logo

WordPress Development Agency

020 3355 8747

Message Us
  • Home
  • About Impact®
    Learn More About Impact Media®
    • Meet The Team
       
    • Our Process
       
    • Why WordPress
       
    • Careers
       
    • Giving Back
       
    • 10K Tree Challenge
       
    James Coates
    Schedule a discovery call with UX Specialist James
    Book A Call
  • Our Services
    Learn More About Our Services
    • WordPress Web Design
       
    • UX Design
       
    • WordPress Web Development
       
    • WordPress Support & Maintenance
       
    • WordPress Multisite
       
    • WooCommerce Development
       
    • Replatforming To WordPress
       
    • Integrations & Plugins
       
    • Conversion Rate Optimisation
       
    • WordPress Training
       
    • UX Website Review
       
    • WordPress Health Check
       
    James Coates
    Schedule a discovery call with UX Specialist James
    Book A Call
  • Case Studies
  • Insights
  • Contact Us
WordPress Development Agency
020 3355 8747
logo logo
Book A Call
Back
Menu
  • Home
     
  •  
    About Impact Media
    Learn More About The Impacters
    • Meet The Team
       
    • Our Process
       
    • Why WordPress
       
    • Careers
       
    • Giving Back
       
    • 10K Tree Challenge
       
  •  
    Our Services
    Discover How We Can Help
    • WordPress Web Design
       
    • UX Design
       
    • WordPress Web Development
       
    • WordPress Support & Maintenance
       
    • WordPress Multisite
       
    • WooCommerce Development
       
    • Replatforming To WordPress
       
    • Integrations & Plugins
       
    • Conversion Rate Optimisation
       
    • WordPress Training
       
    • UX Website Review
       
    • WordPress Health Check
       
  • Case Studies
     
  • Insights
     
  • Contact Us
     
020 3355 8747
Mon - Fri • 9am - 5pm
Message Us
Close
Download Our Agency Price Guide
Download and discover our hourly, day and retainer rates including our bulk hour discounts.

Close
What To Expect From Booking Your Discovery Call with James
photo
1
Book your time using the scheduler below.
Let’s find a good time for us both to speak so we can dedicate the time to understand your frustrations and challenges.
2
Receive a Short Email Questionnaire
If I have any questions before our call I will email you, this could be for me to carry out some initial research so I’m all up to speed.
3
Video Conference Call
To discuss your challenges, being able to see my screen I can demonstrate ideas and tactics to help reach your objectives.
photo
What To Expect From Booking Your Discovery Call with James
1
2
3
Book your time using the scheduler below.
Let’s find a good time for us both to speak so we can dedicate the time to understand your frustrations and challenges.
Receive a Short Email Questionnaire
If I have any questions before our call I will email you, this could be for me to carry out some initial research so I’m all up to speed.
Video Conference Call
To discuss your challenges, being able to see my screen I can demonstrate ideas and tactics to help reach your objectives.
Home / Insights / WTF Is A WAF? Website Application Firewalls For WordPress
Home / Insights / WTF Is A WAF? Website Application Firewalls For WordPress
Back

WTF Is A WAF? Website Application Firewalls For WordPress

Published 03.11.21
3rd November 2021
Last Updated 27.05.22
27th May 2022
Newer
6 Min Read
Martin Coates
Martin Coates
Security & Privacy
Older
6 Min Read
 
Martin Coates
Martin Coates
 
Security & Privacy

If your website is a critical part of your business, keeping it secure should be one of your highest priorities. A hack which takes your site out of action could seriously damage revenue, and a data breach could come with serious repercussions.

website firewall

There are a broad range of things that can be done to harden a website against security threats. As many as possible should be layered to maximise protection.

A good hosting partner should have a robust hosting infrastructure that will dramatically reduce risk. This should be bolstered with other features and solutions to further improve security. One such solution, is a good quality WAF (Website Application Firewall).

Firewalls are designed to protect your website from the likes of DDoS attacks, malware, intrusions, and brute force attacks.

So let’s take a look at:

  • What a WAF is
  • What it should do
  • The types that exist
  • Some specific WAFs available for WordPress websites

What Is A WAF And What Do They Do?

A quality WAF acts as a gatekeeper for your website. It inspects and filters all traffic before it ever reaches your website. Some though, as we will look at shortly, do this at the application level, which is less ideal. 

A WAF sends potentially malicious traffic away, whilst letting good traffic (your users) in. They do this in a similar way to the antivirus software you are using on your computer. They use a continuously updated list of signatures known to be malicious. Then when a request matches one of those signatures, they block it from reaching your site.

Certain WAFs can also help to improve the performance of your site. They reduce server load by filtering out malicious requests, before they reach your website server. This means fewer requests, and greater availability.

firewall
Diagram Explaining Where A Firewall Sits

The Main Types Of WAF

Not all firewalls are created equally, and some are less efficient. So let’s take a look at the two main types you’ll find available for WordPress websites. We’ll also look at the main differences between them.

Plugin/Application Level Firewalls

As the name makes obvious, these are firewalls installed on your site via a WordPress plugin. This means they operate at the application level. They are usually cheap or free, so are popular with personal websites and small businesses.

These plugin firewalls check requests that are sent to your site once they arrive. WordPress initialises, as does the firewall, which then screens the requests (filtering out the malicious ones) before WordPress processes them.

As these run on your site, there is the risk that should there be a vulnerability before the firewall initialises, attackers could gain access to your website.

Cloud Based/DNS Level Firewalls

A DNS Level Website Firewall, isn’t installed on the same network as your website server. Instead, these firewalls route and screen traffic via cloud proxy servers. So it has been filtered before it gets anywhere near your website.

This means that you have a whole extra layer of security. Harmful traffic will be identified and removed, before it can reach your site, and long before any scripts run.

As they operate outside of your website, it also means that they don’t put any additional strain on your website.

These firewalls often come as part of a security platform, with numerous features to protect your site, and improve performance. 

WAFs Available For WordPress

Here’s a selection of WAFs (often included as part of broader security or performance solutions) that are available for WordPress websites.

We’ve included three DNS level and three application level options for you to start looking at, but there are many more out there for you to investigate, including: Shield, Astra & AWS among others. 

Cloud/DNS Level

Sucuri

This is our favourite, tried and tested WAF. We use it for our own clients, and we include Sucuri’s full cloud based security platform as part of most of our Support plans. 

Sucuri is the leading website security choice for WordPress, with a DNS level firewall, brute force prevention, malware and blacklist removal services, virtual patching and hardening, and a great deal more. It also plays well with other CDNs, for your website performance improvements.

Cloudflare

Cloudflare, mostly known for their CDN, also offer a DNS level firewall as part of their paid plans. Some more advanced protection levels for DDoS attacks only become available with their more expensive plans.

Whilst their CDN and caching features are quality, their plans do lack some of the more standard security features you get with other security solutions which incorporate a WAF – such as monitoring for file changes, scans, malware protection, etc.

Stackpath (formally Max CDN)

StackPath’s WAF is a DNS level firewall, and they offer a good range of plans which are more accessible for smaller businesses price-wise, when compared to Cloudflare.  

Stackpath has a good selection of features, and requires little configuration.

Plugin/Application Level

WordFence 

Wordfence is a popular choice of application level WordPress security plugin, including WAF. 

It’s features include on-demand and scheduled security scans, and you can monitor traffic and block suspicious IPs manually, from the WordPress admin area.

Jetpack

Another popular WordPress plugin, Jetpack has an application level firewall, along with other features depending on whether you have the free version or one of the paid versions. These include things like downtime monitoring, brute force protection, backup management, and at a higher tier, malware scanning and so on.

Ninja Firewall WP & WP+

Another Application Level option, Ninja makes use of Sensei, a great filter engine.

They have a free version, and then their paid version WP+, which comes with way more features. Both support multisite, and include brute force protection, event notifications, and regular file scans, whilst the paid version includes extras like dedicated support, geolocation, rate-limiting, and ​​antispam for comments and registration forms.

In Summary

So now you know what a WAF is, and the main types out there for WordPress websites. You also have a list of some of the available options to start you on your path. 

Do your research, and remember that even DNS level firewalls aren’t completely infallible, and so a broader security solution, and layers of protection are important to consider for your website.

If you’re considering a WordPress Support & Maintenance Agency, make sure you take a look at our range of plans by downloading our Support brochure. 

See how migrating to our hosting environment brought Automation Logic significant performance gains, along with a far more robust security set up.

We take great pride in keeping our clients’ websites secure. Our hosting infrastructure, WordPress expertise and technical knowledge, partnered with Sucuri’s leading website security platform (inclusive with most of our support plans) gives you peace of mind. 

Share Socially
Martin Coates
Martin Coates
Technical Director, Golf Enthusiast & Ex-Superstar DJ
Martin is Mr Technical. His background is in PHP & WordPress development, however, the thing that keeps him up at night now is how to make websites load faster. Insights on performance optimisation and security are what you'll mostly find Martin sharing.
View Team Profile
See More Articles
Martin Coates
Martin Coates
Technical Director, Golf Enthusiast & Ex-Superstar DJ
Martin is Mr Technical. His background is in PHP & WordPress development, however, the thing that keeps him up at night now is how to make websites load faster. Insights on performance optimisation and security are what you'll mostly find Martin sharing.
See More Articles
View Team Profile

Looking For Support For Your WordPress Website?

Let Us Take The Stress Of Website Maintenance & Support Off Your Plate

Looking For Support For
Your WordPress Website?
Let Us Take The Stress Of Website Maintenance & Support Off Your Plate
Let's Chat
studio@impactmedia.co.uk
020 3355 8747
linkedin logo
twitter logo
facebook logo
instagram logo
wordpress logo white

About Impact

  • Company Profile
  • Meet The Impact® Family
  • Why We’re A WordPress Agency
  • Our Process
  • Careers
  • Awards
  • Partners
  • Giving Back
  • 10K Tree Challenge

WordPress Agency Services

  • WordPress Design
  • UX Design
  • WordPress Development
  • WooCommerce Development
  • Migrating To WordPress
  • Custom WordPress Integrations & Plugins
  • WordPress Multisite
  • Conversion Rate Optimisation
  • WordPress Training

WordPress Support

  • WordPress Support & Maintenance
  • WordPress Support Brochure
  • Case Studies
  • Insights
  • Contact Us

WordPress Agency London

86-90 Paul Street,

London, EC2A 4NE

+44 (0) 20 3355 8747

& Essex

Woodland Place, Hurricane Way,

Wickford, Essex, SS11 8YB

+44 (0) 1268 858292
  • Sitemap
  • Privacy Policy
  • Cookie Policy
Impact Media logo
© Impact Media® 2003 - 2022
Impact Media is a trading name of IMDMS LTD. Company Reg. 05970261
Impact® & Impact Media®
are registered trademarks of IMDMS LTD