Deny All Firewall

Descrição

Deny All Firewall

This plugin examines your WordPress installation and injects rules into your .htaccess file which completely block access to everything except genuine site content.

Doing so reduces load on your server, prevents hackers from scanning your site for exploits and even reduces the carbon footprint of your site! We estimate that this plugin will reduce the amount of CO2 used by an average WordPress site by 100Kg per year which is equivalent to the carbon footprint of a flight from London to Ibiza!

Blocked requests can be logged and whitelisted to fine tune your firewall to your specific website.

Whitelisted requests can be 301 redirected to another web address.

The plugin monitors for content changes and will automatically refresh the firewall rules every hour if changes are detected.

There is now a “Lock Down” feature which blocks all requests with Query Strings or POST data. This is how SQL / PHP injection, XSS and other attacks are implemented but it is also how some themes and plugins talk to your server so may require some requests to be whitelisted for your site.

There is now a “Sitemap” feature which autmatically generates an XML sitemap and lets search engines find it through a robots.txt file.

Currently we only support Apache servers but will be looking to include Nginx in the future.

Please contact us through the support forum to let us know immediately if the plugin blocks anything that it shouldn’t do!

Instalação

Easily use this plugin to prevent access to everyting except your site’s content using the .htaccess file …

1) Install “Deny All Firewall” automatically or by uploading the ZIP file.
2) Activate the plugin through the “Plugins” menu in WordPress.
3) From the Dashboard, select “Deny All Firewall” from the “Settings” menu.

Contribuidores e programadores

“Deny All Firewall” é software de código aberto. As seguintes pessoas contribuíram para este plugin:

Contribuidores

Traduza o “Deny All Firewall” para o seu idioma.

Interessado no desenvolvimento?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Registo de alterações

1.3.3

  • Allowed wp-json through POST block
  • Bug fix

1.3.2

  • Added new “Sitemap” feature
  • Bug fixes

1.3.1

  • Added new “Lock Down” feature
  • Removed un-necessary options
  • Bug fixes

1.3.0

  • Added delete checkbox to Whitelist
  • Bug fix

1.2.9

  • Refined content change monitoring
  • Bug fixes

1.2.8

  • Added the ability to 301 redirect whitelisted requests
  • Made the 403 page more user friendly

1.2.7

  • Refined content change monitoring
  • Unblocked .png from /wp-includes/

1.2.6

  • Modified the blocked request logging to be more compatible with different servers

1.2.5

  • Unblock /wp-json/wp/v2/users for logged in users as it is used when editing posts in Gutenberg

1.2.4

  • Option to automatically refresh the firewall rules if content changes have been detected
  • Option to show content changed notices on all pages or just the settings page
  • Whitelisted .gif in /wp-content/

1.2.3

  • Notifications shown when site content has changed

1.2.2

  • Made whitelisted font filetypes consistent
  • Whitelisted Google verification files
  • Bug fixes

1.2.1

  • Whitelisted .bmp files from /wp-content/uploads/
  • Compatibility fixes for older PHP and WordPress installations

1.2.0

  • Updated log file analyses to include existing directory detection
  • Minor bug fix

1.1.9

  • Minor bug fixes

1.1.8

  • Updated 403 page
  • Updated log file analysis
  • Minor bug fixes

1.1.7

  • CSRF vulnerability fixed

1.1.6

  • Added more whitelisted filetypes to wp-content
  • Fixed a problem with WooCommerce /checkout/order-received/
  • Made whitelisted requests more secure

1.1.5

  • Added more whitelisted filetypes to wp-includes, wp-admin and wp-content

1.1.4

  • Added “Whitelist” / “Unblock” feature

1.1.3

  • Unblocked inactive theme screenshot.png
  • Show if blocked requests exist in log file

1.1.2

  • Unblocked paginated taxonomies
  • Started adding notes to logged blocked requests

1.1.1

  • Bug fixes

1.1.0

  • Blocks user sniffing

1.0.9

  • Created an option to turn on log

1.0.8

  • Bug fix

1.0.7

  • Settings page now shows top twenty blocked requests

1.0.6

  • Unblocked and secured WP-Cron
  • Started logging blocked requests

1.0.5

  • Created a custom 403 page

1.0.4

  • Display status of server’s external IP

1.0.3

  • Locates server’s external IP address and whitelists it for /wp-admin/

1.0.2

  • /wp-admin/ unblocked for logged in client IP now works with Cloudflare

1.0.1

  • Bug fixes

1.0.0

  • First version of the plugin