=== Secure Owl Firewall === Contributors: sajbersove Tags: firewall, security, waf, protection Requires at least: 5.0 Tested up to: 6.9 Stable tag: 1.1.0 Requires PHP: 7.4 License: GPLv2 or later Secure Owl Firewall is a smart rule-based protection that blocks threats and secures your site from attacks. == Description == Secure Owl Firewall is a fast, lightweight firewall plugin with an advanced rule engine featuring PCRE pattern matching, a transformation pipeline, and JSON-based rule configuration. Key features: * JSON-based rules — 100+ default rules covering SQLi, XSS, RCE, LFI, SSRF, Log4Shell, and more * Transformation pipeline — URL decode, lowercase, normalize path, remove whitespace, HTML entity decode, trim * Inspection targets — REQUEST_URI, QUERY_STRING, USER_AGENT, REFERER, COOKIE, and POST * MU-Plugin loader — runs before regular plugins for earliest protection * Rate limiting — optional transient-based IP and subnet banning * Login protection — PIN field, speed limit and honeypot to block brute-force attacks * IP whitelist — CIDR/subnet support for both IPv4 and IPv6 * IP blacklist — CIDR/subnet support for both IPv4 and IPv6 * Per-rule toggle — disable individual rules from the admin panel without editing files * File-based logging — 64MB cap with auto-rotation and protected storage * Log retention — configurable policy for GDPR compliance * IP anonymization — masks user IP addresses for enhanced privacy and GDPR compliance == Installation == 1. Upload the `secure-owl-firewall` folder to `/wp-content/plugins/` 2. Activate through the Plugins menu 3. The MU-Plugin loader is installed automatically for early execution 4. Configure settings under Settings > Secure Owl Firewall == Filter Hooks == * `sswaf_ip_whitelist` — array of IPs to bypass the firewall * `sswaf_ip_blacklist` — array of IPs to block before any rules run * `sswaf_trusted_proxies` — array of trusted proxy IPs for X-Forwarded-For * `sswaf_post_scanning` — enable POST data inspection (default: true) * `sswaf_rules_file` — path to the rules JSON file * `sswaf_log_file` — path to the log file * `sswaf_log_max_size` — maximum log size in bytes * `sswaf_header_status` — HTTP status header for blocked requests * `sswaf_before_block` — action hook fired before blocking a request * `sswaf_rate_limit_ip_threshold` — override IP hit threshold * `sswaf_rate_limit_ip_duration` — override IP ban duration * `sswaf_rate_limit_ip_window` — override IP counting window == Changelog == = 1.0.0 = * Initial release. = 1.0.1 = * Updated security rules. * Updated log file cap to 24MB. = 1.0.2 = * Added IP whitelist with CIDR/subnet support (IPv4 + IPv6). * File-based storage for zero database overhead. * Settings UI with validation. = 1.0.3 = * Removed metadata from a JSON rules file. * Small CSS admin tweak. = 1.0.4 = * Added configurable log retention policy to automatically purge old data for GDPR compliance. * Added option to anonymize user IP addresses, enhancing privacy and GDPR compliance. * Rework plugin update mechanism. * Improved coding standards to align better with WordPress guidelines. = 1.0.5 = * Updated log file cap to 64MB. * Fixed a small bug in admin panel log viewer. = 1.0.6 = * Added rate-limited PIN authentication to the login page to mitigate brute-force attacks. * Added a honeypot trap to the login form to catch unsophisticated bots. = 1.0.7 = * Removed a few overly aggressive rules. = 1.0.8 = * Added IP blacklist with CIDR/subnet support (IPv4 + IPv6). = 1.0.9 = * Fixed a small bug in log viewer. = 1.1.0 = * Updated security rules. * Added a speed limit protection layer to the login page.