How to configure Firewall plugin on WordPress?

How to configure Firewall plugin on WordPress?


What is a Firewall?

  • The Firewall (WAF or web application firewall) acts as a shield between your website and all incoming traffic pages. These web application firewalls monitor your website traffic and block many common security threats before they reach your WordPress site.
  • The firewall plugin improves WordPress security and website application firewall speeds your website performance.
  • The WordPress firewall plugin will take your website to a whole new level.
  • Firewall protects your website in doc attacks.

Why do you need a Web Application Firewall?

  • A recent study suggests that a hacking attack occurs every 39 seconds over the internet. With more than 40% of these attacks targeting small and medium-sized businesses. Hackers and other malicious actors are always looking out for vulnerabilities that can be exploited in a website.
  • Your company’s website may be vulnerable due to small oversights such as skipping sanitization and verifications of input fields, or the presence of vulnerable forms. This would allow hackers to run scripts, database queries or even insert malicious files into the system.
  • Alternatively, you may be using a CMS(WordPress, Drupal etc.) to help run and create your website; using plugins and themes to add extra functionality. WordPress currently powers over 35% of the internet. This makes WordPress a very lucrative target for malicious actors. These attackers actively seek to exploit vulnerabilities in the plugins and themes provided by WordPress. Leading to the possible exploitation of any website using those plugins.
  • These vulnerabilities can lead to unauthorized access to your website or a leak of sensitive information. To protect your site from these types of attacks, we recommend using a Wireless Application Firewall.

What does a Web Application Firewall (WAF) do?

A WAF keeps a track of the HTTP traffic that comes to your website/web application. It monitors all requests coming to your web application/website. If the WAF feels that the incoming requests are suspicious i.e. if the incoming request can harm your website (e.g., the request may contain some code that can make some changes to your database), the WAF blocks those requests and protects your website from unwanted attacks. A WAF filters and blocks suspicious or unwanted HTTP traffic to and from a web application.

How the miniOrange Web Application Firewall(WAF) works?

  • Our firewall works by keeping a list of blacklisted IP addresses. An IP address can be explicitly blacklisted by an admin. Or it can be blocked if our WAF detects that the IP address may be involved in initiating attacks against your website. Whenever a request comes, that IP address is checked in whitelisted IPs (Only admin can whitelist IPs). If the IP is not whitelisted, then It checks in blacklisted IPs. If the IP is blacklisted, then the IP won’t be able to access the site content. If the IP is not blacklisted then it’s requests go through a filter where it scans for scripts, database queries and malicious files. If it matches any of them, that IP gets blocked. After a number of attacks(when the attack limit exceeds) we mark that IP into the blacklist.
  • The WAF protects your site from various cyberattacks.
  • It keeps monitoring traffic coming to your site. From this traffic, only legitimate requests are allowed to access your site.

How the miniOrange WAF Protects your WordPress Website?

Protection against owasp, top 10.

OWASP Top 10 are critical issues and risks to and web-application. It includes many popular attacks like SQL Injection, Cross-site Scripting, XML External Entities, Security misconfiguration and others. miniOrange WAF adds a layer on top of the application and protects against these attacks and prevents any misuse of the vulnerability.

Rate Limiting.

  • Rate limiting is a feature which protects your site from Denial of Service(DoS) attacks. DoS attackers send a large amount of requests in a very short period of time. Causing the server to fail while processing these requests. It results in your site being inaccessible to end users.
  • In the miniOrange Plugin, by default, the rate limit is set to 240 requests per minute for each IP. In cases where an IP’s requests in a minute goes higher than 240 requests in a minute, then that IP gets blocked. We provide you with the option to either Throttle the IP, which will cause it’s requests to be blocked for a short period of time; or we offer an option to Block the IP, rendering it permanently blocked from accessing your website.

Bot Detection.

While bots with good intentions cannot be ignored, there are also bots with malicious intent. Used multiple purposes ranging from attacking sites to Web Scraping. With miniOrange you can detect bots with malicious intent and stop them from accessing or affecting your site in any way.

Live Monitoring and Auditing.

Tracking all the requests realtime can help you check activities on your sites on important events. miniOrange also provides an analysis of all the requests so that it is easier for customers to know more about the traffic on the website and plan actions based on that.

The miniOrange Website Security Plugin installing.

  • It is a simple and easy to set up a plugin to secure your website. You can directly install the plugin from the WordPress marketplace and activate WAF. Any Request coming to WordPress is first captured by the miniOrange WAF and is analysed and monitored before it can be executed.
  • Through the plugin, the request is scanned on the server where WordPress is installed. The miniOrange Firewall is initiated before WordPress is initiated, which means every request reaching the website will first be scanned by miniOrange Firewall and then passed to WordPress. So any genuine request is passed to the WordPress and a malicious request is stopped from moving forward. This WordPress is safe and secure.

Advantages of an On-Premise Web Application Firewall(WAF).

  • Easy to use.
  • No setup required.
  • Cost-effective.

Follow these steps for Firewall Setup:

  • Enable the 2FA + Website Security check box.

  •  2FA + Website Security

  • Click on the firewall tab and settings tab.

  • firewall setting tab

Firewall Level:

  • Enable the website Firewall on plugin level.
  • This will activate WAF once the WordPress is loaded. This will block illegitimate requests after making a connection to WordPress. This will check every request in plugin itself
  • IPs blocked by admin will be blocked once your WordPress site is loaded. It is less secure than Htaccess level WAF.

  •  website Firewall on plugin level

    OR

  • Enable the website firewall.Htaccess Level.
  • IPs blocked by the admin will be blocked on the server only. These IPs won't be able to access the site.
  • This will activate WAF before WordPress gets loaded. This will block illegitimate requests before any connection to WordPress. This level does not allow illegal requests before any page gets loaded.
  • Click on the confirm and Download button.

  • the website firewall.Htaccess Level

  • We have enabled WAF successfully.

  •  firewall enabled WAF successfully

Advance Vulnerability Protection:

  • Enable cross-site scripting protection from the vulnerabilities option.
  • Malicious scripts are injected into the site. This can lead to leak sensitive data of users.
  • miniOrange uses cross-site scripting (XSS) signatures to filter out XSS attacks. Requests matching these signatures will be blocked.

  •  cross-site scripting protection

The SQL Injection Protection:

  • From the plugin Dashboard, go to the Firewall >> Settings.
  • Enable SQL injection Protection from the vulnerabilities option.
  • Improper handling of input fields can lead to this type of attack. Database queries are injected within input fields.
  • Usages of input fields without verification and validation may lead to the attacker gaining access to the database.
  • miniOrange uses SQL injection signatures to filter out SQL injection attacks. Requests matching these signatures will be blocked.

  •  SQL injection Protection

Local File Inclusion Protection:

  • From the plugin Dashboard, go to the Firewall >> Settings.
  • Enable Local File Inclusion protection from the vulnerabilities option.
  • An attacker can use Local File Inclusion to trick the web application into exposing or running files on the web server.
  • An LFI attack may lead to information disclosure, remote code execution, or even Cross-site Scripting (XSS). Typically, LFI occurs when an application uses the path to a file as input.
  • miniOrange uses malicious file name signatures to filter out file inclusion attacks.

  • Local File Inclusion protection

Set Attack Limit:

  • Go to Firewall Tab >> Settings Tab and scroll down.
  • Edit the attack limit. This will block the IP if the attacker tries to enter the wrong password.
  • Select the number of attacks after which the attacker's IP will be blocked.
  • Click on the submit button.

  • Set Attack Limit firewall

  • We have successfully limited of attack has been saved.

  •  successfully limited of attack has been saved

Additional Resources


If you don't find what you are looking for, please contact us at 2fasupport@xecurify.com or call us at +1 978 658 9387.

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com