Getting hacked is a total bummer, right? Right. But you can stop it with this plugin — WordPress Firewall. It won't stop every determined hacker from zapping your blog — but it's definitely worth installing if you're maintaining more than a few blogs.
After all, you simply can't upgrade every blog instantly every time a vulnerability is published for WordPress or any of the plugins you've got installed. So this plugin might buy you some much-needed time … and sanity.
It investigates web requests with simple WordPress-specific heuristics to identify and stop most obvious attacks.
Here is the basic feature list —
0. Blocks most common attacks by default for WordPress and all of your installed plugins.
1. Emails are sent to a configured email address. They look like this —
2. Lets you whitelist your IP.
3. Lets you whitelist a page, a variable in a page, or a variable on every page. It's pre-configured with some rules that stop it from misbehaving in places where bad-looking data could be found — and vulnerabilities are unlikely to be lurking — comment bodies, post bodies, etc.
Let us know what you think in the comments, or using our feedback form.
Related posts:
"13 Wise Comments Banged Out Somewhere On The Internet ..."
I have been hacked on wordpress several times, so if this can even prevent one from happening I will freakin dance a jig. I will start testing asap…
I have been using this for the past week or so and it has stopped MANY attacks of various different kinds. I especially appreciate the email notification feature which gives you an idea of how popular your blog is with hackers. Thanks for the excellent tool, Jaimie!
What is the difference between this and your Injection Blocker plugin? They seem to perform similar tasks.
Just tried this out and I am amazed how many time people try to hack my blogs! Hackers seem to be mostly in Russia and China…interesting tool.
Does this plug-in work with WP Super Cache? How about Bad Behavior? I have it installed and it hasn't blocked anything so far, including a nasty SQL injection attack that knocked out MySQL.
Does this or can you have it write to a log file for archiving and sorting, etc? Thanks for this great plug.
Been using this a while and pleased. Today had this warning: netcache-ntlmv2 = QTFCMkMzRDQ6MToH3qUCB96lAhdJTB8ttUW00xd9lKtk0DiBRN5J48Z5cky0NONIcHZ3PsKjgZA9F7yLTibdnoyAwiXqEOR0fRpnoBLIzsnSRW0= This may be a "WordPress-Specific SQL Injection Attack." Google'd it and netcache-ntlmv2 seems to be something to do with proxy servers. Any idea if this is just an innocent attempt to access the site over a proxy server (Singapore IP) or to do something nasty? Should I ignore or whitelist netcache-ntlmv2, or blacklist the IP?
Hi, I was trying to install the plug in but kept getting this response. Incompatible Archive. PCLZIP_ERR_BAD_FORMAT (-10) : Unable to find End of Central Dir Record signature Could you please help me with this WordPress Firewall Script at I Hate Google.org - Search Engine Optimization News and Tidbits (a.k.a. I Love Google.org)[...] Sirovich just sent me a Facebook chat about his new WordPress Firewall script. I just installed it, and will post my thoughts about it when I've had a chance to evaluate [...] links for 2009-01-27[...] tools. And therefore you need Google Analytics to do the real ranking. (tags: analytics stats seo) SEO Egghead Inc. Blog » Stop Hackers With Our WordPress Firewall Plugin v1.2 Getting hacked is a total bummer, right? Right. But you can stop it with this plugin — WordPress [...] MonitorHackdFiles Tool Helps Fight Site Hackers | WebChicklet | Just a Geek Girl[...] the WordPress Firewall plugin. This is great at stopping most intrusion attempts and is the second line of defense. If this [...]
|
