=== Web Application Firewall - website security === Contributors: firewallmo, cyberlord92, miniorangesecurity Tags: firewall, security, IP blocking, IP whitelisting, firewall security, country blocking, ht access, Crawler, Rate limiting, Bad Bot, real-time IP blocking, malware scanner, complete security, Restrict access, SQL injection, RFI, LFI, local file inclusion, login captcha, remote file inclusion, XSS, cross-site scripting, CSRF, cross-site request forgery, RCE, Remote code execution Donate link: https://miniorange.com Requires at least: 4.6 Tested up to: 6.0 Requires PHP: 5.3.0 Stable tag: 1.1.1 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Feature-rich firewall, user-friendly WordPress firewall and security plugin for your site. Detect and prevent DoS attacks made by the bot and crawler. Restrict access based on the country and IP ranges. This firewall plugin allows you to easily add secure firewall protection to your site via ht access file. A (ht access) file is processed by your web server before any other code on your site. So these firewall rules will stop malicious script(s) before it gets a chance to reach the WordPress code on your site. == Privacy Policy == This firewall security plugin may collect IP addresses for security reasons such as mitigating brute force login threats and malicious activity, the collected information is stored on your server. No information is transmitted to third parties or remote server locations via firewall security. == Description == A firewall security is a network security application that monitors and filters incoming and outgoing network traffic in accordance with an organization's previously established security policies. A firewall security, in its most basic form, is a barrier that sits between a private internal network and the public Internet. = FEATURE-RICH, EASY TO USE, STABLE, SECURE AND WELL SUPPORTED WORDPRESS FIREWALL SECURITY PLUGIN = You can add some extra security and firewall to your site by using a firewall/ security plugin that enforces a lot of good security practices such as miniOrange WordPress firewall. The Firewall Security plugin will take your website security to a whole new level. Firewall reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques. Our security and firewall rules are categorized into "essential(basic)" and "advanced". This way you can apply the firewall rules progressively without breaking your site's functionality. Easy way to block country and to block IP. Using firewall security plugin admin can protect the website from unwanted traffic, and bad bots. The firewall protects your website from different kinds of attacks. And provides a security layer on your website. *GDPR Compliant* What does a Web Application Firewall (WAF) exactly do? The OWASP provides a broad technical definition for a WAF/firewall as “a security solution on the web application level which - from a technical point of view - does not depend on the application itself.” A WAF/firewall keeps a track of the HTTP traffic that comes to your website/web application. Basically, it monitors all the requests that are coming to your web application/website. If the WAF feels that the incoming requests are suspicious ie. if the incoming request can harm your website (eg. the request may contain some code that can make some changes to your database or an unauthorized person/hacker would be able to gain access to your web application) WAF blocks those requests and prevents your website from unwanted attacks. Basically WAF filters and blocks suspicious or unwanted HTTP traffic to and from a web application. The following is a list of the security and firewall features provided by miniorange firewall security plugin: = User Login Security = * The Login Lockdown feature protects against "Brute Force Login Attacks." Users with a specific IP address or range will be locked out of the system for a predetermined period of time-based on the configuration settings, and you can also opt to be notified via email whenever someone is locked out due to too many login attempts. * As the administrator, you can view a list of all locked out users in an easily readable and navigable table, as well as unblock individual or bulk IP addresses with the click of a button. * Monitor/view failed login attempts, which include the user's IP address, User ID/Username, and the date and time of the failed login attempt. * Keep track of the username, IP address, login date/time, and logout date/time for all user accounts on your system to monitor/view their account activity. * Allows you to add one or more IP addresses to a whitelist. The whitelisted IP addresses will be able to access your WordPress login page. * Add Google ReCaptcha to your WP Login system's and forgot password form. = Database Security = * Schedule automatic backups and email notifications or make an instant DB backup whenever you want with one click. = File System Security = * Identify files or folders with insecure permission settings and, with the click of a button, change the permissions to the recommended secure values. * Protect your PHP code by disabling file editing from the WordPress administration area. * Prevent people from accessing the readme.html, license.txt, and wp-config.php files of your WordPress site. = ht access and wp-config.php File Backup and Restore = * Easily backup your original .ht access and wp-config.php files in case you need to use them to restore broken functionality. * Modify the contents of the currently active .htaccess or wp-config.php files from the admin dashboard with only a few clicks = Blacklist Functionality = * Users can be blocked by specifying their IP addresses or by using a wildcard to specify IP ranges. * Users can be blocked by specifying their user agents. = Firewall Functionality = * This plugin makes it simple to add a lot of firewall protection to your site via the ht access file. Your web server processes a ht access file before any other code on your site. As a result, these firewall rules will prevent malicious script(s) from reaching your site's WordPress code. * Access control facility. * Instantly activate a selection of firewall settings ranging from basic, intermediate, and advanced. * Deny bad or malicious query strings. * Protect against Cross-Site Scripting (XSS). * Ability to block fake Google bots from crawling your site. * Ability to log all 404 events on your site. You can also choose to automatically block IP addresses that are hitting too many 404. * Ability to add custom rules to block access to various resources of your site. = Brute force login attack prevention = * Using our unique Cookie-Based Brute Force Login Prevention feature, you can instantly prevent Brute Force Login Attacks. This firewall feature will prevent all login attempts from humans and bots. * It is possible to hide the admin login page. Change the URL of your WordPress login page so that bots and hackers cannot access your actual WordPress login URL. You can use this feature to change the default login page (wp-login.php) to something you specify. = Security Scanner = * If any files in your WordPress system have changed, the file change detection scanner will notify you. You can then investigate to see if the change was legitimate or if malicious code was injected. = Comment SPAM Security = * Monitor the most active IP addresses which persistently produce the most SPAM comments and instantly block them with the click of a button. * Add a captcha to your WordPress comment form to add security against comment spam. = Regular updates and additions of new security features = * WordPress security is a living thing that changes over time. Our Firewall Security will regularly update with new security features, so you can be confident that your site will be up to mark of security protection techniques. = Works with Most Popular WordPress Plugins = * It should be compatible with the majority of popular WordPress plugins.