If a cyber attack targeting your web applications never reaches your website… Did the attack even happen? The answer is YES, and it was most likely a WAF that stopped it. In this article learn more about this intuitive firewall and why your site could benefit from having one.
Today could be the day you meet your brand new head of web security.
And best believe this cyber security guard isn’t your typical “fall asleep on the job” type.
Because he doesn’t just check people’s I.D’s at the door… he checks their address, their height, their eye color, their card expiry date, what they have in their pockets, who they last texted…
You get the point. This fierce protector is ensuring only trustworthy door knockers make it inside your WP doors.
But enough with the small talk, you’ve read the title of this article, and you know the head of security I’m talking about is a Web Application Firewall (WAF).
And today we’ll be covering all things WAF and web application security.
More specifically, we’ll be talking about:
- Why WAFs are important for WordPress site security.
- How they can help you protect your web applications from malicious attacks.
- How they assist you in adhering to various security standards/requirements (e.g. the PSI).
We’ll also give you a quick run through of WPMU DEV’s new WAF, which has just recently gone live and is completely free to use as part of our managed hosting service.
We’ve been hard at work testing and fine tuning this puppy – ensuring it’s giving you the best web application protection possible.
Unlike most in-built security plugin WAFs, ours also forms a protective wall OUTSIDE of your WP borders.
We’ll get into why this is super important later… but first let’s start with the basics:
What is a WAF?
A Web Application Firewall (WAF) is a specific type of firewall that protects your web applications from malicious application-based attacks.
In layman’s terms, WAFs act as the middle person, or security guard for your WordPress site.
Standing guard between the internet and your web applications, all the while monitoring and filtering the HTTP traffic that wants to join your bumping party.
Of course, like any raging WP party there are always gate-crashers to worry about.
The good news is, WAFs use a set of rules (or policies) to help identify who’s actually on your guest list, and who’s just looking to cause trouble.
Not To Be Confused With a Network Firewall…
WAFs should also not be confused with your standard Network Firewall (Packet filtering), which assesses incoming data based on a set of criteria including: IP addresses, packet type, port numbers, and more.
This article was written by Rick Crawshaw and originally published on WPMU DEV Blog.