Pros and Cons of a Plugin-Based Firewall

Plugin-based firewall: We human are under protection from the moment we are born. We are clothed, kept under a shelter called home and when we grow up to become someone important we are given more layers of protection (like armed guards). Likewise, a website needs many layers of protection. Firewall is one such layer. It takes measures to fortify a website and has reinforcements in place for when hackers try to break into a website.

There are different kinds of firewall available for securing a website. They equipped to handle different kinds of threats by taking various kinds of measures. Besides the plugin-based firewall, there is also a cloud-based firewall and an inbuilt firewall provided by web hosting. A plugin-based firewall can be installed and configured from your WordPress website just like any other plugin. What it does is, it intercepts requests made to your site and checks whether the request is valid or malicious. Each of these firewalls comes with their own set of advantages and disadvantages. Let’s look at them.

Advantages of Using a Plugin-based Firewall:

 Difficult to Bypass

The firewall sits on the server of the website which means they act as a personal bodyguard to your website. A guard that never leaves your side. At a network level, the firewall protects your site from a distance. They are like a guard protecting you from outside the door. If hackers manage to bypass that guard and enter your room, they’ll cause you harm. But if there was an armed guard right by your side, then hackers breaking into your room will first have to deal with the guard before reaching the site.

Tailored for WordPress

It’s no secret that plugins are partly responsible for the popularity that WordPress enjoys. Plugins help design websites easily and they are built exclusively for WordPress. That’s one of the beauties of using WordPress plugin. Plugin-based firewalls are exclusive to WordPress making them easy to use and easy to configure, like any other plugin. Also, some functions like protecting a certain WordPress folder is hard to perform in a network firewall.

Easy to Configure

With a plugin-based firewall, you don’t have to reach out to anyone to configure the tool. Because it’s a plugin that sits on your site server, you can easily enable or disable it from your website dashboard. It saves time that you can spend working on enhancing your website and business instead.

Disadvantages of Using a Plugin-based Firewall:

 Not impossible to Bypassed

bypassing-online-WAF: plugin-based firewall
Image credit: WP White Security

Whenever someone makes a request to your site, the request goes through the firewall who determines if it’s a valid request or the one with malicious intention. But the thing is, hackers can still figure out a way to bypass the firewall and communicate directly with your web server.

Relies on Signature Based Protection

Like a lot of malware scanner, the firewall uses signature-based protection. This means that when someone is sending a request to your web server, the firewall matches the request against a number of known suspicious requests or requests that are known to cause harm to the sites they visit. Hackers today are smart and innovative. They send complex requests that haven’t been identified before and therefore firewalls don’t consider them as harmful.

Can’t Protect Against User Issues

Firewalls can help you protect the WordPress login page, but they can’t protect you from user issues like weak username and password. If your credentials are not strong enough (check out how to create a strong password) hackers will easily brute force into your site. And that is something a firewall can’t stop. Sure some firewalls prevent users from accessing the WordPress login page after 3 consecutive failed login attempts. But if a bot was brute forcing its way in and was able to guess the right (and evidently weak) password in the second attempt, the firewall can do nothing. In such cases, the firewall can’t protect the website which is why vigilance on the part of website owners is important. Security is a shared measure, where site owners will have to be involved in taking every precaution necessary.

Can’t Protect Against DDoS

WordPress doesn’t have a built-in feature to protect against DDoS attack and moreover, plugin firewall is not able to offer protection either. For those who are unaware of what a DDoS attack is, it’s when a hacker floods a website with too much traffic that causes the website to slow down or even shut down. It’s a way to bring down a website. Network-based firewall is more efficient in this case because they are able to filter malicious traffic before they hit your server. Plugin-based firewall is practically useless in DDoS attacks.

Slow Website

Since the plugin firewall sits on the website and uses your site resources to run its function, it tends to bog down the site. Every time someone makes a request for your website, the plugins firewall investigates the request using your site resources thus slowing down the site.


Over to You

Whether or not you’ll use a plugin-based firewall depends on the kind of protection you require. If your site is under DDoS attack then, it’s better to avoid plugin-based firewall. On the other hand, if you require protection against brute force attacks, then plugin firewalls are ideal.

To understand what sort of security measure your site needs, you must first understand what sort of common hack attempts are being made on your site. That said, the best way to reduce the vulnerability of a website is to take multiple measures (what we call ‘layered defence‘) where the firewall works along with a number of other security measures like site hardening, regular updates, daily backups, etc to provide complete protection to a WordPress site.

One can use different tools (basically plugins) to enable this measure or one can use a comprehensive WordPress security plugin like MalCare that offers a ton of features along with a firewall. The firewall tracks hundreds of thousands of websites online in search of bad IP addresses (basically IPs that are known to cause harm to websites they visit). It marks them and prevents them from accessing your site. And there is a measure against brute force attacks where after 3 consecutive failed login attempts, a CAPTCHA is enabled. Find out more about MalCare’s WordPress firewall from here. 

Sophia Lawrence,

Sufia is a WordPress enthusiast, and enjoys sharing their experience with fellow enthusiasts. On the MalCare blog, Sufia distils the wisdom gained from building plugins to solve security issues that admins face.

Copy link
Powered by Social Snap