內容簡介
網路安全應用程式中的防火牆是一個監視和過濾進出網路流量(IP 地址)的網路安全應用程式。防火牆就像是一道屏障,位於私人內部網路和公共網際網路之間。
功能豐富、易於使用、穩定、安全且得到良好支援的 WordPress 防火牆安全外掛程式
防火牆可透過檢查漏洞以及實施和執行最新的 WordPress 安全實務和技術來降低風險。我們的安全和防火牆規則分為「基本」和「進階」兩類。這樣您可以漸進式地應用防火牆規則,而不會破壞您站點的功能。
使用防火牆安全外掛程式,管理員可以輕鬆地阻止國家和 IP。防火牆可保護您的網站免受不必要的流量和惡意機器人攻擊。該防火牆可保護您的網站免受不同類型的攻擊,並在您的網站上提供安全層。
符合 GDPR 的要求。
Web 應用程式防火牆 (WAF) 的作用是什麼?
WAF/防火牆跟蹤進入您的網站/網路應用程式的 HTTP 流量。基本上,它監視所有進入您的網站/網路應用程式的請求。如果 WAF 覺得進入的請求可疑,例如進入的請求可能會對您的資料庫進行某些更改,或者未經授權的人員/黑客可能能夠存取您的網路應用程式,WAF 會阻止這些請求,從而使您的網站免於受到不必要的攻擊。基本上,WAF 會過濾和封鎖可疑或不必要的進出一個網路應用程式的 HTTP 流量。
下列是由 miniorange 防火牆安全外掛程式提供的安全和防火牆功能清單:
使用者登入安全
登入鎖定功能可保護免於「暴力破解登入攻擊」。使用特定 IP 地址或範圍的使用者會在依據配置設定的一段時間內被系統鎖定,您也可以選擇收到電子郵件通知,每當某人因登入嘗試失敗而被鎖定時。
作為管理員,您可以查看易於閱讀和瀏覽的表格中所有被鎖定的使用者的清單,並透過點選按鈕為單獨或批次 IP 地址取消封鎖。
監視/查看登入失敗的嘗試,包括使用者的 IP 地址、使用者 ID/帳號名稱,以及失敗登入嘗試的日期和時間。
追蹤記錄每個使用者帳戶的使用者名稱、IP 地址、登入日期/時間和登出日期/時間,以監視/查看其帳戶活動。
可以將一個或多個 IP 地址加入到白名單中。
將 Google reCaptcha 新增到 WP 登入表單和忘記密碼表單。
檔案系統安全
識別設定不安全權限的檔案或目錄,並將權限更改為建議的安全值。
透過停用檔案編輯並防止人們存取您的 WordPress 網站的 readme.html、license.txt 和 wp-config.php 檔案,保護您的 PHP 代碼。
htaccess 和 wp-config.php 檔案備份和還原
輕鬆備份您的原始 .htaccess 和 wp-config.php 檔案,以防需要使用它們來還原損壞的功能,您也可以修改目前的/.htaccess 或 wp-config.php 檔案內容。
黑名單功能
使用者可以通過使用萬用字元指定其使用者代理或 IP 位址來阻止使用者。
防火牆功能
此外掛程式可輕鬆地提供大量的防火牆保護。
外掛標籤
開發者團隊
② 後台搜尋「Web Application Firewall – website security」→ 直接安裝(推薦)
原文外掛簡介
A firewall security is a network security application that monitors and filters incoming and outgoing network traffic (IP Address). A firewall security, is a barrier that sits between a private internal network and the public Internet.
FEATURE-RICH, EASY TO USE, STABLE, SECURE AND WELL SUPPORTED WORDPRESS FIREWALL SECURITY PLUGIN
Firewall reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.
Our security and firewall rules are categorized into “essential(basic)” and “advanced”. This way you can apply the firewall rules progressively without breaking your site’s functionality.
Easy way to block country and to block IP. Using firewall security plugin admin can protect the website from unwanted traffic, and bad bots. The firewall protects your website from different kinds of attacks. And provides a security layer on your website.
GDPR Compliant
What does a Web Application Firewall (WAF) exactly do?
A WAF/firewall keeps a track of the HTTP traffic that comes to your website/web application. Basically, it monitors all the requests that are coming to your web application/website. If the WAF feels that the incoming requests are suspicious i.e. if the incoming request can harm your website (eg. the request may contain some code that can make some changes to your database or an unauthorized person/hacker would be able to gain access to your web application) WAF blocks those requests and prevents your website from unwanted attacks. Basically WAF filters and blocks suspicious or unwanted HTTP traffic to and from a web application.
The following is a list of the security and firewall features provided by miniorange firewall security plugin:
User Login Security
The login locked out protects against “Brute Force Login Attacks.” Users with a specific IP address or range will be locked out of the system for a predetermined period of time-based on the configuration settings, and you can also opt to be notified via email whenever someone is locked out due to too many login attempts.
As the administrator, you can view a list of all locked out users in an easily readable and navigable table, as well as unblock individual or bulk IP addresses with the click of a button.
Monitor/view failed login attempts, which include the user’s IP address, User ID/Username, and the date and time of the failed login attempt.
Keep track of the username, IP address, login date/time, and logout date/time for all user accounts on your system to monitor/view their account activity.
Allows you to add one or more IP addresses to a whitelist.
Add Google reCaptcha to your WP Login form and forget password form.
File System Security
Identify files or folders with insecure permission settings and, change the permissions to the recommended secure values.
Protect your PHP code by disabling file editing and prevent people from accessing the readme.html, license.txt, and wp-config.php files of your WordPress site.
htaccess and wp-config.php File Backup and Restore
Easily backup your original .htaccess and wp-config.php files in case you need to use them to restore broken functionality and also you can modify the contents of the current htaccess or wp-config.php file.
Blacklist Functionality
Users can be blocked by specifying their user agents or IP addresses by using a wildcard to specify IP ranges.
Firewall Functionality
This plugin makes it simple to add a lot of firewall protection to your site via the htaccess file. Your web server processes a htaccess file before loading any other code on your site.
Access control facility.
Instantly activate a selection of firewall settings ranging from basic, intermediate, and advanced.
Deny bad or malicious query strings.
Protect against Cross-Site Scripting and more.
Brute force login attack prevention
This firewall feature will prevent all login attempts from humans and bots. It is possible to hide the admin login page. Change the URL of your WordPress login page so that bots and hackers cannot access your actual WordPress login URL. You can use this feature to change the default login page (wp-login.php) to something you specify.
Security Scanner
If any files in your WordPress system have changed, the file change detection scanner will notify you. You can then investigate to see if the change was legitimate or if malicious code was injected.
Comment SPAM Security
Monitor the most active IP addresses which persistently produce the most SPAM comments using google reCaptcha and instantly block them with the click of a button.
Regular updates and additions of new security features
WordPress security is a living thing that changes over time. Our Firewall Security will regularly update with new security features, so you can be confident that your site will be up to the mark of security protection techniques.
FREE Plugin Feature
Plugin Level Waf: IPs blocked by admin will be blocked on WordPress site load. It is less secure than htaccess level WAF.
Rate Limiting: It helps to prevent DoS attacks on your site. You can set hit/min for each IP.
** SQL Attack Detection and Blocking:** Cyber attacks and suspicious activities will be detected and access to the site for that IP will be blocked.
htaccess and wp-config.php File Backup and Restore
Easily backup your original .htaccess and wp-config.php files in case you will need to use them to restore broken functionality.
Modify the contents of the currently active .htaccess or wp-config.php files from the admin dashboard with only a few clicks
Email Notification: Admin can get a notification on email for any suspicious activity detected on site.
Report: Admin can see the login failed/success, attacks report in the report.
reCaptcha Protection Google services are used to provide ReCaptcha protection.
Premium Plugin Feature
htaccess Level WAF: IPs blocked by admin will be blocked on the server only. These IPs won’t able to access the site.
Real-Time IP Blocking: This firewall feature protects your site from those IPs which are marked as spam by miniOrange WAF.
Rate Limiting for Crawler: Web crawler crawls your Website to increase your ranking in the search engine. But sometimes they can make so many requests to the server that the service can get damaged. By enabling this feature you can provide a limit at which a crawler can visit your site.
Advance Blocking: You can block particular country, IP range, Single IP, browser, and HTTP referrers from gaining access to your site.
Fake Web Crawler Protection: Web Crawlers are used for scanning the Website and indexing it. Google, Bing, etc. are the top crawlers that increase your site’s indexing in the search engine. There are several fake crawlers that can damage your site.
Whitelist Crawler: You can whitelist the top crawler which increases the indexing of your website in the search engine. By enabling this feature the whitelisted crawler will not get throttled/blocked by rate-limiting.
BotNet Protection: BotNet is a network of robots or an army of robots. The BotNet is used for Distributed denial of service attacks. The attacker sends too many requests from multiple IPs to a service so that the legitimate traffic can not get the service.
Remote File Inclusion Protection: It protects from adding files from a remote server to your server.
Remote Code Execution Protection: It Protects from executing malicious commands on your server.
Bot Detection detect bots with malicious intent and stop them from accessing and affecting your site.
Live Monitoring and Auditing Tracking activity all the requests realtime can help you check activities on your sites on important events
Plugin Support
If you have a question or problem with the Web Application Firewall Security plugin, post it on the support forum and we will help you.
Customized solutions and Active support are available. Email us at [email protected] or call us at +1 9786589387.
Check the following page for F.A.Q (see the FAQ section):
https://security.miniorange.com/
Privacy Policy
This firewall security plugin may collect IP addresses for security reasons such as mitigating brute force login threats and malicious activity, the collected information is stored on your server. No information is transmitted to third parties or remote server locations via firewall security.
