Everything you need to know about firewalls for websites


Posted on: June 18, 2020

You might have heard the term Firewall thrown around quite a bit if you've ever talked to your hosting provider or someone a little more techie than yourself. Having no need to understand everything about websites, you probably brushed it off as another thing that you don't need to understand. But should you?

Firewalls are definitely one of the most important ways to protect your website from malicious attacks and spam. While it sound intimidating, I promise they're not as complicated as they might seem. With a little bit of reading, you can figure out the basics and make your website just one step closer to hack-proof security!

What is a firewall?

A WAF (Web Application Firewall...it's ok to just call it a firewall) protects your website by watching traffic going between your website and the internet. It's looking for different hacking and spam techniques utilized by hackers to try to gain access to your website.

By having a firewall on your website, you are putting a barrier between your website and the rest of the internet. Think of it like a little superhero working in the background of your website, just waiting for someone to attack your website.

A firewall can also let you block certain IP addresses, or even entire countries. This is useful if you have been attacked before, know the IP address, and would like to block it altogether. You can also reverse this process, where you can block the backend of your site for everybody except your IP address. This makes it so that only you can access the import parts of your website, and everybody else will be blocked out.

The most common way of adding a firewall to your website is through a plugin, and the benefit of doing it this way is the extra security features they offer. This includes options to:

Limit Login Attempts: If someone tries to guess a username and password combination on your backend login page, you can set how many times they can try before they are locked out.

2-Factor Authentication: You'vê likely used a version of this on one of many other accounts you have, and believe it or not it's actually fairly easy to add to your website as well. A security plugin might include an option for this as well.

What does a firewall protect my site from?

While a firewall does not protect your website from all attacks, it is the first step you can take in making your website more secure. Here's a list of some of the things it will look out for:

  • Cross-site forgery
  • Cross-site-scripting (XSS)
  • Attacks to your SQL Database
  • Malicious File Uploads via FTP
  • External Entity Expansion (XXE)

You might not understand all those things, and that's ok. All you need to know is that these are very basic ways a hacker can try to gain access to your website. If any of these techniques work, they can bring down your entire site.

You can never have too many extra precautions when it comes to website security. If you set up firewall rules properly, it should be a "set it and forget it" situation. You'll hardly have to come back and manage it. That sounds a lot better than constantly fixing your site because hackers keep getting in!

What happens if I don't use a firewall?

Without a proper firewall installed, you're leaving your site vulnerable to attacks. Someone could get access to your database and access private customer information and more. They could even break your site, bringing your site down (and if you run an eCommerce site, this could cost you a lot).

Disabling a firewall can let people get into and out of your network undetected. This will impact all of the traffic connected to your hosting, so if you're on a shared server, this could mean bad news.

Today there isn't much reason not to use a firewall. They are not hard to set up, and most hosting providers or security plugins will include these for you.

If you are reading this and know that you don't have a firewall, go ahead and get one set up right now!

How do I know if my website has a firewall?

Most of today's security plugins for WordPress and other CMS's contain some sort of firewall that you can configure. To see if your website has a firewall installed, first see if you have some sort of security plugin installed.

Once you find a security focused plugin, browse through the settings to see if there is a firewall settings page. If you can find one and it's enabled, you're all set! If not, see below!

How can I add a firewall to my WordPress website?

Adding a firewall to your website is not hard! If you're running WordPress, there are a ton of security plugins available where you can add a firewall quickly to your website. Here are some of the best that I've used before and would recommend:

Security PluginFeatures
Sucuri FirewallFirewall protection, monitoring, incident respond, performance boost
WordPress Simple Security FirewallFREE, runs in the background, limited login attempts, 2-Factor Authentication, Comment SPAM protection, Firewall, and more
WordfenceFREE option available, login security, firewall, and more
BulletProof SecurityFREE, Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam & much more.