Installing “AntiHacker” can be done:
1) By searching for “Antihacker” via the “Plugins > Add New” screen in your WordPress dashboard;
or
2) Download the plugin via WordPress.org
Upload the ZIP file through the ‘Plugins > Add New > Upload’ screen in your WordPress dashboard
Activate the plugin through the ‘Plugins’ menu in WordPress
or
3) By FTP, extract the zip file and just drop the contents in the wp-content/plugins/ directory of your WordPress installation and then activate the Plugin from Plugins page.
After Install, look for the Anti Hacker at your wordpress Menu
Open the Whitelist tab and add your IP address to the whitelist field and click save changes. You can see your IP address at info line. Look the picture above.
Update your’s Email Alerts at Notification Settings. (Alerts about failed logins, successful logins and Firewall Blocks).
Open the Plugin General Settings Tab. You can set automatic updates for plugins and themes and disable all the xml-rpc API (or only Pingback) and Json WordPress Rest API in this tab. You will find also others usefull options to increase the site security, included Firewall.
Firewall
Our Firewall protects your site against malicious URL requests. It checks all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(
, base64_ and so on.
- 100% Plug-n-play functionality
- No configuration required
- Blocks a wide range of malicious requests
- Scans all incoming traffic and blocks bad requests
- Blocks directory traversal attacks
- Blocks executable file uploads
- Blocks SQL injection attacks
- Scans all types of requests: GET, POST, PUT, DELETE
You can activate notifications to receive emails with details about requests blockeds
Malware Scan
Our plugin can scan your full site (all files, pages, posts and comments) against 797 malwares.
Just go to
Dashboard => Anti Hacker => Scan for Malware
and follow the instructions. Click the Help Button at top right corner of that window if necessary.
What Happens if someone not whitelisted try to login (or i change my IP)?
Your login page will request your wordpress user email and will send to you one email someone not whitelisted just made login. If the email is correct, the login go through. Then, by security, not show your wordpress user email at your page.
To avoid receive this alert email, add your IP to whitelist.
The email alert will be send to your wordpress user email. You can change this email by click over the tab email at the plugin management page.
If you forget your wordpress email, you can click over the Forgot the password link at wordpress login page and they will send you one email.
If necessary, (you are unable to login) you can remove this plugin by FTP. Go to folder: wp-content/plugins/ and remove the folder AntiHacker with all files.
Details about XML-RPC API
XML-RPC on WordPress is actually an API or “application program interface“. It gives developers who make mobile apps, desktop apps, and other services the ability to talk to your WordPress site.
Most users don’t need WordPress XML-RPC functionality, and it’s one of the most common causes of exploits. If you want to access and publish to your blog remotely, then you need XML-RPC enabled. Otherwise, you can just disable it at our plugin’s control panel. (General Settings Tab)
Details about New WordPress 4.7 REST API
The new WordPress 4.7 REST API allows anonymous access. The hackers can use this API to list the usernames.
To see this WP REST API function in action, simply visit a site with WordPress 4.7 installed and hit the URL: mysite.com/wp-json/wp/v2/users
This will list all users that have published a post.
To test your site, you need to install our plugin, disable Json WordPress Rest API (also new WordPress 4.7 Rest API) and make logout.
For more information, visit our FAQ page.
For support: visit support site.