Firewall and Security

What is Firewall?

• Traffic Filtering: A WAF monitors and filters incoming and outgoing HTTP/HTTPS traffic to identify and block malicious activities.
• Protection Against Attacks: It helps protect against common attacks such as SQL injection, cross-site scripting (XSS), and brute force attacks & Website Hack Protection.
• Increase Security: By acting as a barrier between your website and the internet, it ensures data integrity, prevents unauthorized access, and maintains the availability of web services.

How to Use Firewall with WP Ghost

WP Ghost increases your website’s defense by incorporating filters within the configuration file, blocking harmful parameters and queries. This protection mechanism helps remove the hacker’s ability to actually land any attack.

Firewall Updates: The harmful query list in WP Ghost is continuously updated. To ensure optimal protection, always maintain the latest version of the plugin on your site.

One of the most prevalent methods hackers employ to breach websites is by accessing the domain and injecting malicious queries, aiming to extract sensitive data from files and databases. These attacks target not only WordPress sites but any website. A successful attack can make it too late to save the website.

Activate Firewall Against Injections

To activate the firewall feature:

1. Go to WP Ghost > Overview or WP Ghost > Firewall.
2. Switch on the Firewall Against Script Injection option.

After activating this option, you can select between 4 firewall options: 

• Minimal (most compatible)
• Medium (added in 2018)
• 7G Firewall (added in 2020)
• 8G Firewall (added in 2024)

On Apache servers, you can place the firewall rules in htaccess file or load the firewall on the WordPress Initialization process.

8G Firewall

The 8G Firewall is the most advanced and modern option, supported by security expert Jeff Starr. This firewall layer offers the following:

– Advanced protection against a wide array of threats.

– Lightweight, server-level security without impacting performance.

Learn more about the 8G Firewall

Note: The 7G and 8G Firewall options may not be compatible with all server configurations. For broader compatibility, consider selecting minimal or medium protection levels.

With WP Ghost’s firewall feature, your website is better safeguarded against script injection attacks, ensuring a more secure online presence.

Search Engine Crawling Whitelisting

WP Ghost automatically includes search engine crawlers in the whitelist when the firewall is activated for all 6G, 7G, and 8G firewalls.

This ensures that legitimate search engine bots, such as Googlebot, Bingbot, Yandex, and others, can continue to access and index your website without being blocked by the firewall rules.

This intelligent feature reduces administrative effort while maintaining security and SEO optimization.

Remove Unsafe Headers

Moreover, you have an option to remove potentially unsafe headers:

1. Go to Hide My WP > Firewall > Header Security.
2. Switch on the Remove Unsafe Headers option.

This feature removes unsafe information such as:

• PHP version
• Server info
• Server Signature
• WordPress-related headers

By configuring these settings with WP Ghost, you ensure an additional layer of security to protect your website from various vulnerabilities and attacks.

Block Theme Detectors

To prevent theme detectors from accessing your website, follow these steps:

1. Go to Hide My WP > Firewall > Header Security.
2. Switch on the Block Theme Detectors Crawlers option.

Popular detectors that are blocked:

• WP Theme Detector (wpthemedetector.com)
• Built With (builtwith.com)
• IsItWP (isitwp.com)
• Wappalyzer (wappalyzer.com)
• WhatCMS (whatcms.org)
• Gochyu (gochyu.com)
• WP Detector (wpdetector.com)
• Scan WP (scanwp.net)
• and more