Wordpress Firewall

BRAVO WP ultimate security - Wordpress Plugin, Read full features to learn how to secure Wordpress site using Bravo.

Go Pro!

Wordpress Firewall Tutorial


Well, You need a firewall for your Wordpress, Do you know what is the firewall tasks? Do you know how it works?
Wordpress Firewall should protect your website (wordpress) from many bad guys which try to attack your Wordpress or find new exploits through your website.

Bravo Wordpress Firewall Profiles

Bravo runs its firewall under some rules, In order to be organized and easy to manage.
Bravo WordPress firewall runs based on profiles, You should define what is the firewall profile your website needs?!
Every profile has the same rules, but some rules with different values, You have three firewall profiles, High, Medium and Low.


Wordpress Firewall Rules

  • Max Connections Per IP:
    It means, What are the maximum connections for one visitor per five minutes.
  • Action on Max Connections:
    It means, What is the punishment for the visitor which reached the maximum connections.
  • Block IP:
    It means, If the punishment for any rule was 'block', Bravo should block the visitor IP address.
  • Block Country:
    It means, If the punishment for any rule was 'block', Bravo should block that country.
  • PHP Security Level:
    It always depends on the firewall profile level.
  • Detect 404 Pages:
    404 pages detection in order to calculate these attempts per IP address per (n) minutes to take an action.
  • 404 Pages Maximum Attempts:
    It means, How many attempts before taking action.
  • Action on 404 Maximum Attempts:
    Take action / punishment for this visitor which reached the maximum 404 visits attempts.
  • Disable XMLRPC:
    Disable the xmlrpc.php file in order to protect your WordPress from any random brute force attacks.
  • Disable Pingback:
    Some SEO plugins use this option to post automatic comments, This option also created for remote linking to other blogs.
  • Create indexes for non-indexed directories:
    When you click to save Firewall settings, Bravo creats index.php for the directories which have no indexes.
  • Disable BOTs Comments:
    It means, disable all non-human comments.
  • Disable Comments From Proxy:
    It means, disable all comments from non-real connections.
  • Block Fake Google Crawlers and Bots:
    It means, disable all fake google connections.
  • Query Filtering:
    This filter should protect your Wordpress front end from XSS and SQL injection attempts.
  • Maximum Attempts for Bad Queries:
    If bravo detects bad query attempts through query filters, How many attempts before taking action per IP address?.
  • Action on Maximum Attempts for Bad Queries:
    The action / punishment for the 'bad queries call' per IP address.
  • Block for reCAPTCHA error attempts:
    It means, Bravo detects reCAPTCHA wrong attempts (if enabled) and taking action.
  • Maximum reCAPTCHA error Attempts:
    The maximum reCAPTCHA wrong attempts before taking action.

Bravo Wordpress Firewall Log

All actions will be stored in the firewall log. This log is a database table.
You have full control, You can remove blocked IP address or country.
You can store some IP addresses or countries in the firewall whitelist.


Bravo Wordpress Firewall Settings

  1. In the settings section you can choose the firewall profile level and PHP security (if you choose to enable it).
  2. You can choose the 'block screen' which appears to the blocked visitor, and what is the blocking period?!
  3. You will write a custom message for the blocked visitor.
  4. Define the whitelisted 404 files, IP addresses and countries.

Block Screen

This screen does not call the 404 pages from the Wordpress theme, Because we decide to hide your WordPress.
When you enable the Bravo Wordpress Error Pages, The block screen will call one of theses error templates.
If you did not enable Bravo error pages, The screen will be blank with the custom headers to send it to the visitor's browser to understand what is the current error it is facing?!.