WordPress Web Application Firewalls
WAF or (Web Application Firewalls) are single scope firewalls. Their role on a network is to protect a website from malicious hacker attacks.
WordPress in itself is considered very secure as long as WordPress security best practices are followed; such as regular updates and installation of security patches. Since WordPress currently powers about 35% off all websites*, security vulnerabilities are inevitable because not all users are careful, thorough, or security conscious with their websites.
A WordPress firewall is a web application firewall specifically designed to protect WordPress. When a WordPress firewall is installed on your WordPress site, it runs between your site and the internet to analyze all the incoming HTTP requests. When an HTTP request contains malicious payload the WordPress firewall drops the connection.
As the firewall filters incoming traffic to the WordPress website; “good traffic” is allowed to access the site while “bad traffic and bots” are blocked. Your WordPress firewall should be tailored to your website and function and based on the vulnerabilities of your WordPress site. For instance, you can configure the firewall to prevent anyone from accessing the WordPress login page for over 5 minutes; thus thwarting near all automated attacks.
A Plugin-based firewall is installed and configured like any other plugin on your WordPress site and thus is right at your “site” to protect you and it from unauthorized access and malware etc. Any requests made on the site are filtered through the on-site firewall. Request here means when someone is requesting to access your site. The firewall comes with a few predetermined rules to check if the request is a malicious one. RSFirewall is a good example of the plugin-based firewall and a favorite of ours at GEO-OPS. RSFirewall is an alternative to Wordfence and Sucuri which are the two most used WordPress security plugins. They also offer comprehensive protection against brute force attacks, malware infections, and data theft.
RSFirewall Plugin is free of charge and does what it needs to do but also offers a paid version that offers more features.
RSFirewall is a WordPress firewall (WAFs) specifically designed to protect WordPress sites. It is designed to thwart attacks to your site by implementing one or a combination of the following methods:
Filtering: Firewalls use filters to analyze the data coming through to your website.
Proxy: The firewall establishes a ‘middleman’– something work on interactions between your website and the general internet. It passes along the good traffic while stopping the bad traffic before it gets to your site.
Inspection: The firewall can use lists, like a bouncer at a club. If key elements of the data are coming to your site look like they’re on the ‘good’ list (also known as a ‘whitelist’), the firewall lets it through. If the data looks like it’s on the ‘blacklist’, it’s held back. You can edit your lists.
The RSFirewall WordPress plugin is the optimal solution for securing your website, helping you stay one step ahead of malicious users that wish to harm your website. The plugin is backed by a team of professionals with a long history in website security that is up to date with the latest known vulnerabilities and security updates.
RSFIREWALL FREE VERSION FEATURES:
Active protections against local file and remote file inclusion attacks
SQL injection protections
ReCAPTCHA for registration, login and commenting forms
Filter uploaded files for possible malware and improper extensions
Active monitoring WordPress core files integrity
Active monitoring for your own files
REST API blocking with proper exceptions that you can define
Protect the wp-admin/ slug with an extra password
Change the wp-admin/ slug into a custom one
Disallow direct access to PHP files in (wp-content, wp-content/uploads, wp-includes) with proper exceptions that you can define
Receive email notifications on detected threats
Automatically block repeated offenders IP addresses
Perform a System check (WordPress and server configuration checks)
Disable the creation of new Administrator accounts
RSFirewall suits Small to Medium Sized Businesses (SMBs)
WordPress firewall plugins such as RSFirewall are ideal for SMBs because they are very affordable and easy to use. Also, most of them have malware scanners incorporated in them. However, these firewalls are running on your site and are initialized by WordPress. Therefore if your site has a vulnerability before the firewall is initialized then the chances are that the attackers can still gain partial or full access to your WordPress site.
A known limitation of online WordPress firewalls is that your web server has to be accessible over the internet for the WAF to forward the traffic to your WordPress site. This means that everyone can still communicate directly with your web server if they know its IP address.
So in a non-targeted WordPress attack, during which attackers simply scan whole networks for vulnerable sites, your web server and site are still reachable directly. However, you should simply configure your server’s firewall to only respond to traffic coming from the online WordPress firewall so you do not fall victim to such type of attack.
Contact GEO today for an assessment of your WordPress site vulnerabilities and security risks!
*Micro Trend December 23, 2019