It’s inevitable, hackers are everywhere and your blog will be attacked sooner or later. Automatic bots are searching all the time WordPress sites that have security vulnerabilities.
You need a WordPress Firewall plugin to avoid jeopardizing your WP blog and this is why I’m doing this review to help you.
I addressed this issue from other entry point and also a problem, with the Limit Login Attempts plugin through your “front door”.
If you don’t have Firewall installed, perhaps you might even to not notice the issue, but be sure that these types of attacks are constants. If these attacks are successful, sorry my friend – your blog was injected with something nasty that will be generate an unpleasant headache
Firewall Versions Available
- WordPress Firewall was the original plugin developed by seoegghead, and the latest update was on 2009.
- WordPress Firewall 2 is an updated version of the popular WordPress Firewall plugin, with fixes for all known bugs and a few new features, but still the latest update was on 2010.
I took the most “recent” version, the WordPress Firewall 2 plugin and this is the one I’m using right now on my blogs.
As you’ve a Windows Firewall, a WordPress Firewall detects and blocks potential attacks.
This WordPress plugin investigates web requests with simple, WordPress-specific heuristics, to identify and stop
the most obvious attacks.
Malicious attacks detected:
- SQL injection attack detection
- WordPress-specific SQL injection attack detection
- Blocking executable file uploads
- Remote arbitrary code injection detection
- Directory traversal attack detection
I don’t bother to know each of them exactly and in-deep which type of attacks are, because I don’t want ANY of them here
The plugin responds with an inoffensive 404, or with a redirect to home page after those attacks.
WordPress Firewall 2 Plugin Settings
As you see in the screenshot below, there are displayed the security filters. At the first item, I leave exactly the same settings.
I do activate the email address report. Why? Since it’s extremely important to know which IP is attacking and if it’s not from you or a known IP, you should ban this IP forever; this IP is NOT welcomed anymore.
Are there false positives?
I didn’t know it until some minutes later when I started to see why I couldn’t enter more images, and I found the culprit, the firewall.
My recommendation is to enter your IP(s) and whitelist them. Then, the plugin will reject all the other IPs that are causing problems.
- Static IPs, is easy, put them in “Whitelisted IPs”, save and you’re done.
- Dynamic IPs, is the same method, but you need to refresh this data every time you’re doing an easy-trigger-plugin task.
This is my case; I’ve dynamic IPs that change every 12 hours, therefore when I’ll do something that could trigger the plugin, I whitelist the IP I’ve at this moment.
If I pass of 12 hours and still I’m using for something “fishy” for the plugin, I need to re-enter my new IP again. This is somewhat cumbersome, but really for me it doesn’t matter because, is a small price I need to pay to have a kick-everything firewall.
If you’re designing your blog, entering data in your WordPress theme or similar things, you can consider deactivating the plugin and re-active it later when you ended. Don’t forget to activate Firewall again!
I’m giving one star less on this review with Author Review Pro, because the Firewall 2 plugin should have an update (but, it still kicks off the bad guys!).
Also, there can be a bug when you try to whitelist an IP, but finally is added if you refresh the page and everything is fine:
“Warning: unserialize() expects parameter 1 to be string, array given in ….. wordpress-firewall-2.php on line …”
This is a long string; I cut off the initial portion for my own security
Are you using WordPress Firewall 2 Plugin or you’ve installed the original old version?