The word firewall gives the impression that once installed on your WordPress site nothing will be able to attack it and you don’t need any other security measures applied. This is not true.
A firewall can only act on the WordPress site code level, it can not ever affect lower levels on your server such as blocking IP addresses and ports to your server.
There is no WordPress plugin that can do that.
So Why Then Have a WordPress Firewall At All?
Let’s break it down for you.
The WordPress firewall detects and blocks responses from malicious data.
What does that mean?
When data is transferred on your site, such as a user logging in or a blog post or image being displayed, the firewall hides this data from prying, malicious, eyes.
It applies a set of rules for incoming and outgoing traffic in order to protect your website.
It’s similar to an SSL, but an SSL only encrypts the data and then the firewall hides it.
A Firewall Has Several Methods To Protect Your Site
- FIltering
- This allows the filtering of traffic so that only legitimate users can access your site based upon rules that you set
- Proxy
- A proxy is like a security guard. It is the middleman that stops bad traffic from getting to your site
- Inspection
- A firewall allows you to set variables for trusted information. It then inspects all data coming in and if the key elements are not found agreeable in comparison to your set variables it doesn’t allow it through.
These methods are an important part of keeping your site secure. It helps drastically reduce the amount of attacks and malicious code injections that your security service/plugin needs to handle.
What Are The Recommend Settings For Your Firewall
Most firewall and security plugins have a set standard for recommended settings, but there are a few items that are crucial to the success of its application:
- Firewall Block Response
- Specify how the security plugin will respond when the firewall detects malicious data.
- Firewall White Listing and Ignore Options
- Specify certain factors that completely bypass all Firewall checking.
- These options should be used sparingly and with caution since you never want to white list anyone, even yourself, unless you really must.
- Firewall Blocking Options
- There are 9 firewall options that determine what data is checked on each page request. Depending on certain incompatibilities with other plugins, you may need to disable certain options to ensure maximum compatibility.
- These firewall options are:
- Include cookies
- Directory traversal
- WordPres terms
- Field truncation
- PHP code
- Exe file uploads
- Lead schemas
This might all seem overwhelming, but luckily for you our ShieldFREE and ShieldPRO have all of the above and more inside its robust feature list. It’s fully customizable and easy to use.
Keeping your site up and running is crucial for any business and having a reliable firewall plays a major part in that.
If you have any questions about the firewall or wish to request some features, please drop us a message in the comments section below, or contact us in our support center.
Source :
https://getshieldsecurity.com/blog/what-is-a-wordpress-firewall/