Request Firewall options explanations

There are 5 Firewall Blocking options that determine what data is checked on each page request. Depending on certain incompatibilities with other plugins, you may need to disable certain options to ensure maximum compatibility.

Recommendation: Turn on as many options here as you can. If you find an incompatibility or something stops working, uncheck 1 option at a time until you find the problem or review the WP Activity Log. 

Request Firewall blocking options explanations

The following options help you to chose what kind of malicious data to scan for.

Option: Directory Traversals

This option will block directory traversal paths in application parameters (e.g. ../, ../../etc/passwd, etc).

There is typically no need for file paths that indicates attempts to move between directories on the filesystem. Be careful, as this might interfere with sites that publish content containing code snippets.

Option: SQL Queries

This option will block sql in application parameters (e.g. union select, concat(, /**/, ..), etc).

Option: Field Truncation

This option will block field truncation attacks in application parameters.

Much like file system traversals, you typically shouldn’t have SQL queries in data submitted to your site. This option will try to look for keywords and patterns associated with SQL queries.

Option: PHP Code

This option will block any data that appears to try and include PHP files. It will probably block saving within the Plugin/Theme file editors.

Just like SQL, WordPress terms etc., you typically shouldn’t have PHP code in data submitted to your site. If you use the plugins/themes editor, this might trip the Firewall checks.

Option: Aggressive Scan

This option aggressively blocks data. It employs a set of aggressive rules to detect and block malicious data submitted to your site.

Important: Be careful with this option. It may cause an increase in false-positive firewall blocks.

Additional Request Firewall Options

Option: Whitelist Parameters

Specify certain factors that completely by-pass all Firewall checking.

Read more about this here.

For further reading on Shield's WAF, read the blog article here.

Option: Send Email Report

This option, when enabled will send the administrators an email notifying them of a firewall block incident. 

Important: Use this option with caution - if you get hit by automated bots you may send out too many emails and you could get blocked by your host.

Here is an example of the Firewall block alert email:

For more information on how the Shield's Firewall works, read the blog article here.