The exceptional WordPress security plugin Wordfence, now comes with a free firewall as part of its free protection plan. Released this week, you’ll now have the option to enable the Wordfence Web Application Firewall, after a period of time in learning mode, where normal site actions are white-listed.
Whilst in learning mode, you’re advised to publish posts, change theme styles, moderate comments and use your site plugins as normal.
The Wordfence Web Application Firewall
As documented in its wiki, Wordfence’s firewall;
is a PHP based, application level firewall that filters out malicious requests to your site. It is set up to run at the beginning of WordPress’ initialization to filter any attacks before plugins or themes can run any potentially vulnerable code.
Protecting Your WordPress Website Against
- SQL Injection
- Cross Site Scripting (XSS)
- Malicious File Upload
- Directory Traversal
- Local File Inclusion
- External Entity Expansion (XXE)
The firewall is now included as part of the WordPress security plan for all websites maintained by Measured Designs. We’re big supporters of the guys at Wordfence, it is the go to plugin to help secure your WordPress website.