名单功能外, 还可以启用 %s 或 %s 功能之一, 当您尝试访问您的 WordPress 登录页面时, 您仍然需要在网址中使用您的保密字或指定 slug.注意:您已启用“完全阻止访问XMLRPC”复选框,这意味着所有XMLRPC功能都将被阻止。自动阻止垃圾发送者的IP自动定时备份自动每天扫描 1 个网站自动邮件警报自动恶意软件 & 黑名单监控BBPress垃圾评论设置备份 .htaccess 文件备份 .htaccess 文件备份时间间隔备份 wp-config.php 文件备份 wp-config.php 文件备份您的数据库坏查询字符串禁止IP地址或用户代理禁止用户基本基本防火墙基本防火墙规则基本防火墙设置在使用此功能之前, 您需要先执行 cookie 测试. 这是为了确保您的浏览器 cookie 工作正常, 并且您不会将自己锁定.了解您文件中的任何更改可能是快速防止黑客对您的网站造成损害的好方法.为保证您的网站达到最低安全水平,建议激活以下关键功能。黑名单管理器黑名单移除阻止访问调试日志文件阻止访问 debug.log 文件阻止访问调试日志文件阻止假冒 Googlebots阻止机器人发表垃圾评论阻止垃圾评论机器人阻止垃圾评论机器人可以发布评论暴力破解暴力登录攻击强力预防防火墙设置BuddyPressBuddyPress 注册验证码BuddyPress 垃圾评论设置BuddyPress 未启用! 为了使用此功能, 您需要安装并启用 BuddyPress.批量操作通过使用 .htaccess 文件来允许/阻止 IP 地址访问, 您正在使用最安全的第一道防线, 因为登录访问只会授予列入白名单的 IP 地址, 并且只要他们尝试访问您的登录页面, 其他地址将会被阻止.通过在 .htaccess 文件中拦截用户, 您使用的是最安全的第一道防线, 当他们攻击您的主机服务器时, 其会拒绝所有访问黑名单的访问者.默认情况下, 昵称设置为您账号的登录名 (或用户名).默认情况下,此插件使用$_SERVER['REMOTE_ADDR']变量来检索访客IP地址。这通常应该是获取IP的最准确最安全的方式。默认情况下, WordPress 在安装时将管理员用户名设置为 "admin".默认情况下, 如果 Apache 服务器不包含 index.php 文件, 其将允许列出目录的内容.通过这样做, 恶意机器人和黑客将无法访问您的登录页面, 因为他们不知道正确的登录页面网址.通过启用此复选框, 插件将为您的 .htacces 文件添加必要的规则和例外, 以便 AJAX 操作按预期工作.通过启用此复选框, 插件将为 .htacces 文件添加必要的规则和例外, 以便尝试访问这些页面的用户不会自动被阻止.通过禁止代理评论, 您实际上可以消除一些垃圾评论和其他代理请求.通过检查来自垃圾评论发送者的 IP 地址数据, 您将能够更好地确定您应该将哪些地址或地址范围添加到黑名单中以阻止这些地址或地址范围.通过启用此功能,您将阻止Jetpack或WordPress iOS或其他需要XMLRPC的应用在您的网站上正常运行。通过偶尔查看这些日志文件的内容, 您可以随时了解系统中可能需要解决的任何潜在问题.通过阻止访问这些文件, 您正在隐藏潜在黑客的一些关键信息(如 WordPress 版本信息).更改管理员用户名更改数据库前缀更改数据库前缀更改显示名称更改用户名如果您希望此插件自动阻止提交垃圾评论的IP地址,请勾选此框。如果您没有使用WP XML-RPC功能并且想要完全阻止对XMLRPC的外部访问,请勾选此项。如果您对部分或全部博客文章或页面使用本机 WordPress 密码保护功能,请勾选此项.如果您希望所有访客除了以管理员身份登录的访客被锁定在您网站的前端之外, 请勾选此项.如果您希望插件为数据表前缀生成随机的 6 个字符的字符串, 请勾选此项如果您希望系统根据以下设置定时自动生成备份, 请勾选此项如果您希望系统根据以下设置自动/定时扫描文件以检查文件更改, 请勾选此项如果您希望系统在检测到文件更改时向您发送邮件,请勾选此项如果希望系统在执行数据库备份后通过邮件将备份文件发送给您, 请勾选此项如果您希望允许用户生成解锁其账号的自动解锁请求链接, 请勾选此项如果您想应用阻止来自垃圾评论机器人的评论的防火墙规则, 请勾选此项.如果你想对网站采用基本防火墙保护,请选中此项。如果要将来自 perishablepress.com 的 5G 黑名单防火墙保护应用到您网站, 请勾选此项.如果要将来自perishablepress.com的6G黑名单防火墙保护应用到您网站,请勾选此项。如果要自动停用所有新注册的账号,请勾选此项,以便您可以人工审核他们。如果要阻止访问 WordPress 启用调试日志记录时所创建的 debug.log 文件, 请勾选此项.如果您想阻止所有虚假的 Googlebots, 请勾选此项.如果要禁用目录和文件列表, 请勾选此项.如果要禁用网站前端的"右键单击", "文本选择" 和 "复制" 选项, 请勾选此项.如果要禁用追溯和跟踪, 请勾选此项.如果要启用下面文本框中输入的自定义规则, 请勾选此项如果要启用调试,请检查此项。完成调试问题后,您应该禁用此选项。如果你想禁止(或黑名单)指定IP地址或用户代理,请在下面设定。如果要为登录页面启用蜜罐功能, 请勾选此项如果要为注册页面启用蜜罐功能,请勾选此项如果要启用锁定所选 IP 地址, 请勾选此项.如果要启用 404 事件的记录, 请勾选此项如果您想启用登录锁定功能并应用下面的设置, 请勾选此项如果要启用重命名登录页功能,请选中此项如果要启用下列设置中指定已选定的 IP 地址的白名单, 请勾选此项如果您想禁止代理评论发布, 请勾选此项.选中此项以强制用户在设定时间段后注销如果您要在BBPress新主题表单上插入验证码字段,请勾选此项如果您想要在 BuddyPress 注册表单上插入验证码字段, 请勾选此项如果您想在评论表单中插入验证码字段, 请勾选此项如果您想在 WordPress 用户注册页面上插入验证码表单(如果允许用户注册),请勾选此项。如果您要在登录页面上插入验证码表格,请选中此项如果要在忘记密码页面上插入验证码表格,请选中此项如果您想在Woocommerce登录表单上插入验证码, 请勾选此项如果您想在Woocommerce注册表上插入验证码, 请勾选此项如果要在由WP函数wp_login_form()生成的自定义登录表单上插入验证码,请选中此项:如果您想立即锁定系统中不存在的用户名登录尝试, 请勾选此项如果要将自定义规则放置在由此插件应用的所有规则的开始位置,请勾选此项如果您想要阻止访问 readme.html, license.txt 和 wp-config-sample.php, 请勾选此项.如果您想防止盗链到您网站上的图片,请勾选此项.如果你想保护你的登录页面免受暴力攻击, 请勾选此项.如果您希望通过邮件收到因登录失败而导致锁定的信息, 请勾选此项如果您想移除人们通过 WP 仪表盘编辑 PHP 文件的能力, 请勾选此项如果您想要从所有页面中移除WP生成的版本和元信息,请勾选此项如果您想在登录尝试失败时显示通用错误信息, 请勾选此项如果您想阻止其他网站在 Frame 或 iFrame 中显示您的内容, 请勾选此项.如果要阻止用户枚举,请选中此项。请检查您的网站是否使用 AJAX 功能.查看邮件里的确认链接新密码已发送到邮件正在检查MySQL类型为“view”的数据表.....选择您希望从中检索访客IP地址的$_SERVER变量。为管理员选择一个新的用户名.选择一个由字母数字字符组成的保密字, 您可以使用其来访问您的特殊网址. 强烈建议您选择一个难以猜测的保密字.通过指定包含字母和/或数字和/或下划线的字符串来选择您自己的数据库前缀. 例如: xyz_点击链接编辑该特定用户账号的设置点击下面的按钮备份和下载当前活动的 wp-config.php 文件的内容.点击下面的按钮来备份和保存当前活动的 .htaccess 文件.点击下面的按钮查看上次扫描保存的文件更改结果.点此按钮以确认删除所有登陆失败记录。如果您希望以CSV格式下载此日志,请点击此按钮。如果您希望清除数据库中的所有 404 事件日志, 请单击此按钮.评论验证码垃圾评论垃圾评论的 IP 监控垃圾评论设置评论通常由Akismet插件标记为垃圾,或WP管理员手动将其标记为WordPress评论菜单中的“垃圾评论”。完全阻止访问XMLRPC确认新密码基于 Cookie 的暴力登录预防基于 Cookie 的强力预防Cookie 作用域基于Cookie的暴力破解预防 复制保护复制保护功能设置已保存!复制/粘贴导入数据无法从 .htaccess 文件中删除基于 Cookie 的指令. 请检查该文件的权限.无法处理请求, 因为找不到所选条目的 IP 地址!无法写入 .htaccess 文件. 请检查该文件的权限.无法写入 .htaccess 文件. 请使用 ".htaccess文件" 中的恢复功能手动恢复您的 .htaccess 文件.无法写入 wp-config.php. 请使用 "wp-config.php文件" 中的恢复功能手动恢复您的 wp-config.php 文件.立即创建数据库备份关键功能状态当前数据库数据表前缀当前权限网站当前分数:当前已锁定的 IP 地址范围当前被锁定的 IP 地址和范围当前登录用户自定义 .htaccess 规则自定义 .htaccess 规则设置自定义登录验证码自定义登录表单验证码设置自定义规则数据备份数据库备份失败. 请检查备份目录的权限.数据库备份已成功完成! 如果你已经启用了 "通过邮件发送备份文件", 您将通过邮件接收到的备份文件, 否则您可以通过 FTP 从以下目录可检索到剩余备份文件:数据库前缀数据库前缀选项数据库前缀更改任务已完成.仪表盘数据库安全日期天调试文件写入权限调试设置默认删除所有 404 事件日志删除所有失败的登录记录拒绝不良查询拒绝坏查询字符串 根据错误或警告的性质和原因, 托管服务器可以在 WordPress 安装的许多目录位置中创建此文件的多个实例.禁用编辑 PHP 文件的功能禁用所有防火墙规则禁用所有安全功能禁用索引视图禁用 PHP 文件编辑从XMLRPC停用Pingback功能禁用安全功能禁用复制文本的功能禁用跟踪和追踪 禁用用户枚举禁用站点上的追溯和跟踪将有助于防止 HTTP 追溯攻击.显示通用错误信息昵称安全显示名称安全显示已发布最少 %s 垃圾评论的 IP 地址的结果由于恶意软件的不断变化和复杂的性质, 扫描这样的事情使用一个独立的插件将无法可靠地工作. 通过定期进行外部扫描您的网站是最好的做法.由于任何时候您的网站可能会通过恶意自动机器人发生许多并发登录尝试, 这也会对服务器的内存和性能产生负面影响.由于在其他人的网站上显示的图片来自您的服务器, 这可能会导致您的带宽和资源泄漏, 因为您的服务器必须将此图片呈现给在其他人的网站上查看它的人.由于插入到 .htaccess 文件中代码的性质, 此功能可能会破坏某些插件的某些功能, 因此建议您在应用此配置之前先获取 %s 的 .htaccess.错误: 无法处理您的请求!每一个 IP 地址必须新起一行。每个用户代理字符串必须在新的一行。邮箱地址邮箱地址启用 404 事件记录启用404 IP检测和锁定 启用 6G 防火墙保护开启高级字符文本过滤启用自动阻止垃圾评论的IP启用自动文件更改检测扫描启用自动定时备份启用基本防火墙启用基本防火墙保护启用暴力攻击预防在BBPress新主题表单上启用验证码在 BuddyPress 注册表单中启用验证码在评论表单上启用验证码启用自定义登录表单的验证码在登录页面上启用验证码启用忘记密码表单验证码在注册页面上启用验证码在Woocommerce登录表单上启用验证码在Woocommerce注册表单上启用验证码启用复制保护启用自定义 .htaccess 规则启用调试启用强制WP用户注销启用前端锁定启用登录页面上的蜜罐 在注册页面启用蜜罐启用IP白名单 启用 IP 阻断 404 检测启用IP和用户代理黑名单启用登录蜜罐启用登录锁定功能启用登录锁定IP白名单启用 Pingback 漏洞保护启用注册蜜罐启用重命名登录页面启用重命名登录页面功能启用 iFrame 保护启用传统5G防火墙保护 启用人工审核新的注册输入自定义 .htaccess 规则:输入IP地址:输入系统日志文件名称输入用户代理:输入白名单IP地址:输入信息:当您的网站处于维护模式时, 输入您希望向访客显示的信息.输入邮箱地址在您希望从文件更改检测扫描中排除的新行上输入每个文件或目录.在您希望从文件更改检测扫描中排除的新行上输入每个文件类型或扩展名.输入您希望包含在白名单中的一个或多个 IP 地址或 IP 范围. 只有在此处指定的地址才能访问 WordPress 登录页面.输入您要列入白名单的一个或多个IP地址或IP范围。这里指定的地址永远不会被登录锁定功能阻止。输入一个或多个IP地址或IP范围.在新行上输入一个或多个电子邮件地址。输入一个或多个用户代理字符串。 输入特殊内容:输入您的自定义 .htaccess 规则/指令.在下面输入您的新密码.输入您的系统日志文件名称. (默认为 error_log)错误 - 无法获取数据表或找不到数据表!更新 user_meta 数据表时出错, 其中新的 meta_key = %s, 旧的 meta_key = %s 和 user_id = %s.错误: 在您的 IP 地址范围内没有在数据库中找到锁定条目!错误:您输入了错误的验证码答案。请返回重试。即使此功能不会对您的网站的一般功能产生任何影响, 强烈建议您在继续操作前获取 %s 的 .htaccess 文件.示例 1 - 要阻止单个用户代理的字符串:示例 1:195.47.89.*示例 1: 将此值设置为 "0" 或 "1", 将列出用于提交垃圾评论的所有 IP 地址.示例1:将此值设置为“1”将阻止用于至少提交一个垃圾邮件注释的所有IP地址。示例 2 - 要阻止多个用户代理字符串的列表示例 2:195.47.*.*示例2:将此值设置为“5”将仅阻止用于在您的站点上提交5个垃圾邮件评论或更多信息的IP地址。 示例 2: 将此值设置为 "5" 将会只列出用于在您的网站上提交 5次 或更多垃圾评论的 IP 地址.示例 3:195.*.*.*示例4:4102:0:3ea6:79fd:b:46f8:230f:bb05示例5:2205:0:1ca2:810d::示例: 如果您希望扫描器忽略不同目录或整个目录中的某些文件, 则应输入以下内容:示例: 如果您希望扫描器忽略 jpg, png 和 bmp 类型的文件,则应输入以下内容:摘要视图导出 AIOWPS 设置导出或导入 AIOWPS 设置导出为 CSV登录失败记录无法对 wp-config.php 文件进行备份. 此操作不会继续.文件文件更改检测文件更改检测设置文件编辑文件已修改文件权限文件权限文件权限扫描文件大小要忽略的文件类型文件/文件夹要忽略的文件/目录文件系统安全查找 IP 地址防火墙防火墙设置关注我们例如: 如果设置项依赖于域名的网址, 那么当导入到具有不同域名的网站时, 它可能无法正常工作.有关信息,更新和文档,请访问禁止代理评论发布禁止代理评论强制注销强制用户注销选项Frame 显示预防功能设置已保存!框架(Frames)从安全角度看, 更改默认的 "admin" 用户名是您在网站上应该做的第一件也是最聪明的事情之一.从安全角度来看, 将您的昵称与您的用户名保持一致是不好的做法, 因为它至少让黑客有一半的登录凭证.从现在开始, 您将需要使用以下网址登录到 WP 管理面板:常规设置一般访客锁定生成新的数据库数据表前缀获取新密码了解开发人员浏览每个菜单项并启用安全选项, 为您的网站添加更多安全性. 首先启动基本功能.单击 %s 菜单,查看更多详细信息Googlebots 有一个不容易伪造的独特身份, 这个功能可以识别任何虚假的 Google bots, 并阻止他们阅读您网站的页面.HTTP 追溯攻击(XST) 可以用来返回 header 请求和抓取 cookies 以及其他信息.黑客可以通过多种方式利用 WordPress XML-RPC API 中的各种漏洞, 例如:实用建议:蜜罐主机系统日志小时然而在一些设置,例如使用代理,负载均衡和CloudFlare的设置,可能需要使用不同的$_SERVER变量。然而, 在某些情况下, 您可能会发现许多重复的 404 错误, 这些错误发生在相对较短的时间间隔内, 并且来自相同的 IP 地址, 这些错误都尝试访问各种不存在的页面网址.但是, 有时人们或其他插件会修改某些核心 WP 文件夹或文件的各种权限设置, 从而导致其网站安全性降低, 因为他们选择了错误的权限值.IP地址IP 地址:IP 主机和用户代理黑名单设置IP 范围:IP检索设置IP 和用户代理黑名单如果有机会, 黑客可以将他们的代码或文件传送到您的系统中, 然后他们可以使用它们在您的网站上执行恶意行为.如果机器人未能通过检查, 那么该插件会将其标记为假冒的 Googlebot, 并会将其阻止如果在此时间段内, 指定的 IP 地址达到最大失败登录尝试次数时, 插件将锁定该地址如果此功能使用不当, 您可能会被锁定在您的网站之外. 如果发生这种情况, 备份的 .htaccess 文件将派上用场.若这不是您本人要求的, 请忽略本邮件, 一切如常.如果你破坏你的网站, 你将需要通过 FTP 或类似的方式访问你的服务器, 然后编辑你的 .htaccess 文件并删除你所做的更改.如果您的文章或页面没有使用 WordPress 密码保护功能, 那么强烈建议您停用此复选框.如果您仍需要XMLRPC,请取消勾选“完全阻止访问XMLRPC”复选框,并且只启用 “禁止从XMLRPC返回Pingback功能”复选框。如果您怀疑有用户或登录用户不应该登录,您可以通过从下面的数据检查IP地址并将其添加到您的黑名单来阻止它们。如果您认为您的网站上的某些插件功能由于您在此插件中启用的安全功能而中断, 请使用以下选项关闭此插件的所有安全功能.如果您使用Jetpack或WP iOS或其他需要WP XML-RPC功能的应用,请勾选此项。这将可防止WordPress pingbacks漏洞。如果您想将 IP 地址临时阻止或添加黑名单, 只需在下面的"404 事件日志" 表中单击适用 IP 条目的 "临时阻止" 或 "IP 黑名单" 链接即可.如果您选择的服务器变量失败,插件将自动退回到从 $_SERVER["REMOTE_ADDR"]进行检索IP地址。如果您的网站允许用户通过WordPress注册表单创建自己的账号,那么您可以通过人工审核批准每个注册来最大限度地减少垃圾评论或伪造注册。导入 AIOWPS 设置导入文件导入/导出在一般情况下, WordPress 的核心和插件文件以及诸如 ".php" 或 ".js" 之类的文件类型不应该经常更改, 并且当它们执行时, 知道何时发生更改以及哪个文件受到影响非常重要.换句话说, 如果评论不是由实际上在您的网站上提交评论的人员提交的, 则该请求将被阻止.在使用内置 WordPress 密码保护功能保护您的某些文章或页面的情况下, 需要将一些额外的指令和例外行添加到 .htacces 文件中, 以便尝试访问页面的用户不会自动被阻止.在您的 WordPress 安装包含使用 AJAX 的主题或插件的情况下, 需要将一些额外的指令和例外行添加到您的 .htacces 文件中, 以防止 AJAX 请求被暴力阻止功能自动阻止.不正确的 .htaccess 规则或指令可能会破坏或阻止访问您的网站.每行插入一个用户名。现有用户名即使存在于列表中也不会被阻止。即时锁定无效的用户名即时锁定指定的用户名中级因特网机器人设置网络机器人在激活安全功能之前, 备份您的 .htaccess 文件, 数据库和 wp-config.php 文件是一种很好的做法. 此插件有一些选项可以轻松用来备份这些资源.如果您忘记了这个网址值, 那么保存这个网址值很重要, 或者,建议您在使用此功能之前执行 %s当你想调整我们现有的防火墙规则或当你想添加你自己的防火墙规则时, 它非常有用.您有责任确保您输入正确的代码!然后它会执行一些测试来验证机器人是否合法来自 Google, 如果是, 它将允许机器人继续.一台桌面 PC 大约需要不要将尝试的暴力登录尝试重定向到您的网站是个好方法, 因为他会增加服务器的负载.请注意, 如果您启用此功能, 该插件将阻止在其用户代理信息中使用 "Googlebot" 字符串的所有机器人, 但并非来自 Google (不论其是否为恶意).最近5次登录最后5次登录摘要:最新的文件更改扫描结果如果您想要pingback保护,但仍需要XMLRPC,请保留此功能的停用状态并使用以下功能。函数库垃圾评论发送者的 IP 地址列表列表视图管理员账号列表列出目录内容正在加载...已锁定的IP地址如果你正在调查你的网站上的一些问题, 或者你可能正在做一些维护工作, 并且出于安全的原因想要避开所有的流量, 则将网站锁定为普通访客可能会很有用.登录登录登录到您网站的 WordPress 管理面板, 查看此用户被锁定的持续时间或解锁此用户.已登录用户登录验证码登录表单验证码设置登录表单蜜罐设置 登录IP白名单设置 登录 IP 白名单登录锁定登录锁定配置登录锁定IP白名单设置登录锁定选项登陆页链接登录重试时间段 (分钟)登录白名单登入查看扫描详情在XX分钟后注销WP用户忘记密码忘记密码验证码忘记密码表单验证码设置忘记密码?网站维护维护模式维护模式状态维护模式目前已启用。当您完成维护后,请关闭它。维护模式目前已关闭。恶意软件扫描人工审核手动备份手动文件更改检测扫描人工审核新注册许多人陷入使用一个简单的字或一系列数字作为密码的陷阱. 这种可预测的简单密码只需几分钟时间就可以通过使用简单的脚本来猜测到您的密码, 该脚本可以通过简单和最常见的组合循环使用.最大登录尝试次数垃圾评论的最少数量每个 IP 的垃圾评论最少数量其他修改使用相同的登录名和显示名称账号更多信息我的网站有哪些是受密码保护的文章或页面我的网站有一个主题或插件在使用 AJAX不可用/不适用新的扫描已完成: 插件检测到您对 "要忽略的文件类型" 或 "要忽略的文件" 字段进行了更改. 为了确保将来的扫描结果准确无误, 旧的扫描数据已被刷新.注意: 在导入之前, 您有责任了解您尝试导入的设置. 盲目导入设置会导致您被锁定在您的网站之外.注意: 如果您已经启用了基于 Cookie 的暴力防护功能, 则该插件将自动停用该功能, 因为这些功能中的任何一项在任何时候都可以处于活动状态.注意: 如果您已经启用了 "重命名登录页面" 功能, 则该插件会自动停用此功能, 因为这些功能中的任何一项都可以在任何时间启用.注意: 如果您当前以 "admin" 身份登录, 您将在更改用户名后自动注销, 并且需要重新登录.注意:如果您在WPEngine或一个执行服务器缓存提供商上托管您的网站,则需要请求主机支持人员不缓存重命名的登录页面。注意:如果您使用Jetpack或WordPress iOS或其他应用,则应启用此功能,但不要勾选“完全阻止访问XMLRPC”复选框。注意: 为使此功能工作必须在 httpd.conf 文件中启用 Indexes 指令的 "AllowOverride". 如果您无法访问 httpd.conf, 请询问您主机服务提供商以检查此内容注意: 这些字符串可能被用于插件或主题, 因此这可能会破坏某些功能.注意: 此设置的一些字符串可能会破坏某些功能.注意: .htaccess 文件未被修改, 因为您已停用 "启用 IP 或用户代理黑名单" 复选框.注意:此功能不会使用.htaccess文件永久阻止IP地址,因此它应该与运行WordPress的所有Web服务器兼容。注意: 如果您目前没有在您的 WordPress 安装中使用 XML-RPC 功能, 则只应启用此功能.名称管理员新的用户名新密码不需要任何操作无合同 (随时可取消)不需要任何操作! 不需要任何操作.未找到数据!未找到任何项目.没有发现系统日志!随机检查数据库前缀更改操作失败!随机检查阻止注册用户的IP操作失败!随机检查删除所有 404 事件日志操作失败!随机检查删除所有失败的登录记录操作失败!随机检查删除失败的登录记录操作失败!随机检查删除锁定记录操作失败!随机检查删除注册用户账号操作失败!随机检查删除选定的 404 事件日志操作失败!随机检查删除选定的账号活动日志操作失败!随机检查删除选定的阻止 IP 操作失败!随机检查强制用户注销操作失败!随机检查列出垃圾评论的 IP 失败!随机检查手动数据库备份操作失败!随机检查手动文件更改检测扫描操作失败!随机检查无法保存黑名单设置!为保存锁定白名单设置随机检查失败!随机检查无法保存白名单设置!随机检查解锁IP操作失败!随机检查解锁 IP 操作失败!随机检查列出已登录用户失败!随机检查在管理员用户名更改操作失败!通常情况下, 如果你想登录 WordPress, 你可以输入你网站的首页网址, 然后输入 wp-login.php.无法使用。通过邮件通知要保留的备份文件份数暂时锁定的 IP 地址数:当前登录您的网站 (包括您) 的用户数量为:或关闭通常, 当恶意代码注入到您的网站时, 您通常不会根据外观发现任何异常情况, 但它可能会对您网站的搜索排名产生巨大影响.开启黑客尝试破坏网站的方式之一是通过 为数据库添加一层保护的一种方法是将默认的 WordPress 数据表前缀从 "wp_" 更改为黑客难以猜测的其他内容.只有 "superadmin" 可以阻止主站点的 IP 地址.操作失败! 无法修改或备份 wp-config.php 文件!或您可以输入IPv6地址(注意:ipv6目前不支持范围/通配符)PHP 允许网址打开外部文件PHP 显示错误PHP 文件编辑PHP 信息PHP 最大文章大小PHP 最大脚本执行时间PHP 最大上传大小PHP 内存限制PHP 内存使用情况PHP 版本页面密码密码重置密码强度密码强度工具密码工具执行Cookie测试立即执行扫描永久阻止列表永久阻止的IP地址 将自定义规则置顶请手动将上述数据表的前缀更改为: %s请选择一个 .htaccess 来恢复.请选择一个文件来导入您的设置.请选择一个 wp-config.php 文件以从中恢复.请输入有效的邮箱地址请为数据库前缀输入一个值.请为您的登录页面 slug 输入一个值.请为您的用户名输入一个值. 请输入数字的答案:请输入您的电子邮件地址,您将收到一封电子邮件,说明如何解锁自己。请输入您的用户名或邮箱地址. 您将收到一个通过邮件创建新密码的链接.请重新登录以继续.请使用复选框选择一些记录插件网址插件版本糟糕的密码选择是许多网站最常见的弱点之一, 通常是黑客尝试进入您的网站时尝试利用的第一件事.可能的原因: 您的主机可能停用了 mail( ) 函数.基于 WordPress阻止访问默认的 WP 文件阻止访问 WP 默认安装文件防止热链接防止热链接阻止图片盗链防止用户枚举防止您的网站被显示在 Frame代理评论发布重定向网址建议操作推荐权限将黑客或恶意机器人重定向回 "http://127.0.0.1" 是很理想的, 因为它会将他们转移回自己的本地主机, 并将其加载到他们的服务器上而不是您的服务器上.刷新数据刷新登录用户数据注册本站注册注册审核注册验证码注册表单注册表单蜜罐设置注册蜜罐注册页面验证码设置注册已完成。请检查你的邮件。注册确认信息将发送到您的邮箱。记住我移除 WP 生成的元信息删除 WP Generator 元标记重命名登录页面重命名登录页面设置请求解锁重置密码恢复 .htaccess 文件从备份的 .htaccess 文件恢复从备份的 wp-config 文件恢复恢复 wp-config 文件垃圾防护垃圾评论发送者 IP 地址结果保存 5G/6G 防火墙设置保存其他防火墙设置保存基本防火墙设置保存复制保护设置保存自定义规则保存调试设置保存功能设置保存网络机器人设置保存设置保存设置保存网站锁定设置保存当前 .htaccess 文件保存当前 wp-config.php 文件扫描完成 - 没有检测到文件被更改!扫描时间间隔扫描器正在扫描恶意软件秒保密字安全点分析安全强度表选择所有通过邮件发送备份文件在检测到更改时发送邮件发送解锁请求服务器名称服务暂时无法使用会话保存路径设置推荐的权限设置阻止 IP 地址被阻止访问您的网站的时间长度设置阻止指定 IP 地址登录的时间长度设置您希望扫描发生的频率的值设置您希望进行自动备份的频率值在 IP 地址被锁定之前设置最大登录重试次数的值为您的WP管理会话设置过期周期是一种简单的方法,可防止您的计算机未经授权访问您的网站。设置设置尚未保存 - 您的保密字必须只包含字母数字字符, 即是只能使用字母和/或数字!设置已成功更新.设置已成功保存显示 error_log 文件的最新条目: %s由于机器人通常从登录表单填写每个输入字段, 因此他们也会为特殊的隐藏蜜罐字段提交值.由于机器人通常从注册表单填写每个输入字段,因此他们还会为特殊的隐藏蜜罐字段提交值。网站信息网站锁定通知网站锁定功能设置已保存!网站响应时间监控网站的正常运行时间监控有人为以下账号请求了密码重置:有时您的主机平台会在名为 "error_log" 的文件中产生错误或警告日志.当前已添加垃圾评论发送者IP到永久阻止列表的数量:指定一个网址来重定向黑客尝试访问您的 WordPress 登录页面.在IP地址被永久阻止之前,为IP地址指定最少的垃圾评论数量。宣传我们开始输入密码.正在启动数据库前缀更改操作.....密码强度这种行为可能意味着黑客可能因为恶意原因尝试找到特定页面或网址.系统信息系统日志数据表名称前缀记下您想要阻止的 IP 地址, 并要求 superadmin 使用主站点上的 "黑名单管理器" 将这些 IP 地址添加到黑名单中.感谢您使用我们的 WordPress 安全插件. 此插件有很多安全功能."文件更改检测功能" 会通知您系统中发生的任何文件更改, 包括通过定期自动或手动扫描系统文件来添加和删除文件."wp-config.php" 文件无法修改. 请使用您最喜爱的编辑器手动修改此文件并进行搜索 变量 "$table_prefix", 并将以下值赋予该变量: %s此 %s 功能当前处于活动状态.引用了旧数据库前缀的 %s 数据表记录已成功更新!.htaccess 文件已成功修改为包含所选的 IP 地址.6G 黑名单是一个简单又灵活的黑名单, 有助于减少访问您网站的恶意网址请求的数量.6G黑名单是5G黑名单的更新和改进版本。如果您5G黑名单处于活动状态,您可以考虑启用6G黑名单。一站式 WP 安全黑名单功能为您提供禁止某些主机 IP 地址或范围以及用户代理的选项.一站式 WP 安全白名单功能可让您选择只允许某些 IP 地址或范围访问您的 WordPress 登录页面.数据库也是黑客的目标, 例如通过 SQL 注入和针对特定数据表的恶意和自动代码等方法.网络机器人设置已成功保存此处指定的网址可以是任何网站的网址, 不必是您自己的网址. 例如, 您可以尽可能创造性地将黑客发送到 CIA 或 NSA 首页.Wordpress 仪表盘默认允许管理员编辑 PHP 文件, 例如插件和主题文件.上述的防火墙功能将通过 .htaccess 文件被应用, 应该不会影响网站的整体功能.上述元信息显示了您的网站目前正在运行哪个版本的 WordPress, 因此可以帮助黑客或爬虫扫描您的网站, 以查看您是否拥有旧版本的 WordPress 或具有已知漏洞的版本.将 6G 防火墙应用于您的网站的附加优势在于它已经过 PerishablePress.com 的人员的测试和确认, 是对运行在 Apache 服务器或类似服务器上的普通 WP 网站的最佳且最不具破坏性的 .htaccess 安全规则集.高级防火墙规则通过将指定代码插入到当前活动的 .htaccess 文件中来应用.您的设置文件的内容似乎无效. 请检查您正在尝试导入设置的文件的内容.此服务器上的 Cookie 测试失败. 所以这个功能不能在本网站上使用.Cookie 测试成功. 您现在可以启用此功能.WordPress多站点有关用户注册的核心默认行为是所有用户都通过主网站注册。用户账号的数据库更新操作失败!导入的文件无法删除. 为了安全起见, 请通过媒体菜单手动删除该文件, 因为它包含安全设置的详细信息.导入的文件无法删除. 为了安全起见, 请通过媒体菜单手动删除该文件.邮件未发送。该功能仍然允许在您的网站上使用XMLRPC功能,但会停用pingback方法。此选项卡中的功能允许您为您的网站启用一些基本的防火墙安全保护规则.此选项卡中的功能可以在 .htaccess 级别阻止大多数暴力登录攻击, 从而为您的 WP 登录页面提供更好的保护, 同时减少服务器负载, 因为系统不必运行 PHP 代码来处理登录尝试.为了安全起见, 您上传的文件也被删除, 因为它包含安全设置的详细信息.防火墙功能是通过将指定代码插入到当前活动的 .htaccess 文件中来实现的.以下账号未能成功更新: 以下地址已被移除,因为其不是有效的邮箱地址:以下文件已添加到您的主机以下文件已添加到您的主机.您的主机上已更改以下文件您的主机上已更改以下文件.以下文件已从您的主机中移除以下文件已从您的主机中移除.如果您需要进行安全性调查,以下信息可能非常方便,因为其会向您显示IP范围,用户名和ID(如果适用) 以及失败登录尝试的时间/日期。密码越长越复杂, 黑客就越难 "破解", 因为更复杂的密码需要更大的计算能力和时间.选项数据表记录引用了旧数据库前缀已成功更新!密码不匹配。%s 的权限已成功更改为 %s此插件通过对 .htaccess 文件进行适当修改来实现此目的.此插件通过将相应的指令写入您的 .htaccess 文件来实现此目的.该插件检测到其无法写入 wp-config.php 文件. 只有插件可以成功写入 wp-config.php 文件时才能使用此功能.该插件检测到您正在使用多站点 WordPress 安装.此插件无法写入 .htaccess 文件. 请手动编辑文件.所选的 IP 地址现在暂时被阻止!所选的IP地址现在已被永久阻止!所选的 IP 地址现在暂时被阻止!所选的 IP 地址已被添加到黑名单中, 并将被永久阻止!所选的 IP 地址已保存到黑名单配置设置.所选的IP地址已成功添加到永久阻止列表!所选的 IP 条目已成功解除锁定!所选的 IP 条目已成功解除锁定!选定的IP已成功添加到永久阻止列表!选定的账号已成功批准!选定的账号已成功删除!选定的账号已成功批准!选定的账号已成功删除!所选条目不是有效的 IP 地址!所选条目已成功删除!所选记录已成功删除!选定的用户已成功注销!包含旧数据库前缀引用的 usermeta 数据表记录已成功更新!蜜罐工作的方式是将隐藏的区域放置在只有机器人将要提交的表单内的某处. 如果该字段在提交表单时包含一个值, 那么机器人很可能已经提交了该表单并且因此被处理.Malware 这个单词代表恶意软件. 其可以包含诸如特洛伊木马, 广告软件, 蠕虫, 间谍软件和黑客将尝试注入到您的网站的任何其他不受欢迎的代码.WordPress还可以通过其他方式显示版本信息,比如在样式和脚本加载过程中。这方面的示例如:目前没有被锁定的 IP 地址.当前没有其他网站范围的用户登录.目前没有其他用户登录.自上次扫描以来没有任何文件更改.因此, 6G 防火墙规则不应该对您网站的一般功能产生任何影响, 但是如果您希望在继续操作之前获取 %s 的 .htaccess 文件.因此, 为了进一步加强网站的安全性, 建议您将 昵称显示名称 更改为与 用户名 不同.因此,在注册页面添加验证码表单是另一种有效而简单的垃圾评论注册预防技术。因此, 如果插件在提交登录表单时检测到该字段有值, 则尝试登录到您网站的机器人将被重定向到其本地主机地址 - http://127.0.0.1.因此,如果插件在提交注册表单时检测到该字段有值,那么尝试在您的网站上注册的机器人将被重定向到其本地主机地址 - http://127.0.0.1。因此,如果您想为多站点的注册页面添加验证码表单,请转至主站点上的“注册验证码”设置。这些功能在功能上并不相关. 在您的网站上启用它们将意味着您正在创建 2 层的安全性.该字段允许您选择要保留在备份目录中的备份文件的份数该插件允许您根据其生成的404错误自动永久阻止IP地址。此插件允许您根据其原籍国自动阻止IP地址。如果您想通过将设置从一个站点应用到另一个站点来节省时间, 这可能非常方便.此功能允许您为您的网站启用更高级的防火墙设置.此功能允许您启用 %s (或传统 %s) 防火墙安全保护规则, 由 %s 设计并提供.此功能可让您在WordPress注册页面上添加验证码表单。该功能允许您在 WordPress 登录页面添加一个特殊隐藏的 "蜜罐" 字段. 这只对机器人而不是人类可见.此功能可让您在WordPress注册页面上添加一个特殊隐藏的“蜜罐”字段. 这只对机器人而不是人类可见。此功能允许您自动并永久阻止超过一定评论数量标记为垃圾评论的IP地址。此功能允许您备份和保存当前活动的 .htaccess 文件, 因为您将来需要重新使用备份的文件.此功能允许您备份并保存当前活动的 wp-config.php 文件, 如果您将来需要重新使用备份的文件.此功能可让您阻止冒充 Googlebot 的机器人, 但实际并不是. (换句话说, 他们都是假的谷歌机器人)此功能允许您通过设置您自己的 slug 并将包含 wp-login.php 的登录网址的最后部分重命名为您喜欢的任何字符串来更改登录网址.此功能允许您禁用从前端选择和复制文本的功能.此功能可让您轻松地将前缀更改为您选择的值或由此插件设置的随机值.该功能允许您监控网站上发生的所有 404 事件, 并且还可以选择阻止 IP 地址达到配置的时间长度.通过此功能, 您可以阻止访问所有 WP 安装中提供的文件, 如 %s, %s 和 %s.此功能可让您防止外部用户/机器人使用如“/?author=1”这样的网址获取用户信息。此功能可让您阻止其他网站通过 Frame 或 iFrame 显示您的任何内容.通过此功能, 您可以将所有访客锁定在网站的前端, 除了具有超级管理员权限的登录用户外, 您的网站将进入 "维护模式".此功能允许您指定以分钟为单位的时间段,之后管理会话将过期,并且用户将被强制重新登录。此功能还允许您在扫描中知道某些文件或文件夹经常作为正常操作的一部分进行更改的情况下, 将其从扫描中排除. (例如,日志文件和某些缓存插件文件可能会经常更改, 因此您可以选择从文件更改检测扫描中排除此类文件)此功能可用于您自己的自定义 .htaccess 规则和指令.如果您的网站不能正常工作,此功能可以将您锁定在管理员之外。在启用此功能之前,您%s。此功能只能由主网站上的 "超级管理员" 进行配置.此功能检测到%s未处于活动状态。强烈建议您启用Akismet插件以充分利用此功能。此功能将在BBPress新主题表单中添加一个简单的数学验证码字段。此功能将在 BuddyPress 注册表单中添加一个简单的数学验证码字段.此功能将允许您将默认的 "admin" 用户名更改为您选择的更安全的名称.此功能将允许您从网站的页面中移除WP生成的元信息和其他版本信息。如果存在,此功能还将移除“X-Pingback”header。此功能会自动将新注册的账号设置为“待处理”,直到管理员将其激活为止。因此,如果没有您的明确批准,不受欢迎的注册人将无法登录。此功能将检查和阻止未被您域名引用的评论请求, 从而大大减少服务器处理这些评论的整个博客的垃圾评论和 PHP 请求.此功能将检查机器人的用户代理信息是否包含字符串 "Googlebot".此功能将拒绝所有人访问您的 WordPress 登录页面, 除了那些在浏览器中拥有特殊 Cookie 的用户.此功能将拒绝所有未列入白名单的 IP 地址的登录访问权限, 如下面的设置中所配置的.此功能将拒绝具有与您在下面的设置中配置的 IP 地址或用户代理相匹配的用户的全部站点访问权限.此功能将禁用当前在此插件中处于活动状态的所有防火墙规则, 并且还会从 .htacess 文件中删除这些规则. 如果您认为某个防火墙规则导致您的网站出现问题, 请使用它.该功能将禁用人们通过仪表盘编辑 PHP 文件的功能.此功能将通过阻止所有不是源自您的域名的评论请求, 极大地减少垃圾评论对服务器造成的无用和不必要的流量和负载.此功能将实施防火墙规则, 以阻止所有不是来自您域名的评论尝试.通过在 .htaccess 文件中编写一些指令, 该功能将防止人们直接盗链您网站页面的图片.该功能将阻止列出所有目录的内容.此功能将扫描关键的 WP 核心文件夹和文件, 并将突出显示任何不安全的权限设置.此功能将在您的 .htaccess 文件中编写规则, 以防止您的网站被使用 XSS 进行恶意字符串攻击.此字段允许您只列出已被用于发布 X 或更多的垃圾评论的 IP 地址.如果您未输入值,则此字段默认为:http://127.0.0.1。这种黑客技术通常与跨站点脚本攻击 (XSS) 一起使用.这些信息可以方便地识别垃圾评论发送者使用最持久的 IP 地址或范围.这是一个高级字符串过滤器, 用于防止来自跨站点脚本 (XSS) 的恶意字符串攻击您的网站.这是因为来自 Google 等搜索引擎的机器人和蜘蛛有能力在您的网站上对网页进行索引时检测恶意软件, 因此他们可以将您的网站列入黑名单, 从而影响您的搜索排名.这是很好的安全措施.这通常是攻击者在能够登录时使用的第一个工具, 因为它允许执行代码.这就是攻击者使用重复的登录尝试直到他们猜到密码的地方.这就是为什么我们创建了一个易于使用的扫描服务, 该服务托管在我们自己的服务器上, 该服务器每天会对您的网站进行恶意软件扫描, 并在发现任何问题时通知您.本部分允许您导出或导入您的一站式 WP 安全 & 防火墙设置.本节包含一个有用的密码强度工具, 您可以使用它来检查您的密码是否足够强大.本部分显示在您的网站上留下垃圾评论的人员或机器人的 IP 地址列表.该设置允许您启用/禁用此插件的调试。此设置与常见的恶意字符串模式和漏洞利用相匹配, 并会为黑客尝试查询时产生 403 错误.此设置将在您的 .htaccess 中添加一条指令, 以阻止访问 WordPress 的 xmlrpc.php 文件, 该文件负责 WordPress 中的 XML-RPC 功能.发布评论时, 此设置将拒绝任何使用代理服务器的请求.此设置将在您的网站上实施 5G 安全防火墙保护机制, 其中包括以下内容:此设置将在您的网站上实施6G安全防火墙保护机制,其中包括以下内容:此设置将在您的网站上实施以下基本防火墙保护机制:这应该不会对您网站的一般功能产生任何影响, 但是如果您希望在继续操作之前获取 %s 的 .htaccess 文件.此选项卡显示当前登录到您网站的所有用户。此选项卡显示注册在您的网站上的账号的活动,这些账号已经登录使用了 WordPress 登录表单。此选项卡显示您的网站失败的登录尝试。此选项卡显示因登录锁定功能而暂时锁定的所有IP地址的列表:此选项卡显示所有永久阻止的IP地址的列表。这将阻止来自 XSS 的不良字符的匹配.这将有助于保护您免受通过 XSS 的恶意查询.404 锁定的时间长度 (分钟)锁定的时间长度 (分钟)Tips and Tricks HQ, Peter Petreski, Ruhul, Ivy要将下表中显示的一个或多个 IP 地址添加到您的黑名单, 只需点击单个行的 "阻止" 链接或 使用复选框选择多个地址, 然后从批量操作下拉列表中选择 "阻止" 选项并单击 "应用" 按钮.要阻止这些 IP 地址, 您需要在 %s 菜单中启用上述标记要创建一个新的数据库备份, 只需点击下面的按钮.要导出您的一站式 WP 安全 & 防火墙设置, 请单击下面的按钮.要详细了解如何使用此功能, 请观看以下 %s.要了解更多, 请 %s.要执行手动文件更改检测扫描, 请单击下面的按钮.要重置您的密码,请打开下面的链接:要查看所有已锁定的 IP 地址和范围的列表, 请转至仪表盘菜单中的 %s 选项卡.要指定 IP 范围, 请使用通配符 "*" 字符. 以下示例显示使用通配符为可接受的方式:要指定IPv4范围,请使用通配符“*”字符。 以下示例显示使用通配符可接受的方式:要临时锁定 IP 地址, 请将鼠标悬停在 ID 栏上, 然后单击适用 IP 条目的 "临时阻止" 链接.要使用此功能, 请执行以下操作:可达到的总分数: 追溯和跟踪通常, 大多数 404 错误都是在人们错误输入网址或使用旧链接到不存在的页面时发生的.无法更改 %s 的权限!解锁请求通知解锁链接:%s更新数据表 %s 失败: 无法将 %s 更改为 %s更新以下MySQL视图定义失败:%s使用此部分从文件中导入您的一站式 WP 安全 & 防火墙设置. 或者, 将导入文件的内容复制/粘贴到下面的文本框区域内.实用建议:用户用户账号用户登录用户登录功能 - 删除所有失败的登录记录操作失败!用户注册用户注册设置用户账号不存在!目前不允许用户注册.用户名用户名 用户名已成功更改!用户名:用户名:%s用户枚举用户枚举预防功能设置已保存!尝试注册的用户也需要输入一个简单的数学问题的答案—如果他们输入了错误的答案,插件将不允许他们注册。使用此选项将阻止对该文件的外部访问. 您仍然可以通过 FTP 登录到您的网站来访问此文件版本查看已阻止的 IP查看上次文件更改查看上次保存的文件更改结果查看最新的系统日志查看扫描详细信息 & 清除此信息查看系统日志访客锁定WP 目录和文件权限扫描结果WP 文件访问WP 生成的元信息WP生成的元标签&版本信息WP 安全WP 安全插件WP 用户名WP 版本WP 版本信息想知道更多关于此插件背后的开发人员吗?我们正在努力使你的 WordPress 网站更安全. 请用下列方式支持我们:我们为恶意软件清理提供建议星期Malware 是什么?当管理员用户登录后,该会话的功能会自动被禁用。当启用后,该功能将打印出“禁止”的错误, 而不是用户的信息。当启用后, 此功能会将在 HTTP header 中的 "X-Frame-Options" 的参数设置为"sameorigin".当您启用此复选框时, 您网站上的所有404事件都将记录在下表中。您可以监视这些事件并选择下表中列出的一些IP地址,并将它们阻止一段指定的时间。您选择从 “404事件日志”表部分被阻止的所有IP地址在指定的时间内将无法访问您的网站。当您注册这项服务时, 您将获取以下信息:当您提交文章或回复评论时, WordPress 通常会显示您的 "昵称".Woocommerce表单验证码设置WordPress 文件WordPress 文件访问WordPress XMLRPC&Pingback 漏洞保护WordPress 可以选择打开调试日志文件位于 wp-content/debug.log. 该文件可能包含敏感信息.Wordpress 会自动在站点前端的每个页面的 "head" 标签内生成并添加一些元信息. 以下是一个例子:您是否希望All In One WP Security & Firewall在您的.htaccess文件中重新插入安全规则,这些安全规则在停用插件时已被清除吗?由于多次登陆失败,您已经被锁定。现在, 您已注销.仍然建议您备份您的活动 .htaccess 文件以防万一.因此, 强烈建议您在应用此功能之前备份您的活动 .htaccess 文件.当您将鼠标悬停在用户ID栏中的行上时,您也可以通过单击“强制注销”链接立即将其注销。您还可以使用备份的 .htaccess 文件恢复您网站的 .htaccess 设置.您还可以使用备份的 wp-config.php 文件恢复您网站的 wp-config.php 设置.如果您想将其包含在登录白名单中, 可以在下面的文本框中复制并粘贴此地址.您可以从扫描中排除通常不会造成任何安全威胁的文件类型(如果它们已更改). 这些可以包括诸如图片之类的文件.您可以从扫描中排除指定的文件/目录, 如果这些文件/目录发生更改, 通常不会造成任何安全威胁. 这些可以包括诸如日志之类的文件.您可以锁定记录在下面 "404 事件日志" 表中的任何 IP 地址.您可以使用下面的设置来配置您希望使用哪个$_SERVER全局来获取IP地址。您可以通过下面的便捷列表查看所有新注册的账号,也可以在每个账号上执行批量激活/停用/删除任务。你不能禁止你自己的 IP 地址: 您无法使用 "wp-admin" 值作为您的登录页面 slug.您目前没有因垃圾评论而永久阻止的 IP 地址。您为 "备份时间间隔" 字段输入了一个非数字值. 其将被设置为默认值.您为 "保留的备份文件份数" 字段输入了非数字值. 其将被设置为默认值.您为锁定时间长度字段输入了非数字值. 其将被设置为默认值.您为登录重试时间段字段输入了非数字值. 其将被设置为默认值.您为注销时间段字段输入了非数字值。其将被设置为默认值。您为最大登录尝试字段输入了非数字值. 其将被设置为默认值.您为每个 IP 字段的最低垃圾评论输入了非数字值. 其将被设置为默认值.您为垃圾评论的最小数量字段输入了非数字值。其将被设置为默认值。您为 "重定向网址" 字段输入了错误的格式. 其将被设置为默认值.您输入了一个无效的用户名. 请输入另一个值. 您输入的邮箱地址格式不正确. 其将被设置为默认的 WordPress 管理员的邮箱地址.您已成功登录.您已请求通过邮件地址%s进行账号解锁。请点击以下链接进行账号解锁:您已成功启用基于 Cookie 的暴力防御功能您已成功保存基于 Cookie 的暴力破解预防功能设置.您已经成功保存了 5G/6G 防火墙保护配置您已经成功保存了其他防火墙保护配置您已成功保存防止访问默认 WP 文件配置.您可能对我们的%s也感兴趣。您也可能对以下替代暴力预防功能感兴趣:您可能还想要查看我们的 %s 功能, 以获取另一种安全的方式来防范这些类型的攻击.对于垃圾评论的最小数量字段,您必须输入一个大于零的整数. 其将被设置为默认值。您必须使用字母数字字符作为登录页面 slug.你已被注销, 因为你刚刚更改了 "管理员" 的用户名.您的 ".htaccess" 文件是您网站安全性的关键组成部分, 可以对其进行修改以实现各种级别的保护机制.你的 "wp-config.php" 文件是你的 WordPress 安装中最重要的文件之一. 它是主要的配置文件, 包含重要的内容, 如数据库的详细信息和其他关键组件.您的 .htaccess 文件已成功恢复!您的 .htaccess 文件已成功备份! 使用 FTP 程序转至 "/wp-content/aiowps_backups" 目录以将文件副本保存到您的计算机.您的 AIOWPS 设置已通过文件输入成功导入.您的 AIOWPS 设置已通过文本输入成功导入.您的 AIOWPS 设置已成功导入. 您上传的文件也出于安全目的而被删除, 因为它包含安全设置的详细信息.您的验证码答案不正确,请重试。您当前的 IP 地址您数据库备份文件的位置: 您的 PHP 文件编辑设置已成功保存.您的 WP 安装已经为文件系统提供了合理安全的文件权限设置.您的 WordPress 数据库是您网站最重要的资产, 因为其包含了大量网站的宝贵信息.您的 WordPress 文件和文件夹权限设置控制组成 WP 安装的文件和文件夹的可访问性和读/写权限.您的 WordPress 登录页面网址已重命名.你的 WordPress 系统总共有 %s 个数据表, 你的新数据库前缀是: %s您的账号现已启用您账号使用的用户名: 您当前的登录网址是:您新的 WordPress 登录网址现在是:您的密码已重置。您的密码重置链接似乎无效. 请在下面申请一个新的链接.您的密码重置链接已过期. 请在下面申请一个新的链接.您的注册正在等待审核。您的会话已过期, 因为您上次登录后已超过 %d 分钟.您的网站目前拥有以下拥有相同登录名和显示名称的账号.您的网站没有显示名称与用户名相同的用户账号.您的网站没有任何使用默认 "admin" 用户名的账号. 您网站目前正在使用默认的 WordPress 数据库前缀值 "wp_". 为了提高网站的安全性, 您应该考虑将数据库前缀值更改为另一个值.您的 wp-config.php 文件已成功恢复![%s] 密码重置已阻止bmpcache/config/master.php81811155414htaccess 恢复操作失败! 请检查您尝试从中恢复的文件的内容.htaccess 备份失败。在备份过程中, .htaccess文件重命名失败. 请使用 FTP 检查您的根目录中的备份文件.htaccess 文件恢复失败. 请尝试使用 FTP 手动恢复 .htaccess.https://cn.wordpress.org/https://codex.wordpress.org/Cookieshttps://cn.wordpress.org/https://wordpress.org/support/https://www.tipsandtricks-hq.com/https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-pluginjpg修改于:9191%1$s of %2$spng717只需记住在当前的网站网址地址中添加 "?%s=1" 即可.616somedirectory10133破解您的密码!12202从文件恢复 wp-config 文件wp-config.php 文件操作wp-config.php 恢复操作失败! 请检查您尝试从中恢复的文件的内容.wp-config.php 文件恢复失败. 请尝试使用 FTP 手动恢复此文件.wp-config.php 文件已成功更新!