The importance of a Web Application Firewall for WordPress Sites
by Idean Vasef
Before we dive in and get down to the nitty-gritty, let’s begin with some basic background information on firewalls (feel free to bypass this part if you’ve already done your homework). At the most basic level, A Firewall is a software and/or hardware feature that acts as a shield or ‘wall’ between your website and all incoming traffic. Think of it as the space between your home router and the internet. In a typical home internet setup, the wireless router serves as the hardware firewall while your computer’s and/or device’s standard operating system (Windows, Mac OSX, etc.) serves as the software component of the firewall.
Firewalls protect you from the bad guys by using customized filters. These filters are a basic set of rules that are defined in order of prioritization. This is important because as a company, you only want authorized and safe traffic accessing your website. On top of utilizing best practices such as using secure passwords and frequently changing them, you also need to learn about the general importance and the necessity of a firewall. (I wrote a recent blog post about a similar security topic called ‘Two-Factor Authentication’ that you can read about if you’re intrigued). So, in a nutshell, a firewall is that extra important security layer that your website and computer needs. For this blog entry, I’ll be focusing on what is known as ‘web application firewalls’ or WAF’s for short.
WAF’s are more of a recent introduction to the WordPress ecosystem. WAF’s work hard to counter cyber attacks from malicious hackers who are seeking to steal highly sensitive information. To keep things easy peasy, all you need to remember is that WAF’s exist to protect your WordPress website!
Why Do I Need a Web Application Firewall For My WordPress Site?
Historically speaking, 2017 holds the RECORD for the total number of cyber attacks in terms of security breaches, ransomware, and exploits according to an annual global security report issued by AppRiver. You very well may have heard about the infamous Equifax nightmare that resulted in possibly 143 million people having their highly sensitive personal data (social security and driver’s license numbers) compromised. Ok, Idean, that all sounds fine and dandy but do I really need a web application firewall for my WordPress site? I mean, nothing has happened so far and all this is just so companies can make an extra buck right? Well, my friend, do I have some interesting and frankly scary data to share with you. Did you know that among all CMS (content management system) platforms, WordPress gets hacked the most? Furthermore, there are up to 90,000 attacks per minute on WordPress sites according to Wordfence, the creator of a popular WordPress plugin. Unfortunately, this is naturally the price we consumers pay for the ‘user-friendly’ WordPress CMS.
How A Web Application Firewall Works and What We Offer
WAF’s are configured to either (or in some hybrid cases both) a) allow certain traffic or to b) block traffic. Whitelisting, or allowing certain data from a pool of accepted IP addresses ensures that the incoming traffic to your website is deemed ‘safe.’ On the other hand, blacklisting certain IP addresses will ensure that malicious data will not access your website and is designed to thwart anything that can slightly resemble a cyber attack. In regards to WAF’s, all these configurations are carefully executed and set at the software level for WordPress sites.
At HD, we understand how important security is for your WordPress site. No different than a 24-hour state of the art home security system that protects your property, our highly skilled security experts strive to go above and beyond to ensure stability and thwart attacks before they happen. Just how a home burglary happens approximately every 13 seconds, hackers across the world are hard at work attempting to steal your precious information and data. These days, you need more than a full-grown Rottweiler on the premises to protect your valuable belongings! At an age where we’ve seen notorious attacks like the Equifax breach, a hosting provider that provides 24/7 security over your website is a must and not just a ‘nice to have.’ At HD, we offer a standard WAF that we use for all clients out of the box as well as a highly advanced WAF for our premium plans (in partnership with the good folks at Sucuri). HD’s state of the art DuplexGuard™ security will keep you safe and protect you from 99% of attacks while also preventing them from happening. As always, we’re here to answer any of your questions so please, don’t be a stranger!
March 17, 2018
January 31, 2015