WordPress is insanely popular. It is widely used by large corporations and small DIY bloggers alike. All in all, WordPress websites make up more of the web than any other platform. This fact makes WordPress an attractive target for security attacks of all kinds.
In past posts here on Elegant Themes we have discussed WordPress security in detail and if you follow the advice in those posts you will be well on your way to making your WordPress website as secure as it can be. However, in this post, we’re going to discuss something that the other posts only mentioned indirectly or not at all–firewalls.
How Firewalls Work
A firewall, contrary to popular opinion, is not just something that keeps you from getting on all of the best websites at work or school. It is actually a valuable network security measure that places a set of rules on incoming and outgoing traffic in order to protect networks, servers, websites, and individual computers.
These rules are meant to place a wall between a trusted source (say, the server your WordPress website is hosted on) and an untrusted source (the internet) in which only trusted data is allowed entry. One, two, or all three of the methods below are implemented to make this happen.
Filtering: all of the packets of data coming in contact with your firewall are analyzed against a set of filters.
Proxy: a “middleman” is established between your website and the internet. This middleman, or proxy, passes along the good traffic while stopping the rest before it can get to your site.
Inspection: instead of analyzing all data coming at your site, key elements are identified and compared to a database of trusted information. If the data is a match then it’s allowed through.
Why You Should Use a Firewall with WordPress
When it comes to WordPress security there is no such thing as a perfect setup. No perfectly secure websites. Instead, the idea behind WordPress security is “hardening”. You want to harden your website against the inevitable possibility of attack by taking a wide variety of security measures–just one of which is a firewall.
Many of today’s top WordPress security plugins and features offer an extensive array of tools that cover the full breadth of security hardening options available to WordPress users. So at least you don’t have to worry about needing to manage a lot of different security options, each with their own plugin or service.
However, even within these tools and services you may choose to only use some of the security measures available. This will no doubt be for personal reasons based on the specific needs of your website. But there are some good reasons you may want to make a firewall one of those measures.
First, you can never have too many appropriate measures in place to secure your website. And the only inappropriate kind are those so stringent that they keep good data/traffic from reaching you.
Secondly, once you set up the rules that govern your firewall, it manages itself. You do not need to do anything afterwards.
And finally, there’s a reason firewalls have been around for so long (from the beginning of network security). They work.
So what I would recommend is that if you’re running a WordPress website (which you probably are, since you’re here) is that you pick out a tool or service from the list below and harden the security of your WordPress website with a firewall.
Tools for Hardening WordPress with Firewalls
For the vast majority of WordPress users setting up a WordPress firewall “manually” would be extremely impractical. Not to mention require technical chops possessed by a bare few. Thankfully though, some of those bare few within the WordPress community have created tools and services that the rest of us can use to establish firewalls that help harden the security of our WordPress website.
I’ve listed the highest rated and most recommended WordPress firewall tools and services below. If I missed any, please let me know in the comments below.
Sucuri Firewall
Price: from $9.99/month | More Information
Sucuri may be the most trusted name in WordPress security. Their firewall service creates a proxy that essentially makes the Sucuri network a middleman between your website and the rest of the web. They take care of all the malicious attacks and traffic, sending only legitimate traffic to your website.
While other options below have premium upgrades available, this is the only strictly premium option I’ve featured on this list. Based on my personal experience and the research for this post, Sucuri is a a trusted brand many bloggers and other WordPress professionals trust to handle their security.
If you’re interested in this service, I’d recommend thinking big picture before buying though. For example, many managed WordPress hosts already partner with Sucuri and if you buy their service the Sucuri service is included.
WordPress Simple Security Firewall
Price: FREE | More Information
WordPress Simple Security Firewall is a new WordPress security plugin growing in popularity. Their reason for creating the plugin grew out of a frustration with the current WordPress Security Plugin status quo. Particularly the way other such plugins deal with WordPress’ .htaccess file.
WordPress Simple Security Firewall promises to keep your site as safe as possible without “frying it” due to unnecessarily altering of your .htaccess file. So far, users really seem to be liking it. If you’re interested in learning more about their approach you should check out their post series “Why We Built It”.
All In One WP Security & Firewall
Price: FREE | More Information
All In One WP Security & Firewall is has definitely grown in the last few years to be one of a handful of top, dominating, WordPress Security Plugins. They offer a comprehensive array of features that are all designed to help harden your WordPress security as much as possible; a primary one being their firewall feature.
The All In One firewall has features ranging from basic, to intermediate, to advanced. All of which are designed to stop malicious code from ever being processed by your site. Once installed you will be able to easily configure them from the WP Admin menu options.
NinjaFirewall
Price: FREE | More Information
NinjaFirewall is a web application firewall designed to sit between the web and your WordPress installation. It will “hook, scan, sanitize or reject any HTTP / HTTPS request sent to a PHP script before it reaches WordPress or any of its plugins”.
Wordfence
Price: FREE | More Information
Wordfence has proven itself over the last few years to be a complete WordPress Security Monster. And I mean that in the best way possible. As a free WordPress Security Plugin it offers an outstanding service with a wide array of features. Of which, a great firewall is but one.
The Wordfence firewall is designed to block common security threats like fake Googlebots, malicious scans from hackers and botnets–all which can cause major headaches and (even if they don’t take down your website) hurt its search rankings and more.
BulletProof Security
Price: FREE | More Information
Another popular WordPress Security plugin is BulletProof Security. Again, like a few of the others above, they offer a wide variety of security options. BulletProof proudly states that their plugin will protect you from “100,000’s” of different WordPress attacks–which is nice, you know, since that many exist in the first place.
Based on their description of it, the BulletProof security firewall takes the inspection route we defined above. It has a database of attack patterns that it matches against incoming data. When malicious patterns are detected it blocks that data from reaching your WordPress site.
In Conclusion
WordPress security is not to be taken lightly. Firewalls are a great way to add an extra layer of hardening to your security efforts. Thankfully, there are plenty of tools and/or services to help the average WordPress user in terms of both broad security and specific actions–like enacting an effective firewall.
Any of the tools/services above should serve to protect your WordPress site well, but of course everyone will have their own needs and preferences to consider. If you’ve used one or another of these tools/services we would love to hear about your experiences in the comments below and help the rest of the community here make the most informed decisions possible.
[via]
No comments:
Post a Comment