Turn on Advanced Security Options

Generic selectors
Exact matches only
Search in title
Search in content
Filter by Categories
Account Management Help
add photos, video and audio
Add-on features and social media
Advanced
Advanced campaign settings
All about analytics
All about images
Basic steps
Calendar
Configure the Web Application Firewall (WAF)
Connect my Calendar and Online Storage to Workspace
contact support
copy files to my site
Create my email address
Customize campaign
Discover domains
discover linux hosting with cPanel
Discover Microsoft 365
Discover Online Storage
Discover Workspace Email
edit content
Email Marketing demo
expand your site with sections and pages
Explore email add-ons
Explore my account
Find server and port settings (IMAP/POP)
fine tune my website
get social
Get started with SSL certificates
Get the most out of Microsoft 365
help my site get found and monitor my metrics
Hosting & Servers
keep my account secure
Keep my email secure
know your privacy rights
Legacy
Manage your SSL certificate
Managed WordPress
Manual email configuration
Migrate and export my emails
My email account isn’t working (troubleshooting)
nameservers and DNS
online store
organize
parking, forwarding and monetizing
privacy and protection
publish my site
Quick Shopping Cart
Renew my products and services
renewals
Security
Set up a campaign
Set up email on my devices
set up my payment methods
Set up my Workspace Email account
start with the basics
Stay productive anywhere with Office apps
Streamline email tasks to help my business
transfer between accounts
transfer between registrars
Troubleshoot email and email setup
Troubleshooting
troubleshooting
Uncategorized
Upgrade and renewal options for email
Web & Classic Hosting
Website backups
Website Builder 7
Website Builder version 6
Website Security and Backups
Websites
work with databases
work with delegates
working with blogs

Website Security provides a number of different options to help tailor the security of the firewall to your website.

  1. Go to your ELITE WEB Co. product page.
  2. Under Website Security and Backups, next to the Website Security account you want to use, click Manage.
  3. From the navigation menu, click Firewall.
  4. On the Firewall page, choose Settings.
firewall settings

5. Click Security. On the security page, you’ll see Advanced Security Options. Below is a list of the security options that you can turn on to fine-tune your firewall.

Advanced Security Options
Admin panel restricted to only Whitelisted IP addressesMost popular content management systems have an administrative panel. Example: /wp-admin on WordPress or /administrator on Joomla. If you set it to On, only whitelisted IP addresses will be able to access those directories.

Warning: If you have a membership site and you allow anyone to create an account and login there, don’t enable this option.
XMLRPC, Comments and Trackbacks blockedIf your site doesn’t allow comments (or trackbacks/pingbacks), or if you use an external commenting system (like Disqus or Facebook comments), you can block any comment attempt, since it’s likely to be spam.
Stop unfiltered HTML from being sent to your siteThis option prevents users from inserting or sending unfiltered HTML content to your site. It will block things like iframes and script calls from being used. If you have a forum or membership site and you allow your users to send messages and post open content, don’t enable this option. Whitelisted IP addresses are not affected by this setting.
Stop upload of PHP or executable contentThis option will prevent anyone from uploading PHP, Perl or executable content to your site. We recommend enabling this option unless you do allow users to do uploads. Note that whitelisted IP addresses are still allowed to do uploads.
Enable Emergency DDOS protectionThe HTTP flood protection will prevent anyone using a browser without JavaScript enabled from visiting the site (except major search engines). This is very useful when the site is under DDOS. You can turn off this option once things normalize. 

Note: This option may prevent legitimate visitors from accessing your website and should only be applied only when your website is unavailable due to Distributed Denial of Service (DDoS) attacks.
Block anonymous proxies and the top three attack countriesEnabling this option will prevent anyone from China, Russia or Turkey from interacting with your site. They are still able to view all content but cannot register an account, submit comments or attempt to login. The same restriction applies to users using anonymous proxy services to hide their IP addresses.
Aggressive bot filterThis setting blocks invalid user agents that do not match real browsers such as empty user agents, user agents that start with PHP/ and improper user agents from common browsers.
Force passing the hostname via TLS/SSLThis option will force passing the hostname during the SSL/TLS handshake. Note: Enabling this may break your site, don’t enable this unless your site is already broken.
Advanced evasion detectionThis option will enable our advanced evasion detection signatures. We recommend keeping it on, but if your site supports URL’s with non-ascii characters (like Japenese, Hindi, Russian, etc.) you may need to disable it.

6. Now that you’ve reviewed and selected your security options, click Save Advanced Security Options.

More info