WordPress Firewall – What They Are and Installation Guide

Firewall 2

Using a firewall for your WordPress website is the best way to protect yourself against any hacking attempts. The reason why firewalls are so effective is because they can be used to deny access to your website if the visitor does not belong there. This means that the potential hacker will not even have an opportunity to compromise your website.

Here is How a Firewall Works

When a visitor goes to your website, their browser makes a request to the server where your website is hosted.

Firewall 1

This is standard Internet behavior and that means that anyone has the ability to visit and access your site. The only way you can keep someone from seeing your website is if you block a specific user’s IP address through other means like your .htaccess file.

So when a hacker visits your website, they can proceed to try and gain admin access by performing various attacks. It also makes you vulnerable to DDoS attacks or bots that try to exploit Zero-Day Vulnerabilities.

Now of course, there are various measures you can take to protect your website so that none of these attacks are successful. But the risk of a successful attack is still present because these unauthorized visitors are still allowed access to your WordPress site in the first place. This is where a firewall can protect you.

A firewall is simply another server that sits between your website and the visitor.

Firewall 2

It acts as a gatekeeper and filters traffic coming to your website.

The firewall analyzes the visitor and if it deems that the visitor is a legitimate user, it will forward the connection to your server. Only then will the visitor see your website.

Firewall 3

However, if the firewall identifies the visitor as a bad bot or a hacker, it will deny access by dropping the connection altogether. This is where a firewall is valuable, because the unauthorized user will not be able to visit your website in the first place.

This all happens in an instant and the process does not slow down your website either.

Firewall 4

But the true value of a firewall rests in their network. What I mean by that is that a firewall typically protects a large number websites. If one website suffers an attack, then the firewall will learn about it, profile the attacker, and then block that user for all websites that the firewall protects.

Then, when that same attacker tries its luck on another website in the network, the firewall denies the user access, even if that user has never visited your site before. It protects you before the attacker has a chance to compromise your website.

Firewall 5

How to Install a Firewall and What to Know

Though firewalls provide the best possible protection for your WordPress website, it is something you have to pay for in order to use. We listed the most popular providers below but first, let’s make sure everyone understands how to install one.

Fortunately, installing one for your WordPress site is quite simple. You must first understand that there are different types of firewalls and the difference lies in where they operate (where the decision to let someone through or not is made). There are cloud proxy firewalls and WordPress application firewalls.

Cloud proxy firewalls function just like the images that were shown above, where a server or a network of servers sits between your traffic and your website.

Firewall 6

Using a cloud proxy firewall is as simple as signing up with a provider and then rerouting your traffic to their network. You can do this by simply changing the A record in the DNS management area of your domain name account. That’s it.

For this method, if your website is secured through an SSL, you have to take a couple of extra steps to ensure that you do not break the security chain before rerouting your traffic through the firewall’s network. Otherwise, your SSL will be useless and most modern browsers will display a warning to the user, causing them to leave your website.

A bit confusing? Here’s what we mean:

When you use an SSL for your website, you are encrypting the connection between the user and your server. However, if another server sits between the two, you have to be able to encrypt:

  1. The connection between the user and the firewall.
  2. The connection between the firewall and your server.

Firewall 7

This is necessary because otherwise, all of the information that passes from end to end will not be encrypted. In fact, if you attempt to use a firewall but only have an SSL certificate on your server and do not have an SSL for the the cloud proxy firewall’s servers, the user’s browser might display an error like this:

SSL browser error

Depending on who issued your SSL certificate, you may be able to use the same SSL certificate to encrypt both connections. Doing so is as simple as using the same security keys from your website on the firewall.

But if your certificate issuer does not allow you to have access to your security keys for some reason, you will have to purchase an additional SSL certificate to use for the firewall.

A WordPress application firewall is a little bit different in that it directly integrates with your WordPress through a plugin. This means that when a malicious visitor tries to go to your website, the firewall will query an external network (the firewall’s network) and then let the plugin know whether it should allow the visitor or not.

Firewall 8

Installing a WordPress application firewall is much more simple and less disruptive. Most of the time, all you have to do is install a plugin that the provider offers and then activate it using an API key.

Zen WP provides a free WordPress application firewall from Wordfence through many of our support plans.

And if you use an SSL certificate on your website, you will not have to take any additional steps to ensure that all of the plumbing works correctly.

So which type of firewall is the best?

There is no clear answer. Both types of providers will stand by their methods but there is no true and clear advantage of using one way over the other. When shopping around for firewall protection for your WordPress website, the focus should be on the provider’s reliability and size of the network.

Having said that, here are our list of the best providers that we would recommend to everyone:

Best WordPress Firewall Providers

Wordfence Firewall

Wordfence is the leader in the industry and provides the most feature-rich WordPress application firewall, meaning that you do not have to worry about rerouting your traffic through another server or hassle with setting up your full SSL path. All you have to do is install the Wordfence plugin and configure it.

Wordfence’s plugin shows data and traffic in real-time and provides more features and data than any other provider, giving you very granular information about your traffic.

Sucuri Firewall

Sucuri is a provider that has built a solid reputation for themselves in the WordPress community. In fact, at the time of writing this article, we at Zen WP have temporarily switched from Wordfence to Sucuri (as a trial and test) and are very satisfied with their product and support.

Sucuri provides a cloud proxy firewall but their support team is very responsive and will guide users of all levels through the logistics associated with rerouting traffic through their cloud servers.

Best of all, we find that Sucuri provides the overall best value for money among all of its competition.

Cloudflare Firewall

Cloudflare is one of the most popular providers in the industry because they are the only CDN provider that offers a free plan. And just like Sucuri, they offer a cloud proxy firewall. However, they are considerably more expensive than Sucuri or any other firewall provider, although they have a bare-bones free version.

Cloudflare is a bit different than Wordfence or Sucuri because unlike the other two, Cloudlfare is not a full security stack. Cloudflare bills itself as a CDN provider like KeyCDN, Incapsula, and MaxCDN. But in addition to their CDN, they also add a security component to their service that is far more generous and comprehensive than other CDN providers.

Want to read more articles like this one? See 25 Ways to Improve WordPress Security

Sign Up for New Content