If you’ve ever inspected the access logs of a live WordPress website before, you will undoubtedly have encountered requests from bots; scanning for potentially weak parts of the site that they can further try to exploit.
This is where the Really Simple Security Firewall comes into play, which can lock out such malicious traffic from reaching your WordPress site. It can be used to swiftly block malicious actors that attempt to launch attacks against your site. In this article, we will explain how to properly leverage the Firewall in Really Simple Security to shield your WordPress site against malicious traffic.
404 Blocking
One of the main methods that attackers use to probe websites is by scanning for vulnerabilities, which often results in numerous 404 Not Found errors as they attempt to visit various pages on your site. Our firewall intelligently detects and blocks these attempts if they exceed a certain (customizable) threshold.
The desired lockout duration can be specified by the administrator, and ranges from 30 minutes to a day. Permanent blocks can also be configured.
While it is unlikely that legitimate visitors trigger such an excessive amount of 404 Not Found pages that they would get blocked due to this firewall rule, you can display a ReCAPTCHA verification prompt to users that have been locked out; allowing the visitor to prove their legitimacy by completing a CAPTCHA to unblock themselves. This ensures that your protective measures do not interfere with the experience of real website visitors.
Geolocation-based Access Restrictions
This firewall rule allows you to control access to your site based on geographical locations. It enables you to block or allow access to your site from specific countries; or even entire continents. If your site doesn’t have a legitimate audience in certain countries, blocking those regions can already eliminate a portion of potentially harmful traffic, and save some server resources in the meantime.
Certain regions may be known sources of cyber attacks. If you notice a surge in attacks from a particular region (as seen in the Event Log, for example), you can quickly block those countries to mitigate the threat, without affecting users from other locations as a result.
IP Addresses (Blocklist/Allowlist)
Under Firewall -> Blocklists, you will find the options that allow you to control which IP addresses can always access your site; and any IP addresses that should never be allowed to connect to the site.
The Trusted IP list will automatically include the administrator’s IP, and also allows for manual additions. Below that section , you will find an IP Blocklist that allows you to manage both temporary and permanent blocks for any problematic IP addresses.
Event Logging
The Event Log keeps you informed about any actions taken by the Firewall, such as whether any lock-outs have been triggered due to excessive amounts of 404 Not Found pages being visited. It also displays whether any countries, continents or specific IP addresses have been manually added to an allow- or block-list.
WordPress Firewall vs. Network-Level solutions
While the Really Simple Security Firewall provides stable and performant firewall functionality to your WordPress site, we strongly believe in a layered approach to security. To ensure that your site is optimally protected, we therefore recommend using the Really Simple Security Firewall in conjunction with a cloud firewall solution like CloudFlare.
The combination of a network and application-level firewall allows for complete protection, whereby each solution covers potential ‘gaps’ in the other’s capabilities:
- A WordPress Firewall like Really Simple Security operates at the application level, and is therefore very suitable to specifically focus on WordPress-related threats, as it can make decisions based on WordPress-specific context (e.g., login attempts, plugin interactions). However, implementing a fully functional WAF (Web Application Firewall) on your WordPress site will inevitably come with performance impact, as every request to the site needs to be held against these Firewall rules. Because of this, a WordPress-based WAF will not protect your site against a DDoS attack, as the webserver will still have to process the influx of requests.
- A network-level solution like CloudFlare operates on the network side, before the traffic even reaches your WordPress site. This provides broader protection against general web threats (e.g., DDoS attacks, bot traffic), and can handle large-scale attacks that might overwhelm a server-level solution. Though it won’t have as much context as a WordPress-based firewall.
We chose not to include a full Web Application Firewall in Really Simple Security for these reasons. Having both a cloud firewall and WordPress-based firewall working together will set you up with the best of both worlds: Maximum protection with the least impact on site performance.