how to Add Firewalls to Your WordPress Site


Many of us have heard of “firewalls” in terms of hardware or software, and how they protect an asset like a network or a computer from external attack. Well, a web application isn’t exempt from the list of “assets” that one may need to protect when working (or playing) on the Internet.

Essentially, what a WordPress firewall will do is protect the WordPress installation (and in most cases all added files) from 3rd party attack. The software will filter any commands before reaching any executable script in order to ensure integrity. Mostly this involves adding commands to the .htaccess file which is processed before any scripts (including PHP scripts).
There are plugins available that allow you to decide on the various layers of protection that you desire. This is done through a graphical interface in the WordPress dashboard making it so you do not need to understand any complex commands. You simply make your changes using an interface most WordPress users are familiar with and the software will “write” the commands for you.
This is often done in stages because the protection can sometimes block desired commands.

Also Read: How to Hack Wifi Password using cmd in windows 10

Basic Firewall Protection:

At a minimum you should enable the basic file protection with this plugin. This will deny access of scripts modifying the .htaccess and wp-config.php files, will disable the server signature thus preventing display of version information, and also limit file uploads to 10MB.
Separately you can enable pingback protection which disables access to the xmlrpc.php file. Of course, only do this if you are not leveraging the WP XML-RPC functionality already. This, among other things may give you protection against some forms of Denial of Service (DoS) attacks.
Also Read: How to remove safe finder virus.

Additional Firewall Protection:

This section has some intermediate and advanced firewall settings that can be employed.
It’s a really good idea to do a backup of the .htaccess file before activating any of these features as they can potentially break functionality of other plugins. A lot of times those plugins will have a section in their FAQ to indicate that possibility. This security/firewall plugin makes is simple to backup the .htaccess file so it’s worth performing those couple of clicks to make it happen.
Also Read: How to steal someone’s website theme.
Disable Index Views: A lot of times when a directory (or folder) is viewed on a web site, a list of the files present in that folder can be seen publicly if there isn’t an “index” file in there. WordPress mostly handles this elegantly, but for the situations where it doesn’t, this setting will pick up the slack.
Trace and Track: Disabling trace and track can limit the ability for hackers to use Cross-site Scripting (XSS) which sometimes gives them the ability to steal legitimate users’ credentials or cookie information. While many web browsers help prevent basic techniques for Cross-Site Tracing (XST), there are more advanced methods that the browser can’t currently prevent.
Proxy Comment Posting: This feature can limit comment spam by stopping the ability for proxy servers to post comments on the WordPress site.
Also Read: Easiest Way to break/hack windows 10 password.
Bad Query Strings: Enabling this firewall feature can help prevent attacks that exploit cross-site scripting (XSS) vulnerabilities. These vulnerabilities can allow hackers to steal data, run malicious code, take control of user sessions, among other things. Enabling this can also interfere with legitimate requests therefore it is wise to backup the .htaccess file and test the functionality of the web site after applying. Better may be to read your other plugin’s FAQs to see how they interact with this feature of the all-in-one firewall plugin.

Farhan khursheed

Farhan Khursheed is a passionate blogger from Karachi, Pakistan. He loves to write about SEO, Internet tips, and tricks, and earn online. He also loves programming.

Leave a Reply

Your email address will not be published. Required fields are marked *