Join Jeff Starr for an in-depth discussion in this video Implement a firewall, part of WordPress: Developing Secure Sites .
- [Instructor] The more popular your site gets, the more of a target it becomes for automated, malicious attacks. Scripted attacks occur frequently and involve automated requests for potential security vulnerabilities. In this video, we protect against these relentless, automated attacks by implementing a strong firewall. Here are some examples of the types of bad requests that are constantly threatening websites. Attackers are endlessly scanning sites, using sophisticated, automated scripts, looking for weaknesses to exploit.
These relentless attacks put your site at perpetual risk and waste your server's precious resources, like bandwidth and memory. This slows things down for legitimate visitors. Fortunately, there's a set-it-and-forget-it solution to stopping a great deal of this malicious nonsense. It's a plug-in that I developed called Block Bad Queries, or BBQ, for short. BBQ is a free, simple way of protecting your site against a wide range of bad requests. Let's go to the Add New Plug-in page and take a look.
Here it is. In checking the details, everything looks good. It's current with the latest version of WordPress, it's recently updated, and it's popular with over 60,000 active installs, and it has excellent reviews. In reading the description, we see that BBQ provides a super-fast firewall that protects your site against malicious attacks. Plus, it has lots of great features, as we see here. The installation steps are typical and straight-forward.
In fact, BBQ already is installed on this demo site. So, let's go ahead and activate the plus-in and see how it works. The awesome thing about BBQ firewall is it's simplicity. It's a set-it-and-forget-it type plug-in that secures your site automatically. There are no settings to configure; it just works. To see an example of how it works, let's revisit our log of bad URL requests. Now, with BBQ activated, let's say that some evil script is scanning our site with these sorts of malicious requests.
We can use this URL as an example. In returning to our demo site's home page, we can append the malicious string to the domain name, like so, and then we press enter to make the request. BBQ blocks the bad request with a simple 403 response. This is ideal because it prevents the server from wasting resources on the database, PHP, and assets, such as images, CSS, and Java script. With the BBQ firewall, normal visitors and search engines will continue to enjoy your site, as usual, while behind the scenes, tons of bad requests will get stopped cold.
There's also a pro-version of BBQ for advanced firewall security. In this tutorial, we've seen how BBQ protects your site with a strong firewall that blocks a wide range of bad requests, exploits, malware, and other malicious nonsense. Without a doubt, a strong firewall helps to keep your WordPress site safe and secure.
- Backing up and restoring your site
- Setting up strong passwords
- Understanding users and roles
- Choosing trusted plugins and themes
- Changing and recovering passwords
- Configuring authentication keys
- Securing the login page
- Fighting spam in the comments
- Blocking access and detecting hacks
- Building a firewall for WordPress
- Detecting and blocking bots
- Auditing your WordPress security