◦ Comprehensive security
◦ 24/7 support
WordPress Guide → Security → Web Application Firewall
What is a web application firewall for WordPress?
WordPress is a relatively secure content management system. As we’ve discussed before, there is no such thing as completely secure software, but the WordPress development team do an excellent job of keeping WordPress users safe by introducing as few vulnerabilities as possible and fixing them when they arise. That said, WordPress is enormously popular, which makes it a prime target for those of our fellow online citizens who lack a moral compass.
It falls on WordPress hosts like Liquid Web and WordPress site owners like you to make every effort to prevent online criminals from getting what they want — access to your WordPress site and its users. We do this by building secure networks, following security best practices, and keeping our sites updated.
As an example, there is a common attack known as an SQL injection attack. An attacker will try to trick your site into running SQL queries on its MySQL database. This is bad for obvious reasons, and for the most part, it doesn’t work because WordPress is designed to make it impossible to inject SQL code into the site. But, rarely, WordPress Core or a WordPress plugin will have a bug that makes an SQL injection attack possible. Most WAF’s can be configured to watch the requests to a site for tell-tale signs that they are part of an attempt at SQL injection. The firewall will stop those requests before they ever reach WordPress. Even if there is a vulnerability, the attacker won’t be able to exploit it.
Let’s take a quick look at a couple of the most popular Web Application Firewalls for WordPress.
Sucuri
If you follow WordPress news at all, you’re probably already familiar with Sucuri, the prominent WordPress security company. Their take on the WAF is a cloud-service; you install a plugin and their cloud-based WAF takes care of intercepting any incoming attacks.
The Sucuri Website Firewall has a number of interesting features, including the ability to apply virtual patches to a site, block cross-site scripting and SQL injection attacks, and prevent remote code execution attacks.
Sucuri is not a free service, but for a site that finds itself plagued by malicious attacks, it’s worth taking a look at.
Simple Security Firewall
Simple Security Firewall is a more basic offering than Sucuri’s, but it’s a worthy pick for a site owner who doesn’t want or need the full security services offered by the premium plugin, or who would prefer not to rely on a cloud service.
Simple Security Firewall is free, and will block URLs matching patterns associated with suspicious activity, attempting to stymie brute force attacks, spambot comments, and other attacks.
Getting started
A Web Application Firewall is not a replacement for other security best practices, but it can be a great first line of defense against attacks against your WordPress site.
Liquid Web has been leading the industry in WordPress hosting for decades. And if you select managed WordPress hosting, our team of experts will manage server IT for you — so you can focus on growing your brand.
Click below to explore options or start a chat with one of our WordPress hosting experts now to get answers to your questions and further guidance.
Additional resources
Comprehensive guide to securing WordPress with ModSecurity
→
This guide provides a comprehensive overview of how to use ModSecurity to enhance the security of your WordPress site.
An intro guide to the different types of firewalls →
If done correctly, deploying a firewall can greatly improve the security of your network from external threats. That’s why firewalls have become an integral part of network security.
Why security matters for WordPress enterprise hosting
→
Use the blog as your guide to attacks to watch out for, security best practices, and steps to improve the WordPress protection you already have.