It’s inevitable, hackers are everywhere and your blog will be attacked sooner or later. Automatic bots are searching all the time WordPress sites that have security vulnerabilities.
You need a WordPress Firewall plugin to avoid jeopardizing your WP blog and this is why I’m doing this review to help you.
I addressed this issue from other entry point and also a problem, with the Limit Login Attempts plugin through your “front door”.
If you don’t have Firewall installed, perhaps you might even to not notice the issue, but be sure that these types of attacks are constants. If these attacks are successful, sorry my friend – your blog was injected with something nasty that will be generate an unpleasant headache 🙁
Today, there are two different free WordPress Firewalls: WordPress Firewall 2 plugin and WordPress Firewall plugin.
I took the most “recent” version, the WordPress Firewall 2 plugin and this is the one I’m using right now on my blogs.
As you’ve a Windows Firewall, a WordPress Firewall detects and blocks potential attacks.
This WordPress plugin investigates web requests with simple, WordPress-specific heuristics, to identify and stop
the most obvious attacks.
Malicious attacks detected:
I don’t bother to know each of them exactly and in-deep which type of attacks are, because I don’t want ANY of them here 🙂
The plugin responds with an inoffensive 404, or with a redirect to home page after those attacks.
As you see in the screenshot below, there are displayed the security filters. At the first item, I leave exactly the same settings.
I do activate the email address report. Why? Since it’s extremely important to know which IP is attacking and if it’s not from you or a known IP, you should ban this IP forever; this IP is NOT welcomed anymore.
Are there false positives?
I didn’t know it until some minutes later when I started to see why I couldn’t enter more images, and I found the culprit, the firewall.
My recommendation is to enter your IP(s) and whitelist them. Then, the plugin will reject all the other IPs that are causing problems.
If you’re designing your blog, entering data in your WordPress theme or similar things, you can consider deactivating the plugin and re-active it later when you ended. Don’t forget to activate Firewall again!
As a WordPress fan, Gera provides detailed reviews, tutorials & guides about plugins, themes & hostings. He enjoys experimenting with them and the results are published on this blog.