A very simple firewall for WordPress that allows you to see all real requests to your WordPress and protect you from Internet attacks. It’s a WAF, a Web Application Firewall that is installed in front of WordPress. It’s installed in the server with the plugin, and it checks requests from the web browsers, bots or webcrawlers to your WordPress. It executes the WAF codes before every request to PHP files of WordPress, so it also works before every request to the WordPress cache.
Features:
- Feel free to contribute in GitHub to improve the project.
- It’s free, completely free.
- Detection and protection of DoS attacks.
- Detection and notification of possible DDoS attacks.
- It can protect you against SQL injection, XSS and Xploit attacks using your own Regexes.
- Permanent block or bypass of custom IPs, it allows you to configure IPs with your own Regexes too.
- Log and show Regex errors, for debug and improve your Regexes.
- Save payloads, all or only when match a regex.
- Block and allow countries and continents.
- 404s detections.
- Show URLs or IPs doing 404s.
- Show IPs that are doing most of the visits.
- Show URLs most visited.
Uninstall
- Uninstall .user.ini file.
- Deactivate the plugin into the Plugins menu in the admin panel of WordPress.
- Delete into the Plugins menu.
All the options configured into the plugin are removed when plugin is deleted, not when plugin is deactivated. All the database tables are removed when plugin is deactivated. So if you want to remove the plugin and all data stored, first deactivate the plugin and then remove it from the plugin admin zone into the WordPress backend.