If you own a popular WordPress blog, then there is a very big chance that your WordPress blog is facing security attacks everyday. Most of these attacks are silent and there is no way to know about them unless you have a WordPress security plugin. Depending on the popularity of your blog, there attacks might range from a few hundreds to more than thousand attacks per day.
Unless the password for your blog is very strong, your WordPress blog might be at the risk of being hacked. The proper method to deal with this risk would be to block the attacker. While WordPress doesn’t have any feature to do so, on the other hand there are a few security plugins that you can install on your blog and block various types of security attacks..
WordPress Firewall is one such free WordPress plugin that can protect your WordPress blog from brute force attacks and several other attacks that are aimed to gain unauthorized access to your blog. The plugin can effectively combat multiple security attacks such as Directory traversal, SQL injection, WordPress specific SQL injection, executable file upload and many more other attacks.
I have been using the plugin on my WordPress blogs and to this day it has been successfully protecting my blogs against many security attacks. Installing the plugin is very simple, you can either install it directly through WordPress plugin repository or manually install it by uploading it WordPress.
Here are few settings that you should enable in WordPress firewall
Once the plugin is installed, you will able to choose between various attacks from which you want to shield your blog. For maximum safety of your blog, select all the attacks.
The plugin allows your blog to either show a 404 Error page to the attacker or redirect him to your blog’s homepage.
The plugin has a very useful notification feature that will immediately send you a email notification every time the plugin successfully blocks a security attack. These notification emails will contain details about the attack type and the ip address from where the attacks originated. In case you want to take legal action, you can trace out the location of the attacker using the ip address.
Here is how your notification emails should look like :
If your internet service provider provides you with a static IP address, then you should add it to WordPress firewall’s list of whitelisted IP addresses. This is important because when you update a plugin, in case of a few plugins, WordPress firewall might mistake it as a security attack and in that case it will redirect you to your blog’s homepage. So adding your computers IP address to WordPress firewall’s list of whitelisted IP’s will let you update your plugins without any hiccups.
In case you have a dynamic IP address and you face a problem with updating the plugins on your WordPress blog, you will have manually add your IP address every time you update a plugin.
I have been using WordPress firewall on my blogs and everyday the plugin notifies me about many attacks on my blogs. If you are looking for an plugin to protect your WordPress blog against security attacks, WordPress firewall is a great option for you.