Web Application Firewall – website security


A firewall security is a network security application that monitors and filters incoming and outgoing network traffic in accordance with an organization’s previously established security policies. A firewall security, in its most basic form, is a barrier that sits between a private internal network and the public Internet.


You can add some extra security and firewall to your site by using a firewall/ security plugin that enforces a lot of good security practices such as miniOrange WordPress firewall.

The Firewall Security plugin will take your website security to a whole new level.

Firewall reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.
Our security and firewall rules are categorized into “essential(basic)” and “advanced”. This way you can apply the firewall rules progressively without breaking your site’s functionality.
Easy way to block country and to block IP. Using firewall security plugin admin can protect the website from unwanted traffic, and bad bots. The firewall protects your website from different kinds of attacks. And provides a security layer on your website.
GDPR Compliant

What does a Web Application Firewall (WAF) exactly do?

The OWASP provides a broad technical definition for a WAF/firewall as “a security solution on the web application level which – from a technical point of view – does not depend on the application itself.”

A WAF/firewall keeps a track of the HTTP traffic that comes to your website/web application. Basically, it monitors all the requests that are coming to your web application/website. If the WAF feels that the incoming requests are suspicious ie. if the incoming request can harm your website (eg. the request may contain some code that can make some changes to your database or an unauthorized person/hacker would be able to gain access to your web application) WAF blocks those requests and prevents your website from unwanted attacks. Basically WAF filters and blocks suspicious or unwanted HTTP traffic to and from a web application.

The following is a list of the security and firewall features provided by miniorange firewall security plugin:

User Login Security

  • The Login Lockdown feature protects against “Brute Force Login Attacks.” Users with a specific IP address or range will be locked out of the system for a predetermined period of time-based on the configuration settings, and you can also opt to be notified via email whenever someone is locked out due to too many login attempts.
  • As the administrator, you can view a list of all locked out users in an easily readable and navigable table, as well as unblock individual or bulk IP addresses with the click of a button.
  • Monitor/view failed login attempts, which include the user’s IP address, User ID/Username, and the date and time of the failed login attempt.
  • Keep track of the username, IP address, login date/time, and logout date/time for all user accounts on your system to monitor/view their account activity.
  • Allows you to add one or more IP addresses to a whitelist. The whitelisted IP addresses will be able to access your WordPress login page.
  • Add Google ReCaptcha to your WP Login system’s and forgot password form.

Database Security

  • Schedule automatic backups and email notifications or make an instant DB backup whenever you want with one click.

File System Security

  • Identify files or folders with insecure permission settings and, with the click of a button, change the permissions to the recommended secure values.
  • Protect your PHP code by disabling file editing from the WordPress administration area.
  • Prevent people from accessing the readme.html, license.txt, and wp-config.php files of your WordPress site.

ht access and wp-config.php File Backup and Restore

  • Easily backup your original .ht access and wp-config.php files in case you need to use them to restore broken functionality.
  • Modify the contents of the currently active .htaccess or wp-config.php files from the admin dashboard with only a few clicks

Blacklist Functionality

  • Users can be blocked by specifying their IP addresses or by using a wildcard to specify IP ranges.
  • Users can be blocked by specifying their user agents.

Firewall Functionality

  • This plugin makes it simple to add a lot of firewall protection to your site via the ht access file. Your web server processes a ht access file before any other code on your site.
    As a result, these firewall rules will prevent malicious script(s) from reaching your site’s WordPress code.
  • Access control facility.
  • Instantly activate a selection of firewall settings ranging from basic, intermediate, and advanced.
  • Deny bad or malicious query strings.
  • Protect against Cross-Site Scripting (XSS).
  • Ability to block fake Google bots from crawling your site.
  • Ability to log all 404 events on your site. You can also choose to automatically block IP addresses that are hitting too many 404.
  • Ability to add custom rules to block access to various resources of your site.

Brute force login attack prevention

  • Using our unique Cookie-Based Brute Force Login Prevention feature, you can instantly prevent Brute Force Login Attacks. This firewall feature will prevent all login attempts from humans and bots.
  • It is possible to hide the admin login page. Change the URL of your WordPress login page so that bots and hackers cannot access your actual WordPress login URL. You can use this feature to change the default login page (wp-login.php) to something you specify.

Security Scanner

  • If any files in your WordPress system have changed, the file change detection scanner will notify you. You can then investigate to see if the change was legitimate or if malicious code was injected.

Comment SPAM Security

  • Monitor the most active IP addresses which persistently produce the most SPAM comments and instantly block them with the click of a button.
  • Add a captcha to your WordPress comment form to add security against comment spam.

Regular updates and additions of new security features

  • WordPress security is a living thing that changes over time. Our Firewall Security will regularly update with new security features, so you can be confident that your site will be up to mark of security protection techniques.

Works with Most Popular WordPress Plugins

  • It should be compatible with the majority of popular WordPress plugins.

FREE Plugin Feature

  • HTAccess Level WAF: IPs blocked by admin will be blocked on the server only. These IPs won’t able to access the site.
  • Plugin Level Waf: IPs blocked by admin will be blocked on WordPress site load. It is less secure than HTAccess level WAF.
  • Rate Limiting: It helps to prevent DoS attacks on your site. You can set hit/min for each IP.
  • XSS, SQL Attack Detection and Blocking: Cyber attacks and suspicious activities will be get detected and access to the site for that IP will be blocked.
  • Advance Blocking: You can block country, IP range, Single IP, browser, and HTTP referrers from gaining access to your site.

ht access and wp-config.php File Backup and Restore

  • Easily backup your original .htaccess and wp-config.php files in case you will need to use them to restore broken functionality.
  • Modify the contents of the currently active .htaccess or wp-config.php files from the admin dashboard with only a few clicks
  • Email Notification: Admin can get a notification on email for any suspicious activity detected on site.
  • Report: Admin can see the login failed/success, attacks report in the report.
  • Recaptch Protection Google services are used to provide ReCaptcha protection.
  • Country Blocking Block a particular country in case of a threat

Premium Plugin Feature

  • Real-Time IP Blocking: This firewall feature protects your site from those IPs which are marked as spam by miniOrange WAF users.
  • Rate Limiting for Crawler: Web crawler crawls your Website to increase your ranking in the search engine. But sometimes they can make so many requests to the server that the service can get damaged. By enabling this feature you can provide a limit at which a crawler can visit your site.
  • Fake Web Crawler Protection: Web Crawlers are used for scanning the Website and indexing it. Google, Bing, etc. are the top crawlers that increase your site’s indexing in the search engine. There are several fake crawlers that can damage your site. By enabling this feature all fake google and bing crawlers will be blocked.
  • Whitelist Crawler: You can whitelist the top crawler which increases the indexing of your website in the search engine. By enabling this feature the whitelisted crawler will not get throttled/blocked by rate-limiting.
  • BotNet Protection: BotNet is a network of robots or an army of robots. The BotNet is used for Distributed denial of service attacks. The attacker sends too many requests from multiple IPs to a service so that the legitimate traffic can not get the service. By enabling this your Website will be protected from such kinds of attacks.
  • Remote File Inclusion Protection: It protects from adding files from a remote server to your server.
  • Remote Code Execution Protection: It Protects from executing malicious commands in your server.
  • Bot Detection detect bots with malicious intent and stop them from accessing and affecting your site.
  • Live Monitoring and Auditing Tracking activity all the requests realtime can help you check activities on your sites on important events

Plugin Support

  • If you have a question or problem with the Web Application Firewall Security plugin, post it on the support forum and we will help you.
    Customized solutions and Active support are available. Email us at info@xecurify.com or call us at +1 9786589387.

Check the following page for F.A.Q (see the faq section):

Privacy Policy

This firewall security plugin may collect IP addresses for security reasons such as mitigating brute force login threats and malicious activity, the collected information is stored on your server. No information is transmitted to third parties or remote server locations via firewall security.


  • Web Application Firewall Dashboard

  • IP Blocking

  • Tracking

  • Email alert


From your WordPress dashboard

  1. Navigate to Plugins > Add New from your WP Admin dashboard.

  2. Search for Web Application Firewall.

  3. Install Web Application Firewall and Activate the plugin.

From WordPress.org

  1. Search for Web Application Firewall and download it.

  2. Unzip and upload the Web Application Firewall directory to your /wp-content/plugins/ directory.

  3. Activate Web Application Firewall from the Plugins tab of your admin dashboard.

Perguntas frequentes

Once Activated

  1. Select miniOrange Web Application Firewall from the left menu and follow the instructions.

  2. You can configure Web Application Firewall settings.


28 Abril, 2021
While I just installed the WAF plug-in, I like the feature set and configuration flexibility. Only time will tell regarding effectiveness, but I have closed some gaps in my security. In the process of installing the plug-in there was an error when I was setting up the recaptcha option for logins and registrations, so I emailed the developer. Within 30 minutes or so, I got a reply and we set up a zoom meeting and remote access and in 15 minutes we had the problem resolved. Pradeep was very knowledgeable and helpful. Highly recommended!
28 Janeiro, 2021
I was experiencing problems with some "crawlers", my page contains more than 5000 entries, with a lot of content (text, images, videos) ... the bots are indexing it again and they were saturating me to the point of having knocked the web down several times ... now I can control the request rate and free the server from so much load ... after having tried various applications, the only one that gave me good results was "Web Application Firewall" ... now I can control access attempts, block malicious users and control the way bots, spyders and crawlers access my page without saturating the server resources
Ler todas as 3 avaliações

Contribuidores e programadores

“Web Application Firewall – website security” é software de código aberto. As seguintes pessoas contribuíram para este plugin:


Registo de alterações


WordPress 5.9.3 version compatibility , readme update and some bug fixes


WordPress 5.9 version compatibility update, typo corrections


WordPress 5.8 version compatibility update, typo corrections


WordPress 5.7 version compatibility update, typo corrections


WordPress 5.6 version compatibility update


WordPress 5.5 version compatibility update


The first version of WordPress Web Application Firewall Plugin with basic WordPress network security.