WEBVTT 1 00:00:07.890 --> 00:00:11.075 Probably the most important part of AdminTools 2 00:00:11.173 --> 00:00:13.173 is the Web Application Firewall, 3 00:00:13.601 --> 00:00:16.562 as this provides a suite of tools to protect your web site. 4 00:00:18.183 --> 00:00:20.626 We can configure it from the Security section 5 00:00:20.874 --> 00:00:23.944 by selecting "Web Application Firewall". 6 00:00:25.024 --> 00:00:27.024 Here you can see several options. 7 00:00:27.491 --> 00:00:28.753 The most important one 8 00:00:28.831 --> 00:00:31.324 (and the one we will concentrate on is this video) 9 00:00:31.324 --> 00:00:33.324 is Configure WAF. 10 00:00:33.605 --> 00:00:35.605 WAF is just an abbreviation 11 00:00:35.540 --> 00:00:37.540 for Web Application Firewall. 12 00:00:39.025 --> 00:00:41.743 Click on the Configure WAF icon. 13 00:00:42.919 --> 00:00:45.965 The first part covers the Basic Protection Features. 14 00:00:46.639 --> 00:00:48.639 whether we should allow administrators 15 00:00:48.694 --> 00:00:51.962 access to the web site based on an IP address 16 00:00:52.545 --> 00:00:55.419 or whether we should use a custom admin url. 17 00:00:56.067 --> 00:00:58.756 (This is covered in more detail in the video 18 00:00:59.104 --> 00:01:01.104 “restricting access to WordPress” 19 00:01:02.680 --> 00:01:04.680 Moving on to the Request Filtering. 20 00:01:05.123 --> 00:01:07.123 This is the important stuff that protects 21 00:01:07.123 --> 00:01:09.123 your web site from malicious people. 22 00:01:09.869 --> 00:01:11.869 I strongly recommend that you 23 00:01:11.955 --> 00:01:13.955 stick to these defaults settings. 24 00:01:14.779 --> 00:01:16.889 You can read all about these options 25 00:01:16.972 --> 00:01:18.972 in the information areas 26 00:01:19.037 --> 00:01:21.620 and you will find even more details in the documentation 27 00:01:21.728 --> 00:01:24.845 section at the akeebabackup.com web site. 28 00:01:26.095 --> 00:01:28.712 With this default setting your web site 29 00:01:28.830 --> 00:01:30.112 is being protected 30 00:01:30.182 --> 00:01:32.182 from many of the most common types 31 00:01:32.247 --> 00:01:34.642 of vulnerability that exist on the web. 32 00:01:35.823 --> 00:01:38.409 The next tab covers Hardening options. 33 00:01:39.052 --> 00:01:41.052 The first of these, when enabled, 34 00:01:41.052 --> 00:01:42.904 will warn users 35 00:01:42.909 --> 00:01:45.999 when they register if they are using a well known password. 36 00:01:46.366 --> 00:01:49.547 and you can limit this warning to different user groups. 37 00:01:50.436 --> 00:01:52.436 The next two will remove links 38 00:01:52.553 --> 00:01:54.553 in the header of your site for RSS 39 00:01:54.573 --> 00:01:56.573 or remote blog clients 40 00:01:56.544 --> 00:01:58.544 If you are at all unsure 41 00:01:58.802 --> 00:02:01.602 I recommend that you leave these at the default of no. 42 00:02:03.542 --> 00:02:05.542 By default WordPress sets session 43 00:02:05.607 --> 00:02:07.607 duration to 48 hours 44 00:02:07.721 --> 00:02:09.721 or 2 weeks if the option 45 00:02:09.721 --> 00:02:10.796 remember me is checked. 46 00:02:17.112 --> 00:02:19.112 47 00:02:11.035 --> 00:02:13.035 This is a very long time 48 00:02:12.849 --> 00:02:14.849 and you can change the duraation here. 49 00:02:16.064 --> 00:02:18.064 The most importaant option on this page 50 00:02:19.232 --> 00:02:20.486 is whether we treat failed logins 51 00:02:20.560 --> 00:02:22.560 as security exceptions. 52 00:02:22.848 --> 00:02:24.848 By default this is set to Yes 53 00:02:25.061 --> 00:02:27.061 and you shoyuld leave it at this. 54 00:02:27.250 --> 00:02:30.442 We will talk about security exceptions later. 55 00:02:31.991 --> 00:02:33.991 Finaly we can prevent anyone 56 00:02:34.126 --> 00:02:36.126 from signing up to our web site from a 57 00:02:36.323 --> 00:02:38.323 domain. Perhaps 58 00:02:38.503 --> 00:02:40.503 you want to block anyone using a disposable 59 00:02:40.674 --> 00:02:42.674 email address such as those 60 00:02:42.674 --> 00:02:43.903 from mailinator. 61 00:02:44.452 --> 00:02:47.330 Simply enter the domains you wish to block here. 62 00:02:49.475 --> 00:02:51.822 In the cloaking tab you will find some options 63 00:02:52.405 --> 00:02:55.120 to hide the type of web site that you are running. 64 00:02:55.302 --> 00:02:57.302 Many people believe that it's good to hide 65 00:02:57.320 --> 00:03:00.062 the fact that you are using WordPress for your web site. 66 00:03:01.220 --> 00:03:03.220 There are many ways you can identify 67 00:03:03.306 --> 00:03:05.306 a web site as running WordPress, 68 00:03:05.346 --> 00:03:07.854 one of which is the metagenerator tag. 69 00:03:09.056 --> 00:03:11.056 If you wish to you can hide or 70 00:03:11.091 --> 00:03:13.109 customise this tag by setting 71 00:03:13.197 --> 00:03:15.443 this to "yes" and setting your own 72 00:03:15.742 --> 00:03:17.742 generator tag here if you so wish 73 00:03:17.943 --> 00:03:20.642 Perhaps as a joke you might 74 00:03:20.726 --> 00:03:22.480 want to set it to Joomla. 75 00:03:23.866 --> 00:03:26.206 Project Honeypot is an external application. 76 00:03:26.948 --> 00:03:28.948 It is designed to prevent people using 77 00:03:29.125 --> 00:03:31.125 contact forms for spam. 78 00:03:31.141 --> 00:03:33.441 You can find out more about Project Honeypot 79 00:03:33.441 --> 00:03:37.041 at their website following the link from here. 80 00:03:38.904 --> 00:03:40.904 The final sections cover logging 81 00:03:41.011 --> 00:03:43.011 and blocking repeat offenders. 82 00:03:43.501 --> 00:03:45.501 Before blocking anyone you might 83 00:03:45.536 --> 00:03:47.961 want to ensure that users from a certain 84 00:03:47.855 --> 00:03:49.855 IP address or domains are 85 00:03:49.904 --> 00:03:52.852 never blocked by adding them to a whitelist. 86 00:03:54.226 --> 00:03:56.226 Each time someone makes a failed attempt 87 00:03:56.297 --> 00:03:57.555 we log it, 88 00:03:57.826 --> 00:03:59.826 and after a defined number of attempts 89 00:04:00.038 --> 00:04:01.570 we block them from accessing 90 00:04:01.578 --> 00:04:02.871 our web site completely. 91 00:04:03.968 --> 00:04:05.968 The way to do this is by IP address. 92 00:04:06.967 --> 00:04:08.967 An IP address is a unique number 93 00:04:08.967 --> 00:04:10.967 assigned to every internet connection. 94 00:04:11.557 --> 00:04:13.557 Of course this isn't perfect 95 00:04:13.557 --> 00:04:15.557 because a good hacker may well be using 96 00:04:15.557 --> 00:04:17.171 a randomised IP address, 97 00:04:17.328 --> 00:04:19.328 but it does prevent the script kiddie. 98 00:04:20.566 --> 00:04:22.566 So I recommend that you set this to yes. 99 00:04:23.876 --> 00:04:25.876 Now we need to decide - do we want to 100 00:04:25.876 --> 00:04:27.876 email someone to say that there 101 00:04:27.876 --> 00:04:29.478 there has been an automatic ban. 102 00:04:30.752 --> 00:04:32.752 I'd like to know that something is going on 103 00:04:33.041 --> 00:04:35.566 so I'm going to put my own email address in there. 104 00:04:36.736 --> 00:04:38.736 I can now choose what the trigger 105 00:04:38.639 --> 00:04:40.033 is for the ban. 106 00:04:40.144 --> 00:04:42.924 By default it is 3 attacks in 1 minute, 107 00:04:43.239 --> 00:04:45.239 but you can change that to whatever 108 00:04:45.239 --> 00:04:46.932 criteria you want. 109 00:04:47.490 --> 00:04:50.099 Then it's how long you want to ban that person for. 110 00:04:51.325 --> 00:04:53.325 I usually set that to 1 day. 111 00:04:54.213 --> 00:04:56.213 We can additionaly permanently 112 00:04:56.473 --> 00:04:57.954 block an ip address if it is a 113 00:04:57.909 --> 00:04:59.909 repeat offender. 114 00:05:00.463 --> 00:05:02.463 When a person tries to access your 115 00:05:02.454 --> 00:05:04.454 site from a blocked IP 116 00:05:04.623 --> 00:05:06.623 the onlly thing they will see is this 117 00:05:06.753 --> 00:05:09.564 message which you can customise if you wish. 118 00:05:11.856 --> 00:05:15.485 There are a few different types of logging that AdminTools offers you. 119 00:05:16.520 --> 00:05:18.520 First it is possible to add a note 120 00:05:18.623 --> 00:05:20.623 for every single user to store 121 00:05:20.750 --> 00:05:23.147 the IP address that they used when they signed up. 122 00:05:23.312 --> 00:05:25.312 You may need to log this 123 00:05:25.478 --> 00:05:27.478 for regulatory purposes 124 00:05:27.651 --> 00:05:29.651 if so you should enable it. 125 00:05:30.398 --> 00:05:33.490 Now is the main one which is logging the security exceptions. 126 00:05:34.656 --> 00:05:36.656 Obviously we want to log them 127 00:05:36.656 --> 00:05:38.656 so this should remain set to yes. 128 00:05:39.549 --> 00:05:44.397 Again we can choose to send an email on every single security exception. 129 00:05:45.228 --> 00:05:49.294 If you want to apply this just enter your email address in here. 130 00:05:50.332 --> 00:05:52.332 Personally I don't bother setting this, 131 00:05:52.679 --> 00:05:54.679 as there can be quite a lot of exceptions 132 00:05:54.994 --> 00:05:57.394 they just mean someone has tried and failed. 133 00:05:57.850 --> 00:06:00.860 I only know want to know if someone has been blocked. 134 00:06:01.695 --> 00:06:03.575 However, you might want to choose to 135 00:06:03.522 --> 00:06:05.522 enable the next one - to send an 136 00:06:05.579 --> 00:06:07.579 email every time somebody logs in 137 00:06:07.637 --> 00:06:09.175 to your administrator. 138 00:06:09.637 --> 00:06:11.637 Now if you've got a lot of administrators 139 00:06:11.637 --> 00:06:13.192 you probably don't want to set this. 140 00:06:14.174 --> 00:06:16.852 But if you are the only one and somebody 141 00:06:16.867 --> 00:06:18.867 is able to log in then that's a 142 00:06:18.925 --> 00:06:21.524 security issue and I'd want to know about it. 143 00:06:21.697 --> 00:06:24.198 So I'm going to enter my email address in there 144 00:06:24.567 --> 00:06:27.879 so that now if anybody logs in to the 145 00:06:28.185 --> 00:06:30.978 administrator of this web site I will be notified. 146 00:06:32.082 --> 00:06:34.082 Once you've configured the Web Application Firewall 147 00:06:34.082 --> 00:06:36.082 exactly how you want it 148 00:06:36.082 --> 00:06:37.332 and made sure that 149 00:06:37.265 --> 00:06:39.265 you've read the documentation to understand 150 00:06:39.361 --> 00:06:42.417 what the settings are, press Save Changes 151 00:06:42.753 --> 00:06:44.753 and all those configured options 152 00:06:44.753 --> 00:06:46.753 for the Web Application Firewall 153 00:06:46.761 --> 00:06:48.761 are now in operation.