As the name implies, WordPress Firewall is a firewall for your WordPress installation. This is a list of every feature and option:
- Detect, intecept, and log suspicious-looking parameters — and prevent them compromising WordPress.
- Also protect most WordPress plugins from the same attacks.
- Optionally configure as the first plugin to load for maximum security.
- Respond with an innocuous-looking 404, or a home page redirect.
- Optionally send an email to you with a useful dump of information upon blocking a potential attack.
- Turn on or off directory traversal attack detection.
- Turn on or off SQL injection attack detection.
- Turn on or off WordPress-specific SQL injection attack detection.
- Turn on or off blocking executable file uploads.
- Turn on or off remote arbitrary code injection detection.
- Add whitelisted IPs.
- Add additional whitelisted pages and/or fields within such pages to allow above to get through when desirable.
But there’s not fancy configuration needed to get started. Just install it and *BAM* your blog is now protected against a whole bunch of attacks. And just like with the Antivirus for WordPress plugin I recommend that you create an email forwarder to receive emails if your blog is attacked, and then use Gmail filters to make sure these emails are obvious to you, so you can respond quickly.
