{"id":604,"date":"2018-01-25T15:37:12","date_gmt":"2018-01-25T15:37:12","guid":{"rendered":"http:\/\/govinddas.com\/?p=604"},"modified":"2018-01-25T15:37:12","modified_gmt":"2018-01-25T15:37:12","slug":"must-installing-new-wordpress","status":"publish","type":"post","link":"https:\/\/govinddas.com\/index.php\/must-installing-new-wordpress\/","title":{"rendered":"Must to do while installing new wordpress"},"content":{"rendered":"<div class=\"nectar-fancy-ul animated-in\" data-list-icon=\"icon-chevron-right\" data-animation=\"true\" data-animation-delay=\"0\" data-color=\"accent-color\" data-alignment=\"left\">\n<ul>\n<li>Part 1:&nbsp;<a title=\"WordPress Security and the Simple Firewall Plugin \u2013 Part 1, Why did we build it?\" href=\"https:\/\/www.icontrolwp.com\/?p=4748\" target=\"_blank\" rel=\"noopener\">Why we built the Shield<\/a><\/li>\n<li><i class=\"icon-default-style icon-chevron-right accent-color\"><\/i>Part 2:&nbsp;<a title=\"WordPress Security and the Simple Firewall Plugin \u2013 Part 2, Plugin Self Protection Security\" href=\"https:\/\/www.icontrolwp.com\/?p=4764\" target=\"_blank\" rel=\"noopener\">WordPress Super Admin Protection<\/a><\/li>\n<li><i class=\"icon-default-style icon-chevron-right accent-color\"><\/i>Part 3: WordPress Firewall Feature<\/li>\n<li><i class=\"icon-default-style icon-chevron-right accent-color\"><\/i>Part 4:&nbsp;<a title=\"WordPress Security and the Simple Firewall Plugin \u2013 Part 4, The Login Protection Feature\" href=\"https:\/\/www.icontrolwp.com\/?p=4820\" target=\"_blank\" rel=\"noopener\">WordPress Login and Brute Force Hacking Protection<\/a><\/li>\n<li><i class=\"icon-default-style icon-chevron-right accent-color\"><\/i>Part 5:&nbsp;<a title=\"WordPress Security and the Simple Firewall Plugin \u2013 Part 5, Ultimate Comment SPAM Killer\" href=\"https:\/\/www.icontrolwp.com\/?p=4881\" target=\"_blank\" rel=\"noopener\">The WordPress Comment SPAM Killer<\/a><\/li>\n<li><i class=\"icon-default-style icon-chevron-right accent-color\"><\/i>Part 6:&nbsp;<a title=\"Part 6, WordPress Automatic Updates \u2013 WordPress Security and the Simple Firewall Plugin\" href=\"https:\/\/www.icontrolwp.com\/?p=4938\" target=\"_blank\" rel=\"noopener\">WordPress Automatic Updates Management<\/a><\/li>\n<\/ul>\n<\/div>\n<div class=\"wpb_text_column wpb_content_element \">\n<div class=\"wpb_wrapper\">\n<p>The Firewall module is&nbsp;just one part of the whole Shield security system.<\/p>\n<p>In this part of the series we\u2019ll&nbsp;detail what exactly the firewall is, what it does, how it works, and how you should configure it.<\/p>\n<h2>What is the WordPress Firewall and how does it work?<\/h2>\n<p>The firewall component of the plugin is an&nbsp;<strong>Application Level Firewall<\/strong>.<\/p>\n<p>This means it only acts, and&nbsp;<em>can only act<\/em>, at the WordPress level. It does not, and cannot ever, affect lower levels on the server. It can never block incoming connections from IP addresses and\/or to ports on the server. &nbsp;No WordPress plugin can do this.<\/p>\n<p>No WordPress plugin can do this, no matter what they tell you.<\/p>\n<p>We don\u2019t write to the core .htaccess files&nbsp;<a title=\"WordPress Security and the Simple Firewall Plugin \u2013 Part 1, Why did we build it?\" href=\"https:\/\/www.icontrolwp.com\/?p=4748\">on principle<\/a>, so we don\u2019t affect how Apache handles web requests. Instead, we examine the data in these requests and then&nbsp;<em>allow<\/em>&nbsp;or&nbsp;<em>block<\/em>&nbsp;WordPress from loading depending on the rules you have chosen.<\/p>\n<p>The plugin analyses the information contained within the&nbsp;<code>GET<\/code>&nbsp;and&nbsp;<code>POST<\/code>&nbsp;data sent to your site. This is&nbsp;<a href=\"https:\/\/icontrolwp.freshdesk.com\/support\/solutions\/articles\/3000001060\" target=\"_blank\" rel=\"noopener\">explained in more detail here<\/a>.<\/p>\n<p>When it detects something that it doesn\u2019t like \u2013 it\u2019ll kill that web request and prevent WordPress from loading any further.<\/p>\n<p>In this way, it prevents WordPress from receiving\/using malicious data that\u2019s been sent to it to for the purpose of causing trouble.<\/p>\n<h2>Understanding the WordPress Firewall options<\/h2>\n<p>The firewall component of the plugin has a number of options associated with it. Below is an outline of these to help better understand each section:<\/p>\n<h3>Firewall Block Response<\/h3>\n<div id=\"attachment_4795\" class=\"wp-caption alignright\"><a href=\"https:\/\/www.icontrolwp.com\/newwp\/wp-content\/uploads\/2014\/05\/wordpress-simple-firewall-block-response-options.png\" rel=\"lightbox[4788]\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-4795 size-medium\" src=\"https:\/\/www.icontrolwp.com\/newwp\/wp-content\/uploads\/2014\/05\/wordpress-simple-firewall-block-response-options-300x162.png\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" srcset=\"https:\/\/www.icontrolwp.com\/newwp\/wp-content\/uploads\/2014\/05\/wordpress-simple-firewall-block-response-options-300x162.png 300w, https:\/\/www.icontrolwp.com\/newwp\/wp-content\/uploads\/2014\/05\/wordpress-simple-firewall-block-response-options.png 693w\" alt=\"WordPress Firewall Block Response Options\" width=\"300\" height=\"162\"><\/a><\/p>\n<p class=\"wp-caption-text\">WordPress Firewall Block Response Options<\/p>\n<\/div>\n<p>This option specifies&nbsp;how the plugin will respond when the firewall detects malicious data. You have 4 possible responses:<\/p>\n<ul>\n<li>[<em>default<\/em>] kill the running PHP process and display a friendly message<\/li>\n<li>immediately kill the running PHP process<\/li>\n<li>redirect the web request to a 404 page<\/li>\n<li>redirect the web request to the homepage<\/li>\n<\/ul>\n<p>Whichever you choose is down to your personal preference. We recommend the first one (the default) so that in the case a legitimate visitor trips the firewall with a false positive, it can be more easily identified and reported.<\/p>\n<p><strong>Send Email Report<\/strong>: This option, when enabled will&nbsp;send the administrator an email notifying them of a firewall block incident.<br \/>\nWe recommend to keep this turned off. There is just no need to bother with these notices. It\u2019s useful however when you are debugging the firewall when you suspect interference with\/from other plugins.<\/p>\n<hr>\n<h3>Firewall White Listing and Ignore Options<\/h3>\n<div id=\"attachment_5586\" class=\"wp-caption alignright\"><a href=\"https:\/\/www.icontrolwp.com\/newwp\/wp-content\/uploads\/2014\/05\/shield-plugin-screenshot-firewall-settings-whitelist.png\" rel=\"lightbox[4788]\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-5586 size-medium\" src=\"https:\/\/www.icontrolwp.com\/newwp\/wp-content\/uploads\/2014\/05\/shield-plugin-screenshot-firewall-settings-whitelist-300x269.png\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" srcset=\"https:\/\/www.icontrolwp.com\/newwp\/wp-content\/uploads\/2014\/05\/shield-plugin-screenshot-firewall-settings-whitelist-300x269.png 300w, https:\/\/www.icontrolwp.com\/newwp\/wp-content\/uploads\/2014\/05\/shield-plugin-screenshot-firewall-settings-whitelist-768x688.png 768w, https:\/\/www.icontrolwp.com\/newwp\/wp-content\/uploads\/2014\/05\/shield-plugin-screenshot-firewall-settings-whitelist.png 956w\" alt=\"WordPress Firewall White List Settings\" width=\"300\" height=\"269\"><\/a><\/p>\n<p class=\"wp-caption-text\">Shield Plugin: Firewall White List Settings<\/p>\n<\/div>\n<p>It\u2019s possible to specify certain factors that completely by-pass all Firewall checking.<\/p>\n<p>These options should be used sparingly and with caution since you never want to white list anyone, even yourself, unless you really must.<\/p>\n<p><strong>Whitelist Parameters<\/strong>: This is an advanced setting where you can by-pass the firewall for a given page such as \u2018hello.php\u2019, or by-pass the firewall for a given parameter sent to that page. This is useful where certain pages\/plugins submit data that you always want to leave untouched&nbsp;by the firewall.<\/p>\n<p><strong>Ignore Administrators<\/strong>: This is&nbsp;<em>not<\/em>&nbsp;a recommended option, but if you want&nbsp;to ensure that administrators are never affected by the firewall, turn this option on.<\/p>\n<p><strong>Ignore Search Engines<\/strong>: Again, this is&nbsp;<em>not<\/em>&nbsp;recommended, but if for any reason you think search engines are being blocked from crawling your site based on certain \u201cGET\u201d data on your pages, turn this on.<\/p>\n<p>In general, there is no need to white list anything unless there is a compatibility issue to deal with.<\/p>\n<hr>\n<h3>Firewall Blocking Options<\/h3>\n<div id=\"attachment_5584\" class=\"wp-caption alignright\"><a href=\"https:\/\/www.icontrolwp.com\/newwp\/wp-content\/uploads\/2014\/05\/shield-plugin-screenshot-firewall-settings.png\" rel=\"lightbox[4788]\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-5584 size-medium\" src=\"https:\/\/www.icontrolwp.com\/newwp\/wp-content\/uploads\/2014\/05\/shield-plugin-screenshot-firewall-settings-201x300.png\" sizes=\"auto, (max-width: 201px) 100vw, 201px\" srcset=\"https:\/\/www.icontrolwp.com\/newwp\/wp-content\/uploads\/2014\/05\/shield-plugin-screenshot-firewall-settings-201x300.png 201w, https:\/\/www.icontrolwp.com\/newwp\/wp-content\/uploads\/2014\/05\/shield-plugin-screenshot-firewall-settings-768x1148.png 768w, https:\/\/www.icontrolwp.com\/newwp\/wp-content\/uploads\/2014\/05\/shield-plugin-screenshot-firewall-settings-685x1024.png 685w, https:\/\/www.icontrolwp.com\/newwp\/wp-content\/uploads\/2014\/05\/shield-plugin-screenshot-firewall-settings.png 963w\" alt=\"WordPress Firewall Settings\" width=\"201\" height=\"300\"><\/a><\/p>\n<p class=\"wp-caption-text\">Shield Plugin: Firewall Settings<\/p>\n<\/div>\n<p>At the time of writing there are 8 firewall options that determine what data is checked on each page request. Depending on certain incompatibilities with other plugins, you may need to disable certain options to ensure maximum compatibility.<\/p>\n<p><strong>Include Cookies<\/strong>: Default \u2013 Off. This is a throwback to the \u2018WordPress Firewall 2\u2019 plugin. As mentioned earlier, the firewall examines the data with GET and POST, but with this option enabled, you can also have it check the site cookies.<\/p>\n<p><strong>Directory Traversals<\/strong>: Default \u2013 On. There is typically no need for file paths that indicates attempts to move between directories on the filesystem. Be careful, as this might interfere with sites that publish content containing code snippets \u2013 it might be an idea to use the \u201cignore administrators\u201d option mentioned above.<\/p>\n<p><strong>WordPress Terms<\/strong>: Default \u2013 Off. Malicious requests might try and reference common WordPress terms in their attacks \u2013 this option ensures that some of the most common terms are restricted. If any option is likely to interfere with normal operations, it\u2019s probably this one.<\/p>\n<p><strong>Field Truncation<\/strong>: Default \u2013 On. Much like file system traversals, you typically shouldn\u2019t have SQL queries in data submitted to your site. This option will try to look for keywords and patterns associated with SQL queries.<\/p>\n<p><strong>PHP Code<\/strong>: Default \u2013 Off. Again, just like SQL, WordPress terms etc., you typically shouldn\u2019t have PHP code in data submitted to your site. If you use the plugins\/themes editor, this might trip the Firewall checks.<\/p>\n<p><strong>Exe File Uploads<\/strong>: Default \u2013 Off. When files are uploaded to your site, it looks for executable file extensions such as .dll, .php, .exe, .py etc.<\/p>\n<p><strong>Leading Schemas<\/strong>: Default \u2013 Off. This option looks for things like \u201chttp:\/\/\u201d and \u201chttps:\/\/\u201d and it the option most likely to cause issues.<\/p>\n<hr>\n<h2>WordPress Firewall Feature Summary<\/h2>\n<p>As you can see, Shield\u2019s Firewall component is full-featured and easily customized&nbsp;to fit as many site configurations as possible.<\/p>\n<p>Firewall checking begins right after all site plugins are loaded and before WordPress really begins to kick-off. Of course, adding all this checking to every page request adds extra processing, but we\u2019ve written the firewall component (just like the rest) to be as efficient as possible and to only scan where there is data to process.<\/p>\n<p>If you have any questions about the firewall, or wish to request some features, please drop us a message in the comments section below, or&nbsp;<a title=\"Contact Us\" href=\"https:\/\/www.icontrolwp.com\/help-support\/contact\/\" target=\"_blank\" rel=\"noopener\">contact us in our support centre<\/a>.<\/p>\n<\/div>\n<\/div>\n<div class=\"pvc_clear\"><\/div>\n<p id=\"pvc_stats_604\" class=\"pvc_stats all  \" data-element-id=\"604\" style=\"\"><i class=\"pvc-stats-icon medium\" aria-hidden=\"true\"><svg aria-hidden=\"true\" focusable=\"false\" data-prefix=\"far\" data-icon=\"chart-bar\" role=\"img\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 512 512\" class=\"svg-inline--fa fa-chart-bar fa-w-16 fa-2x\"><path fill=\"currentColor\" d=\"M396.8 352h22.4c6.4 0 12.8-6.4 12.8-12.8V108.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v230.4c0 6.4 6.4 12.8 12.8 12.8zm-192 0h22.4c6.4 0 12.8-6.4 12.8-12.8V140.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v198.4c0 6.4 6.4 12.8 12.8 12.8zm96 0h22.4c6.4 0 12.8-6.4 12.8-12.8V204.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v134.4c0 6.4 6.4 12.8 12.8 12.8zM496 400H48V80c0-8.84-7.16-16-16-16H16C7.16 64 0 71.16 0 80v336c0 17.67 14.33 32 32 32h464c8.84 0 16-7.16 16-16v-16c0-8.84-7.16-16-16-16zm-387.2-48h22.4c6.4 0 12.8-6.4 12.8-12.8v-70.4c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v70.4c0 6.4 6.4 12.8 12.8 12.8z\" class=\"\"><\/path><\/svg><\/i> <img loading=\"lazy\" decoding=\"async\" width=\"16\" height=\"16\" alt=\"Loading\" src=\"https:\/\/govinddas.com\/wp-content\/plugins\/page-views-count\/ajax-loader-2x.gif\" border=0 \/><\/p>\n<div class=\"pvc_clear\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Part 1:&nbsp;Why we built the Shield Part 2:&nbsp;WordPress Super Admin Protection Part 3: WordPress Firewall Feature Part 4:&nbsp;WordPress Login and Brute Force Hacking Protection Part 5:&nbsp;The WordPress Comment SPAM Killer Part 6:&nbsp;WordPress Automatic Updates Management The Firewall module is&nbsp;just one part of the whole Shield security system. In this part of the series we\u2019ll&nbsp;detail what exactly the firewall is, what it does, how it works, and how you should configure it. What is the WordPress Firewall and how does it&#8230;<\/p>\n<p class=\"read-more\"><a class=\"btn btn-default\" href=\"https:\/\/govinddas.com\/index.php\/must-installing-new-wordpress\/\"> Read More<span class=\"screen-reader-text\">  Read More<\/span><\/a><\/p>\n<div class=\"pvc_clear\"><\/div>\n<p id=\"pvc_stats_604\" class=\"pvc_stats all  \" data-element-id=\"604\" style=\"\"><i class=\"pvc-stats-icon medium\" aria-hidden=\"true\"><svg aria-hidden=\"true\" focusable=\"false\" data-prefix=\"far\" data-icon=\"chart-bar\" role=\"img\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 512 512\" class=\"svg-inline--fa fa-chart-bar fa-w-16 fa-2x\"><path fill=\"currentColor\" d=\"M396.8 352h22.4c6.4 0 12.8-6.4 12.8-12.8V108.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v230.4c0 6.4 6.4 12.8 12.8 12.8zm-192 0h22.4c6.4 0 12.8-6.4 12.8-12.8V140.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v198.4c0 6.4 6.4 12.8 12.8 12.8zm96 0h22.4c6.4 0 12.8-6.4 12.8-12.8V204.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v134.4c0 6.4 6.4 12.8 12.8 12.8zM496 400H48V80c0-8.84-7.16-16-16-16H16C7.16 64 0 71.16 0 80v336c0 17.67 14.33 32 32 32h464c8.84 0 16-7.16 16-16v-16c0-8.84-7.16-16-16-16zm-387.2-48h22.4c6.4 0 12.8-6.4 12.8-12.8v-70.4c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v70.4c0 6.4 6.4 12.8 12.8 12.8z\" class=\"\"><\/path><\/svg><\/i> <img loading=\"lazy\" decoding=\"async\" width=\"16\" height=\"16\" alt=\"Loading\" src=\"https:\/\/govinddas.com\/wp-content\/plugins\/page-views-count\/ajax-loader-2x.gif\" border=0 \/><\/p>\n<div class=\"pvc_clear\"><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[1],"tags":[],"class_list":["post-604","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/govinddas.com\/index.php\/wp-json\/wp\/v2\/posts\/604","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/govinddas.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/govinddas.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/govinddas.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/govinddas.com\/index.php\/wp-json\/wp\/v2\/comments?post=604"}],"version-history":[{"count":0,"href":"https:\/\/govinddas.com\/index.php\/wp-json\/wp\/v2\/posts\/604\/revisions"}],"wp:attachment":[{"href":"https:\/\/govinddas.com\/index.php\/wp-json\/wp\/v2\/media?parent=604"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/govinddas.com\/index.php\/wp-json\/wp\/v2\/categories?post=604"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/govinddas.com\/index.php\/wp-json\/wp\/v2\/tags?post=604"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}