Introduction to the Shield's Firewall module

Protection starts with traffic analysis. Shield immediately blocks malicious traffic that’s intended to infiltrate your site, execute malicious code, or by-pass authentication.

The Shield's Firewall module is designed to analyse data sent to your WordPress website and block any requests that appear to be malicious. 

It's accessible from within the main navigation menu > Config > Firewall:

This module is composed of 3 parts:

• Firewall Blocking
• Firewall Block Response
• Whitelist

How does the Shield's Firewall module work?

The Firewall in this plugin is an application level firewall.  It examines the nature of the data sent to WordPress to determine whether it contains any funky data we don't like.

For our purposes, data comes to the site in 1 of 2 ways:

1. HTTP GET
2. HTTP POST

The data can be passed to the site using any or all of these methods and the Firewall examines this data for anything that breaks its rules set.

If you'd like to understand what these methods for data are, read on.  But all you really need to know about the firewall blocking rules is that they are trying to look for data that may be used for malicious purposes to exploit the site, or through existing vulnerabilities.

What is GET and POST, and how do they relate to the firewall?

First we'll look at GET.

When you type in a website address or click on a link on a web page, what you are actually saying is "GET" that page.  It's a method of requesting that page and it signifies a certain method of communicating with that site.

You may have noticed some web address have "bits" on the end of them, so you might have:

www.my-web-site.com/my-page/?bit=hello&boot=goodbye

You can break up this address in parts - before and after the question mark '?'

• The Page address: www.my-web-site.com/my-page/
• The Variables: bit=hello&boot=goodbye

Then you can break up the variables by every ampersand '&' so you would have:

• bit=hello
• boot=goodbye

This is saying that you are requesting a page and you'd like to pass to it, the variables of the given names and given values.

But, bad people can send "bad" values.  If they're really clever, they can engineer the values of these variables to interact with code in your website to do certain naughty things.

So, the WordPress Shield Security, based on the restrictions you place, will look for potential bad values within those GET variables.  And if it finds them, it will block the request.

What is POST and how is it different?

POST is just like GET, but you can't see the variables and the values as easily as you would with GET - they're not visible in the address.

Typical places you would see POST used is in comment forms and contact forms.  Most all forms in general use POST - they literally "post" variables and their values to a page and then wait for a response for where to go, or what to do next.

In the same way, the WordPress Shield Security plugin will examine variables and their values that are 'post'ed to a site.

Does the WordPress Shield Security examine Cookies?

No.

To find out more what the Shield's Firewall does not do read the article here.

To learn more about this Firewall and how it works, read the blog article here.