Activate the 7G Firewall in WP Ghost for server-level protection against SQL injection, script injection, and malicious bot traffic. The 7G Firewall is a widely deployed ruleset created by security expert Jeff Starr. It blocks malicious HTTP requests at the server level – before WordPress, PHP, or any plugin code executes. WP Ghost integrates the 7G ruleset natively. For most sites, the newer 8G Firewall is recommended, but 7G remains a solid option when 8G causes compatibility issues with specific server configurations or plugins.
The 7G Firewall is a set of server-level security rules created by Jeff Starr of Perishable Press. It’s part of the G-series firewall rulesets (5G, 6G, 7G, 8G) that have protected millions of websites. The 7G ruleset blocks malicious requests, bad bots, automated attacks, spam, SQL injection, and script injection attempts through lightweight server-level filtering.
Like the 8G successor, 7G operates at the web server level. On Apache servers, the rules are placed in .htaccess, intercepting malicious requests before PHP processes them. On Nginx and LiteSpeed, the rules load during WordPress initialization. Either way, blocked requests never reach WordPress core, your plugins, or your database – and they consume minimal server resources.
The 7G ruleset protects against SQL injection, script injection and XSS, directory traversal, file inclusion exploits, bad bots and automated scanners, and malicious query strings. For a detailed breakdown of what each attack type looks like and how the firewall stops it, see the 8G Firewall tutorial – both rulesets block the same categories of attacks.
The 8G Firewall is the recommended default – it includes all 7G protections plus updated patterns and fewer false positives. Use 7G in these specific situations as part of your hack prevention strategy:
When 8G causes a false positive. If a specific plugin feature, form submission, or admin action stops working after enabling 8G, the 8G-specific rules may be triggering on a legitimate request. Switch to 7G to confirm the issue is 8G-specific. If 7G works without the false positive, you have two options: stay on 7G, or whitelist the affected path and switch back to 8G.
When your server configuration has compatibility issues with 8G. Some older server configurations or custom hosting environments may not support all 8G directives. 7G has been deployed longer and tested across a wider range of server setups. If 8G causes server errors (500 errors, blank pages), 7G is the immediate fallback.
When you want proven, battle-tested rules. 7G has been in production across millions of sites for years. Its ruleset is thoroughly vetted and extremely stable. If your priority is maximum stability over cutting-edge coverage, 7G delivers reliable protection.
After activating, test your site: browse key pages, submit forms, test checkout (if WooCommerce), and verify admin functions work correctly.
Compatibility note: If 7G causes issues with specific functionality, try Medium or Minimal firewall levels first, then escalate. For the complete firewall configuration including automated IP blocking, header removal, and theme detector blocking, see the Firewall Security tutorial.
Start with 8G – it’s the latest generation with broader coverage and fewer false positives. Only switch to 7G if 8G causes a specific compatibility issue. Think of 7G as the reliable fallback: proven, stable, and thoroughly tested – but without the latest pattern updates that 8G includes.
It improves performance for sites under attack. Malicious requests are rejected at the server level with minimal resources. For legitimate traffic, the overhead is negligible. When placed in .htaccess, the rules execute before PHP starts – blocked requests cost almost nothing to process.
Yes. The 7G Firewall operates at the server/configuration level. Wordfence and Solid Security operate at the PHP/application level. They protect at different layers and complement each other without conflict.
No. WP Ghost automatically whitelists major search engine crawlers (Googlebot, Bingbot, Yandex) when the 7G Firewall is active. Legitimate crawlers access and index your site normally.
No. The 7G rules are placed in .htaccess (Apache) or loaded through WordPress hooks (Nginx/LiteSpeed). No core files are modified. Disabling the firewall removes all rules instantly.
Build your complete firewall and security stack:
Replace the default wp_ database prefix with a random one to protect against SQL injection…
Change the WordPress uploads directory path with WP Ghost (rewrite rules, no files moved) or…
Configure WP Ghost with WP Rocket cache. Enable file optimization, Change Paths in Cache Files.…
https://youtu.be/6ylhojSi-_E In this video, we’ll explore why website security matters and what can happen if…
The security of your WordPress site depends on multiple factors, such as the strength of…
Step-by-step guides to connect WP Ghost 2FA with Google Authenticator, Authy, Microsoft Authenticator, or LastPass.…