A firewall is a type of software that protects your website from unwanted online traffic and malicious activities. It’s designed to recognize and filter out behaviour patterns that are usually associated with “bad” traffic — users and software that you don’t want accessing your website. If your website was a nightclub, the firewall would be the bouncer at the entrance.
The majority of daily traffic for any given website is good. Good traffic can be hits from users interested in your product or service, or logins from regular customers or users. Some automated traffic is also good. For example, Google uses bots called spiders that “crawl” your website, analyzing the content and ensuring it appears in search results for appropriate queries, thus making it easier for new customers to find you.
The freely accessible nature of the internet unfortunately invites some bad traffic as well. Bad traffic sometimes means hackers, but it’s more often automated and comes in the form of malicious bots or software programs that are designed to try to poke holes in your site or exploit existing vulnerabilities. Bad traffic might try to access confidential information or impede your website or business’ function.
It’s not uncommon for a WordPress website to be running some outdated plugins. In fact, various reports have been published that show that 30 – 70% of WordPress websites have exploitable vulnerabilities. That’s a wide range and the reports are based on certain sample sizes.
However, even if you have the latest version of WordPress, all updated plugins and themes and the best hosting on earth, your website is still going to be exposed to bad traffic that is persistently trying to find a hole or vulnerability to exploit. A firewall helps to exclude this bad traffic from touching your site.
In the event that you are like 70% of the WordPress website owners out there and are not updating your site diligently with each release and/or are running some outdated plugins and themes, then a firewall becomes even more important. WordPress plugins can become vulnerable when the original developers move on to different projects and abandon older plugins, no longer releasing security updates and patches. A good firewall blocks some common traffic patterns that are designed to exploit these types of vulnerabilities.
Vulnerabilities aren’t the only way bad traffic can access your site. Firewalls can also protect against what’s called a brute force attack — this is an attack wherein a user or a piece of software makes numerous successive attempts to log in to a site or access a certain page. Firewalls can be configured to lock users out of a website after a certain number of attempts (a feature you may have encountered if you’ve ever forgotten your own password).
Some regions are also known as hotbeds for suspicious internet activity. A firewall can be configured to shut out all traffic coming from IP addresses within a certain country while still allowing your customers to access the site.
If your business website is large and complex, or has a significant number of regular users, you might be more vulnerable to Distributed Denial of Service (DDoS) attacks. These are sophisticated attacks involving numerous automated servers configured to overload a single website with thousands, tens of thousands, and sometimes millions of hits at once. This sudden uptick in traffic can crash a website or web application, creating vulnerabilities that can then be exploited. Luckily, a smart and well-configured firewall can defend against DDoS attacks as well.
For the average business, basic website maintenance activities like regularly updating your plugins and WordPress themes can go a long way toward minimizing website vulnerabilities thus making it easier for a good firewall to do its job.
Different types of firewalls can work alone or in tandem to fulfill your security needs. WordZite uses both cloud-based and plugin-based firewalls, both of which have their own set of advantages, and which can be used in tandem for an even stronger layer of security.
The best firewalls are linked via global networks, constantly communicating with each other to update their knowledge of the strategies that hackers and bad AI are using to infiltrate websites. Firewalls that are linked to each other like this are generally known as cloud-based firewalls.
Cloud-based software products are those that are stored on a series of remote servers, connected via the internet. This is in contrast to software stored on a local server or your personal computer (this type of software might be called local, on-site, or other similar terms).
Because cloud-based firewalls operate on remote servers, they use minimal on-site processing power, and they’re better equipped to communicate remotely with each other, allowing them to learn about threat behaviours from around the globe. WordZite uses a cloud-based firewall called Cloudflare. Cloudflare is a firewall service that’s distributed across servers and data centres in almost every major populated area on Earth. In the blink of an eye, Cloudflare routes all traffic to the nearest data centre for inspection before it’s allowed to access your site. With a firewall like this, would-be hackers will be shut out before they can even see your website’s IP address.
Plugin-based WordPress firewalls operate on your local server. They use a bit more local processing power than cloud-based firewalls, which can put a strain on your website function if you’re fielding a large amount of traffic, but for the average business this isn’t a problem.
The advantage of plugin-based firewalls is that they allow for more granular configuration — an advantage if your WordPress website is looking to attract a very specific type of traffic. For example, a plugin-based firewall such as WordFence can be configured to reject or accept traffic from regions commonly identified as suspicious. This can be helpful if your company does legitimate business in a region that cloud-based firewalls would treat as suspicious by default.
A cloud-based firewall and a plugin-based firewall can work in tandem to provide two layers of security for your website, but in many cases, one firewall is enough to keep the bad traffic out. Which type of firewall is best for you will depend largely on the size and complexity of your website, and the nature of your business.
No matter what type of firewall you use, it’s vital to ensure that it’s properly configured upon install. Properly configuring a firewall means knowing how a firewall operates, but it also means understanding how your website normally functions, the level of traffic that it normally gets, and the types of users that you want to attract. Your website’s current and historic traffic data can be gleaned through regular website monitoring.
A large retail corporation that processes thousands of credit card transactions through its website each day is going to need a different level of security than a small local business that maintains a website strictly for informational purposes.
Regular monitoring of both your website and your firewall ensures that security features are kept up-to-date. When firewall developers add a new feature, a web security expert can determine how the new feature will or won’t benefit your business and your users, and they can reconfigure the firewall to either support or work around the new feature. Firewalls can be configured to alert you or your in-house web expert any time there is a security alert.
A firewall is an essential WordPress security tool, but a good firewall is only a small part of a complete security platform. Do you know what type of firewall is protecting your website, and whether it’s properly configured?
If you don’t, now is a great time to book a WordZite security audit.
The security experts at WordZite are always learning and incorporating new strategies into our security products – this means that when you entrust your WordPress website security to Wordzite, you can rest easy knowing your website is being protected and monitored with the most current and effective security strategies.