Title: settings for malware? Last modified: September 24, 2016 --- # settings for malware? * Resolved [gleg](https://wordpress.org/support/users/gleg/) * (@gleg) * [9 years, 7 months ago](https://wordpress.org/support/topic/settings-for-malware/) * Hi, * On one of my sites the footer.php was hacked and javascript malware was inserted. Looked like links to other sites. I cleaned it up and server techs scanned again and everything is fine. I keep my security settings with wp-security pretty low because I’m not sure what everything does. * My question: Is there a section I need to tweak in your plugin or pay attention to, to raise the security level to keep something like this from happening? * Thanks! Viewing 5 replies - 1 through 5 (of 5 total) * Plugin Contributor [mbrsolution](https://wordpress.org/support/users/mbrsolution/) * (@mbrsolution) * [9 years, 7 months ago](https://wordpress.org/support/topic/settings-for-malware/#post-8218062) * Hi, this plugin will protect your site from frontal attacks and it will prevent your site from being spammed. If someone hacked your site from the server side then this plugin cannot control that action. * First check to make sure you have minimal security features enabled, go to WP Security -> Dashboard. Check to make sure you have the following enabled. 1. Admin Username 2. Login Lockdown 3. File Permission 4. Basic Firewall * Once you have check the above then make sure you carry out the following. 1. Do you have the following enabled **Rename Login Page** under **Brute Force** tab? 2. Go to WP Security -> Filesystem Security and make sure you have the correct file permissions added to your site. 3. If your site allows people to sign up then I suggest that you enable the following** Login Lockdown** under **User Login** tab. 4. You should also enable one of the following features…..**Completely Block Access To XMLRPC:** or **Disable Pingback Functionality From XMLRPC:** 5. You should also check the Additional Firewall Rules. * The above should set your website between basic to intermediate security level. There are many more features you will need to investigate further. But this should put you on the right track. * Let me know if you need more help. * Regards - This reply was modified 9 years, 7 months ago by [mbrsolution](https://wordpress.org/support/users/mbrsolution/). * Thread Starter [gleg](https://wordpress.org/support/users/gleg/) * (@gleg) * [9 years, 7 months ago](https://wordpress.org/support/topic/settings-for-malware/#post-8222792) * Hi, * where is number 4 above? How do you get to that setting? * Plugin Contributor [mbrsolution](https://wordpress.org/support/users/mbrsolution/) * (@mbrsolution) * [9 years, 7 months ago](https://wordpress.org/support/topic/settings-for-malware/#post-8224737) * Hi, for step number 4 click on **WP Security -> Firewall -> Basic Firewall Rules**. * Let me know if you need more help. * Regards * Thread Starter [gleg](https://wordpress.org/support/users/gleg/) * (@gleg) * [9 years, 7 months ago](https://wordpress.org/support/topic/settings-for-malware/#post-8226394) * Hi Thanks for all the info. * On number 5, additional firewall rules, are you saying check all of those on the page or wanting me to look at them and decide? Most of my sites with your plugin are regular wordpress sites. Some use ebay’s api to pull in ads that I get a commission from if they click back and buy, not sure if any of this would effect that function. Other than that some of my customers “may” use proxy servers to look at my site. I didn’t know if that mattered either. * Thanks * Plugin Contributor [mbrsolution](https://wordpress.org/support/users/mbrsolution/) * (@mbrsolution) * [9 years, 7 months ago](https://wordpress.org/support/topic/settings-for-malware/#post-8228014) * In regards to point number 5, it is up to you to decide which security feature you want to enable. I pointed you to that area for you know. Remember not all features will work for you depending on the site you are installing the plugin. Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘settings for malware?’ is closed to new replies. * ![](https://ps.w.org/all-in-one-wp-security-and-firewall/assets/icon-256x256. png?rev=2798307) * [All-In-One Security (AIOS) – Security and Firewall](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/) * [Frequently Asked Questions](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#faq) * [Support Threads](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/) * [Active Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/unresolved/) * [Reviews](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/reviews/) * 5 replies * 2 participants * Last reply from: [mbrsolution](https://wordpress.org/support/users/mbrsolution/) * Last activity: [9 years, 7 months ago](https://wordpress.org/support/topic/settings-for-malware/#post-8228014) * Status: resolved