Setting up Firewall






coreSecurity Pro plugin includes two different Firewalls. One is added via .HTACCESS, and the other is standalone Firewall feature:

Now, technically, you can use both. If Firewall in .HTACCESS captures the request that needs to be stopped, server will issue 403 Forbidden response, and request will not even reach WordPress. If the request is not captured by Firewall in .HTACCESS, it will reach the WordPress and will get processed with the Firewall feature.

Which of these to use depends on your preferences, so the best way to decide is to know the requirements, pros and cons for both of these, and decide based on that.

Firewall Feature

Requirements

Firewall Feature will work with any web server, there are no special requirements.

Pros

  • Each time firewall is triggered, it will log the offence in the database log, and based on that, offending IPs can be banned.
  • Log can be used to further analyze all the requests that have been caught, to refine and improve firewall rules.
  • Each firewall rule can be disabled and enabled from the Dictionary panel, with the immediate effect.
  • It is easier and faster to update with new rules.
  • Works with every server type.

Cons

  • The Firewall works as a part of WordPress code execution, and each request is processed by server, sent to the WordPress to reach the firewall.
  • If your cache plugin serves cached HTML file without WordPress processing, cached responses will bypass the Firewall. Check out more information about Cache Plugins.

.HTACCESS Firewall

Requirements

Firewall in .HTACCESS requires use of .HTACCESS file, and it is limited to Apache and Litespeed web servers. And, you need several Apache modules active: Apache Modules.

Pros

  • It runs before the WordPress is even reached, on the server level.
  • It is faster to detect and scan requests coming to the website.
  • It works with any WordPress cache plugin.

Cons

  • Any time firewall is triggered, it will be stopped, but the request and offending IPs can’t be logged for future auto banning.
  • Editing of the rules is not easy, and there is no interface to do it, changes have to be done manually.

Which Firewall to use?

Well, that is not easy to answer.

  • If your aim is to ban IPs that are triggering firewall rules and have log of the firewall activity, it is best to use Firewall Feature.
  • If you don’t use Apache or Litespeed, or your .HTACCESS is disabled, or some of the required modules are missing from your server, you must use Firewall Feature.
  • If you want to speed up the responses, and stop requests as soon as possible and you don’t care about logging and banning IPs, .HTACCESS Firewall is better to use.
  • You can use both Firewalls. If the .HTACCESS Firewall catches a request, it will be stopped, but if that fails, it is possible that Firewall Feature will capture more requests. There is no harm in having both active.
Rate this article
0
0
37

You are not allowed to rate this post.

Leave a Comment