Using a Firewall on your Blog

In the past I’ve talked about how important it is to backup your blog, so that if your site gets hacked or your provider takes down the server you can recover your work.

But there is a plug-in that can help stop your blog being hacked in the first place.

This is called “WordPress Firewall”.

What the plug-in does is to analyse incoming traffic to the blog and block anything it considers to be a danger.  For example:

  • directory traversals (eg. ../../etc/passwd) to gain access to other parts of the server
  • SQL queries to try and read parts of the SQL database, eg. passwords
  • executable files, eg. an .php file upload that could be run on the server

The plug-in is installed in the usual way, then you can select which of the dangers it should protect against.  If this causes problems with other features, then you can disable them in individual pages.

WordPress Firewall Options

(click to enlage)

Then you set what to do if an attack comes.  Should the blog revert to the main page or give an 404-error?

Finally you can set an e-mail address where you will be notified of the attack and also given the IP address that it came from.

WordPress Firewall E-Mail settings

(Click to enlarge)

I have now installed the firewall on all of my sites and am quite amazed and how often an attack takes place, probably just to test the water and see if the blog is protected.  I suggest that you try out the plug-in on your sites too.

About Graham Tappenden

Graham Tappenden is a blogger from Germany. He has written code for WordPress themes since 2006 and been creating websites since 1994.
This entry was posted in Plug-ins, Security and tagged , , , , , , , , , , . Bookmark the permalink.