How to Setup the Firewall in WP Simple Firewall
The fourth step of the guide to the WP Simple Firewall plugin takes a look at the Firewall and the options available to users of the plugin.
Step 1) Login to the WordPress Dashboard.
Step 2) Head to your Dashboard and choose Simple Firewall and then Firewall from the dropdown menu. Enable or disable the Firewall feature via the tick box. This will turn the Firewall on/off completely.
Step 3) Tick the box marked Include Cookies if you want your Firewall to test cookie values as well as the other tests it conducts on your website.
Step 4) Tick the box marked Directory Traversals if you want to block directory traversal paths in application parameters, such as password, etc and so on.
Step 5) To block SQL (structured query language) queries, tick the box provided. This will prevent any communication with the database in application parameters.
Step 6) Block WordPress specific terms such as wp_, user_login and more by ticking the box provided.
Step 7) The Field Truncation box is used to block attacks, where an attacker inserts code into a message so that the recipient can’t pick up the rest of the message. This will prevent any further attacks.
Step 8) Tick the box provided for PHP Code to block any data that tries to include PHP files, which can slow your site response time.
Step 9) Blocking executable file uploads will prevent users from uploading files such as .php and .exe files and keep your site running at its best levels.
Step 10) Tick the box provided to block heading schemas such as https and http in your application parameters and thus prevent any attempts to spam your site.
Step 11) In you choose Firewall Block Response box, you can choose how your firewall responses when it blocks a request, which includes die, die with message, return 404 or redirect to Home Page. You can also set an email report so that you will be notified when your firewall has blocked someone.
Step 12) Set a whitelist of IP addresses, pages and parameters that are free from being subjected to Firewall rules. These are likely to be your websites and any websites that you know are clean and safe. You can also choose to give search engine bots a free pass, and allow admin users to be safe from the firewall.
Step 13) The flipside of that coin is to create a blacklist of IP addresses which will in turn be blocked from accessing your site. Click the button marked Save all Settings when you’re done.
The next step of the guide will focus on How to Setup Login Protection and 2FA with WP Simple Firewall.