Firewall For Your WordPress Blog

By Cenay Nailor | Defend Your Blog

Nov 24

(Part of an ongoing series on protecting your most valuable asset in your online marketing arsenal, your WordPress blog)

In the military, they call it “hardening targets” when they take steps to make it harder for the enemy to attack an asset. Here in the real world, it’s hard to think like that. But not thinking like this could cost you time, money, reputation and frustration.

I know from first hand experience.

When I started this series, it was in response to the attack my personal hosting account suffered. And because it was my hosting account, and not a single blog, but rather every single one of my sites was hit.

Take my advice and harden your assets now.

WordPress Firewall

The second recommendation in the series is that you go and install WordPress Firewall. This one takes a little more to setup, but guards against a wider range of threats.

This WordPress plugin investigates web requests with simple WordPress-specific heuristics to identify and stop most obvious attacks. There exist a few powerful generic modules that do this; but they’re not always installed on web servers, and difficult to configure.

It intelligently whitelists and blacklists pathological-looking phrases based on which field they appear within in a page request (unknown/numeric parameters vs. known post bodies, comment bodies, etc.). Its purpose is not to replace prompt and responsible upgrading, but rather to mitigate 0-day attacks and let bloggers sleep better at night. Its features include:

  • Detect, intecept, and log suspicious-looking parameters — and prevent them compromising WordPress.
  • Also protect most WordPress plugins from the same attacks.
  • Optionally configure as the first plugin to load for maximum security.
  • Respond with an innocuous-looking 404, or a home page redirect.
  • Optionally send an email to you with a useful dump of information upon blocking a potential attack.
  • Turn on or off directory traversal attack detection.
  • Turn on or off SQL injection attack detection.
  • Turn on or off WordPress-specific SQL injection attack detection.
  • Turn on or off blocking executable file uploads.
  • Turn on or off remote arbitrary code injection detection.
  • Add whitelisted IPs.
  • Add additional whitelisted pages and/or fields within such pages to allow above to get through when desirable.

(More about the Injection Security Filters)

Download: WordPress Firewall plugin here

Follow

About the Author

Cenay is a self-proclaimed geek with mad technical skills she loves sharing with Videos, Coaching and Articles. Need help? Click the Book 30 Minutes to find out if this is a good fit.

Leave a Comment:

(13) comments

Nice plugin. Another one I like to use is Sabre for WP

Reply

Hey Rob, checked that plugin out. Pretty cool, so I am featuring it tomorrow. I installed it on two blogs and it caught an attempt the same day!

Thanks for the heads up.
.-= Cenay Nailor´s last blog ..Customizing WordPress Page Titles =-.

Reply

After having one of my blogs hacked I need all the protection I can get. Thanks for another great post on WordPress Blog Plugins.
Carol

Reply

Question why isn’t it packaged in a zip format ready for upload to the Add new plug-ins area of one’s WP Admin?

Reply

[…] Cenay Nailor Presents Firewall For Your WordPress Blog […]

Reply

[…] This post was mentioned on Twitter by Eric Bannatyne, Facet Marketing. Facet Marketing said: Firewall Your Blog : Online Marketing Tips and Resources: This WordPress plugin investigates web requests with .. http://bit.ly/87UUTd […]

Reply
Liz

This is something I’ve been searching for ever since one of my blogs was attacked (after using a WiFi connection at a hotel). Your approach seems easier to me than using a personal VPN, which can also slow down performance. Thanks for posting.

Reply

Hey Robert, not sure about that, but I do know that you can go to the Add New feature within the Plugin section and enter WordPress Firewall… it will find and install it without knowing the zip file name or location.

Reply

[…] Firewall Your Blog (cenaynailor.com) […]

Reply
Add Your Reply

Leave a Comment:

..also