Most WordPress admins don’t know they’re vulnerable, but Zxeion Security works to lock down WordPress, fix common holes and stop automated attacks. With advanced features for both new and experienced users, our WordPress security plugin can help harden WordPress.
Minimum System Requirements
- Apache Web Server
- PHP 5.3+
- WordPress 3.5+
- MySQL version 5.0 or greater
Minimum PHP Requirements
- WordPress Memory Limit 64MB or more
- PHP Safe Mode Disabled
- PHP Max Execution Time 30 seconds or more
- PHP Memory Limit 128MB or more
- cURL Library Enabled
- cURL Timeout 300 seconds or more
1.1.Installing Zxeion Plugin
- First things first, go to Plugins > Add New.
- Upload the zxeion-security.zip plugin file and activate the Zxeion plugin.
- Yep, that’s it! For more help with installing plugins, take a look at this quick guide.
1.2.Updating Zxeion Plugin
Backup your website!
Before updating your theme, please make sure you are running the latest version of WordPress. It is also a good idea to make sure you have a backup of your site. Backup WordPress is a useful plugin to help you do this. To learn more about backing up your WordPress website please see the Codex here: WordPress Backups Codex
We try to be very careful to make the updates by maintaining a backward compatibility and thus no content or options will (and should not) be lost after performing a theme update. Again, backup to make sure you won’t have to worry about that, however if you do seem to find any problem, please start a new topic on our support forums and we’ll dig deeper into the problem and investigate it.
Zxeion will soon come with a built-in update system that notifies you in the standard WordPress way of any plugin update (In Plugins > Installed Plugins).
There are a few different ways to manually update your plugin depending on your specific situation.
Download latest version of Zxeion
Zxeion pack can be downloaded from your ThemeForest’s account > Downloads section. You will basically download a package containing Zxeion Plugin, Documentation.
Update by uploading new version
The easiest way to manually update your theme is to upload it via the WP dashboard.
- Go to Plugins > Installed Plugins > Add New > Upload
- Click Browse and select the zip file
- Click Install Now
You will most likely GET the following error: File Already Exists
The reason we get this error is because you already have Zxeion folder on your server with the same name as the folder inside your ZIP file.
You can use Easy Theme and Plugin Upgrades plugin or do one of the following:
A. Rename the folder
You can either rename the theme folder on your server, or rename the folder inside the zip file.
- Unzip the file on your computer
- Rename the folder (e.g. zxeion-security-new”). The folder name must not have spaces in it.
- Compress the new folder to a ZIP file
- Upload it via Go to Plugins > Installed Plugins > Add New > Upload
- Go to Plugins > Themes and activate the new version
B. Delete the plugin on your server
If you have done any customisations to your plugin files, these customisations will be lost if you use this method. If you have not done customisations to the plugin:
- Go to Plugins > Installed Plugins
- deactivate Zxeion
- Delete the old version
- Upload it via Go to Plugins > Installed Plugins > Add New > Upload zip
- Activate the new version
Basically, settings panel divided in 4 main parts
- System File Security
- Real Time Protection
- Website Health
This section consists of:
- Twitter Feed (This is used to keep you updated from us with any security news or plugin updates)
- One Click Security (By default this is set to learning mode to allow you to choose which security option suites your needs. Note: Other modes will override any existing changes made previously )
2.2.System File Security
Harden WordPress security by protecting important files
- WordPress Config Protection – We suggest you protect your wp-config.php file and you can do that by enabling this feature
- WordPress Includes Protection – Block all unauthorized access to Includes, protects those all important files from being tampered with by hackers
- Hotlink Protection – Site creators will try to use your images and videos and put a strain on your serves, which uses your disk space and bandwidth
- Hidden File Protection – Block access to all hidden files and directories with the exception of the visible content from within the `/.well-known/` hidden directory
- Htaccess Protection – This will stop anyone from accessing (reading or writing) any file that starts with .htaccess
- CMS Data Protection – Block access to files that can expose sensitive information.
- CSP Protection – Block the risk of cross-site scripting and other content-injection attacks
- PHP File Protection – Harden your WordPress by restricting Access to PHP Files
- Script Protection (XSS) – Stop hackers trying to change the WordPress GLOBALS and _REQUEST variables in an attempt to inject malicious code
2.3.Real Time Protection
Protect Your WordPress From Unauthorised Logins & attacks
- Real Time Detection – Prevent bots, hackers, fraudulent users & attacks from accessing your website. Real Time Detection is a network based system any data is obtained from a network server.
- IP Address Ban – Manually Enter the IPv4 address that you want to ban – Example: 192.168.0.0
Firewall protection will stop malicious script(s) before it gets a chance to reach the WordPress code on your site
- Server Technology information – In some cases, the information provided by it can be used by attackers
- Server Software information – Prevent Apache from sending in the `Server` response header its exact version number
- Username Enumeration – Prevent hacker getting your username from your wordpress id number
- Force SSL Protection – Force the use of an SSL certificate, Please note: you must have a valid SSL installed on your domain before enabling
- HTTP Strict Transport Security (HSTS) – When the server redirects a user to the secure version of the website, that still leaves a window of opportunity Please note: you must have a valid SSL installed on your domain before enabling
Enhance the way your websites works by improving the performance
- Gzip Compression – Compress your website files to improve the load time of your site
- Expires Headers Fixer – Serve resources with far-future expires headers.
- ETags Fixer – Serve resources with far-future expires headers.
- File concatenation – Allow concatenation from within specific files.
- Filename-based cache busting – Route all requests such as `/style.12345.css` to `/style.css`
This will overwrite all existing option values, please proceed with caution!
- Import from file – This export data can be obtained from the export option Copy Data
- Import from url – This export data can be obtained from the export option Copy Export Url
Path: Goto Admin Panel > Zxeion > Import / Export
Here you can copy/download your current option settings. Keep this safe as you can use it as a backup should anything go wrong, or you can use it to restore your settings on this site (or any other site). Available export options can be used in the import.
- Copy Data
- Download Data File
- Copy Export URL
Path: Goto Admin Panel > Zxeion > Import / Export