wp-content » plugins » 4 Security Checkpoints for your WordPress Website

4 Security Checkpoints for your WordPress Website

Security is a result of security “practices” rather than plugin “functionality”. No security plugin is perfect, but we make do, and that, like everything else in life, is what defines the outcome.

Here’s a simple diagram of how an attacker tries to get inside your website.

image 18 - 4 Security Checkpoints for your WordPress Website

There are 4 levels that each request has to go trough to get to your website:

Networkconnection from the attacker to the server (internet)
Serverphysical machine – computer (HP, Dell, Huawei, etc.)
Web Serverservice running the website (Apache, LiteSpeed, Nging, IIS..)
WebsiteCMS (WordPress, Joomla, PrestaShop, etc.)

A hacker must use the network to gain access to the website and this is the first step in the right direction.
Network firewall will stop attacks from happening before they even reach your website.

There are two types of firewalls:

  • Hardware firewalls: Standalone products or a built-in component of a router or other networking device such as Cisco or Microtik routers. They are an essential part of any traditional security system and network configuration.
  • Software firewalls: These are installed on a software or network device manufacturer. A software firewall can protect a system from standard control and access attempts, but doesn’t help much with sophisticated network breaches.

Whether it’s hardware or software firewall, there is no such thing as an ideal firewall. This means that some malicious traffic will still find its way to your hosting and website. If your hosting or website is misconfigured, hackers will most likely be able to gain access.

There are dozens of open source firewall application available for Linux OS in the market. Here are just a few firewalls that might be very useful:

image 19 - 4 Security Checkpoints for your WordPress Website

IPtables or Netfilter is the most popular command line based Linux firewall. It filters the packets in the network stack within the kernel itself and some notable features of Iptables include:

  1. Single tool with consistent syntax
  2. Faster kernel-side transactional ruleset updates
  3. Sets are more flexible and powerful than ipset
  4. flowtables provide a software fast path and hardware acceleration
  5. Backup and restoration

IPtables Homepage

csf 1024x449 - 4 Security Checkpoints for your WordPress Website

Configserver security & firewall is a cross platform and a very versatile Firewall, that’s based on the concept of Stateful packet inspection (SPI) Firewall. It supports almost all Virtualization environments like Virtuozzo, OpenVZ, VMware, XEN, KVM and Virtualbox.

In the hosting industry it’s known as the most used firewall for Plesk and WHM (cPanel) servers.

Features include:

  1. Daemon process LFD ( Login failure daemon) that checks for login failures of sensitive services such as ssh, SMTP, Exim, Imap, Pure & ProFTP, and mod_security failures.
  2. Email alerts to notify you if something goes unusual
  3. Easily integrated with popular web hosting control panels like cPanel, Plesk, DirectAdmin and Webmin.
  4. Protects from Syn flood and ping of death attacks.

CSF Homepage

ufw - 4 Security Checkpoints for your WordPress Website

UFW is the default firewall tool for Ubuntu servers, and it is basically designed to simplify the complexity of the iptables firewall and make it more user friendly. A GUI of ufw known as GUFW is also available for Ubuntu and Debian users.


  1. Supports IPV6
  2. Status Monitoring
  3. Extensible Framework
  4. Easy to Add/Remove/Modify Rules

UFW Homepage

ipcop - 4 Security Checkpoints for your WordPress Website

IPCop is an Open Source Linux firewall distribution that provides a well designed web interface to manage the firewall. It’s very useful and good for Small businesses and Local PCs.

Features of IPCop Firewall:

  1. Color coded Web Interface allows you to Monitor the performance Graphics for CPU, Memory and Disk as well as Network throughput
  2. Auto rotate logs
See also  What is ⚠️ Path disclosure and How to prevent WordPress full path disclosure (FPD)

IPCop Homepage

pfSense 1024x534 - 4 Security Checkpoints for your WordPress Website

pfSense is another Open Source and a very reliable firewall for FreeBSD servers. Its based on the concept of Stateful Packet filtering and offers wide ranges of feature which is normally available on expensive commercial firewalls only.

Features of pfSense:

  1. Highly configurable from its web based interface.
  2. Can be deployed as a perimeter firewall, router, DHCP & DNS server.
  3. Configured as wireless access point and a VPN endpoint.
  4. Traffic shaping and Real Time information about the server.

pfSense Homepage

Web Application Firewalls (WAF) play a critical role in the protection of WordPress websites on any hosting server. They form the backbone for defensive against cloud-based exploits that compromise security or harm the availability of the website and data.

Here are some of the best Open Source WAF’s to secure your WordPress website:

And some paid WAFs:

modsecurity - 4 Security Checkpoints for your WordPress Website

ModSecurity is the best open-source web application firewall thats equipped with tons of features to help you protect your web apps.

ModSecurity offers you complete freedom to extend the capabilities of the tool so it can fit your needs.

webknight 1024x371 - 4 Security Checkpoints for your WordPress Website
WebKnight WAF

WebKnight is an application firewall for the Microsoft IIS with set of tools that scan all the requests and filter them according to rules set by the administrator. Unlike other WAFs that rely on past attack signatures, WebKnight uses buffer overflow, SQL injection, directory traversal, and character encoding for filtering.

vulture waf 1024x420 - 4 Security Checkpoints for your WordPress Website
Vulture project

Vulture is a lightweight and effective Linux WAF and a reverse proxy based on the Apache web server. Vulture distributes all the incoming traffic to various nodes of the cluster to enhance the performance. The process could become faster by adding more nodes to the cluster.

cloudflare waf - 4 Security Checkpoints for your WordPress Website

Cloudflare offers a range of web security services and one of these services is WAF, which is a paid function of the Cloudflare.

sucuri waf 1024x512 - 4 Security Checkpoints for your WordPress Website

Sucuri Web Application Firewall (WAF) and Intrusion Prevention System (IPS) provide the protection required against website threats.

stackpath app screens waf statis 1024x643 - 4 Security Checkpoints for your WordPress Website

With SP// WAF, you can instantly enable enterprise-class protection with little-to-no configuration required. Go further with powerful customization and integration options to create and tailor WAF policies and behavior to fit your workloads’ unique security needs.

WordPress firewall plugins monitor your website traffic and blocks many common security threats before they reach your WordPress site. WordPress Firewall plugins are basically WAF that can be installed directly inside the application.

wordfence 1024x768 - 4 Security Checkpoints for your WordPress Website

Wordfence is a popular WordPress security plugin that monitors your WordPress site for malware, file changes and SQL injections, but also protects your website against DDoS and brute force attacks.

jetpack 1024x672 - 4 Security Checkpoints for your WordPress Website

Similar to WordFence, Jetpack is an application level firewall which means that bad traffic is blocked after it reaches your WordPress hosting server.

bulletproof plugin 1024x842 - 4 Security Checkpoints for your WordPress Website
BulletProof Security

BulletProof Security WordPress plugin comes with a built-in application level firewall, login security, database backup, maintenance mode, and several security tweaks to protect your website.


You can install one or many security plugins and WAFs but you should be careful on what you need and what works. Installing multiple plugins without any afterthought would result in bloat and plugin conflict that can even slow down your website or make it dysfunctional.

For optimal security you should use different firewalls for each security levels: network, server and the application itself.

Use security vulnerability scanners to discover your points of security weakness. Test your WordPress Application (WPScan), Web Server (Nikto), System (OpenVAS) and Firewall (Nmap) for any issues.

What do i use?

Network FirewallCloudflare
WAF on the webserverModSecurity
WordPress PluginWordFence

What do you use?

Was this post helpful?

Leave a Comment

I enjoy constructive responses and professional comments to my posts, and invite anyone to comment or link to my site.