Firewall and Security

What is Firewall?

• Traffic Filtering: A WAF monitors and filters incoming and outgoing HTTP/HTTPS traffic to identify and block malicious activities.
• Protection Against Attacks: It helps protect against common attacks such as SQL injection, cross-site scripting (XSS), and brute force attacks & Website Hack Protection.
• Increase Security: By acting as a barrier between your website and the internet, it ensures data integrity, prevents unauthorized access, and maintains the availability of web services.

How to Use Firewall with WP Ghost

WP Ghost increases your website’s defense by incorporating filters within the configuration file, blocking harmful parameters and queries. This protection mechanism helps remove the hacker’s ability to actually land any attack.

Firewall Updates: The harmful query list in WP Ghost is continuously updated. To ensure optimal protection, always maintain the latest version of the plugin on your site.

One of the most prevalent methods hackers employ to breach websites is by accessing the domain and injecting malicious queries, aiming to extract sensitive data from files and databases. These attacks target not only WordPress sites but any website. A successful attack can make it too late to save the website.

Activate Firewall Against Injections

To activate the firewall feature:

1. Go to WP Ghost > Overview or WP Ghost > Firewall.
2. Switch on the Firewall Against Script Injection option.

After activating this option, you can select between 4 firewall options: 

• Minimal (most compatible)
• Medium (updated in 2018)
• 7G Firewall (updated in 2024)
• 8G Firewall (updated in 2026, recommended)

On Apache servers, you can place the firewall rules in htaccess file or load the firewall on the WordPress Initialization process.

8G Firewall

The 8G Firewall, supported by security expert Jeff Starr, is the most advanced and modern protection layer available in WP Ghost.

It provides:

• Advanced protection against script injection, SQL injection, and exploit attempts
• Lightweight, server-level filtering without impacting performance
• Protection before malicious requests reach WordPress core

Learn more about the 8G Firewall

Note: The 7G and 8G Firewall options may not be compatible with all server configurations. For broader compatibility, consider selecting minimal or medium protection levels.

With WP Ghost’s firewall feature, your website is better safeguarded against script injection attacks, ensuring a more secure online presence.

Automate IP Blocking

The Automate IP Blocking feature extends the firewall by automatically blocking IP addresses that trigger repeated security threats.

To enable:

1. Go to WP Ghost > Firewall.
2. Switch on Automate IP Blocking.
3. Configure the rule:

• When an IP triggers a defined number of similar or identical attacks
• Within a selected time interval
• Then automatically block the IP (temporary or permanent blacklist)

Example:
Block an IP permanently if it triggers 10 similar attacks within 1 minute.

This feature turns the firewall into an adaptive protection system that:

• Reduces repeated attack attempts
• Automatically escalates protection
• Prevents manual blacklist management
• Works together with whitelist rules (whitelisted IPs are never blocked)

Automated IP blocking ensures that repeated malicious behavior is handled instantly, without administrator intervention.

Search Engine Crawling Whitelisting

WP Ghost automatically includes search engine crawlers in the whitelist when the firewall is activated for all 6G, 7G, and 8G firewalls.

This ensures that legitimate search engine bots, such as Googlebot, Bingbot, Yandex, and others, can continue to access and index your website without being blocked by the firewall rules.

This intelligent feature reduces administrative effort while maintaining security and SEO optimization.

Remove Unsafe Headers

Moreover, you have an option to remove potentially unsafe headers:

1. Go to Hide My WP > Firewall > Header Security.
2. Switch on the Remove Unsafe Headers option.

This feature removes unsafe information such as:

• PHP version
• Server info
• Server Signature
• WordPress-related headers

By configuring these settings with WP Ghost, you ensure an additional layer of security to protect your website from various vulnerabilities and attacks.

Block Theme Detectors

To prevent theme detectors from accessing your website, follow these steps:

1. Go to Hide My WP > Firewall > Header Security.
2. Switch on the Block Theme Detectors Crawlers option.

Popular detectors that are blocked:

• WP Theme Detector (wpthemedetector.com)
• Built With (builtwith.com)
• IsItWP (isitwp.com)
• Wappalyzer (wappalyzer.com)
• WhatCMS (whatcms.org)
• Gochyu (gochyu.com)
• WP Detector (wpdetector.com)
• Scan WP (scanwp.net)
• and more

With WP Ghost’s firewall and automation features combined, your website is protected at multiple levels before malicious requests reach WordPress, and automatically escalated when repeated attack patterns are detected.