Web Application Firewall (WAF)
Our WAF is your first layer of defence preventing cybercriminals from hacking your website's critical data and information.
What if a targeted cyber attack never reached your site?
A web application security breach can have devastating consequences, often leading to the loss of critical data or theft of confidential information.
The most effective way to avoid these kinds of attacks? Stop the attack from reaching your site in the first place!
This is exactly what a WAF does… building a fence on the outside your WordPress borders – monitoring, filtering and blocking malicious HTTP traffic BEFORE it ever hits your server or site.
Leading plugin-based firewall (we tested it!)
Unlike many other providers, our WAF is completely free to use with PINC 360 hosting and is already tuned for WordPress. It also uses fewer server resources by not running in PHP and doesn't need to touch a line of code - meaning it won't significantly affect your site's performance.
In fact, our testing puts it around 25 percent faster than the leading WordPress plugin-based firewall! Also, many firewalls are not optimised specifically for WordPress, either have most rules off by default or cause false alarms.
Another advantage our WAF has over cloud firewalls is that it’s difficult to prevent attackers from bypassing a cloud firewall completely. As a result, most people skip this crucial step, leaving your site vulnerable.
Armed with over 300 highly optimised, managed firewall rules (updated daily)
Our WAF comes armed with a highly optimised, managed ruleset, containing more than 300 firewall rules (or policies). These policies combine rule-based logic, parsing and signatures; enabling them to detect and prevent a range of web application attacks.
Our firewall is always learning and updated every day with new rules. Additional rules are added based on the usage and intelligence of our internal network of sites. This means every new threat (or false alarm) allows your WAF to grow smarter and stronger – ensuring optimal protection and improved accuracy.
OWASP attacks are your WAFs specialty
Included as part of our WAFs 300+ ruleset, is protection against common "OWASP" top ten attacks - including cross-site request forgeries, cross-site-scripting (XSS), file inclusions, SQL injections and more.
Intelligent app protection is less than a click away
Our WAF is automatically enabled on all sites hosted with PINC 360, meaning protection is literally less than a click away. Of course, if for some reason you need to deactivate the WAF, you can.
You can also do some rule-tuning yourself if needed, and unlike a lot of other complicated firewall options out there, we’ve made this super easy.
You make the rules with black and whitelists settings
Want to sure-up your security even more? Assemble a customised "blacklist" of unwanted IP addresses, or user agents your WAF will automatically block.
On the other side of the coin, you can easily create a “whitelist” of IP addresses and user agents that are allowed. Everything else is denied.
Disable rule IDs and limit false alarms
If any of our in-built WAFs rules trigger false alarms, these can easily be disabled. It's as simple as entering the rule you're having trouble with into the disable rule ID field.
You can find specific rule IDs, as well as additional details about the rules in our WAF log.
WAF log - learn from every attack, error and request
Our WAF log shows you exactly where attacks are coming from, which requests have been blocked, and what rules those requests triggered.
This is helpful both to identify attacks, and to prevent future false alarms. The WAF log can also help you identify whether you need to whitelist a particular IP, or disable a specific WAF rule.
Automatically patch hard-to-detect WordPress vulnerabilities
Our WAF also takes web app security a level further by deploying "virtual patches" to repair WordPress core, plugin, and theme vulnerabilities when required.
This means if you’re running an old plugin or theme with known security vulnerabilities present in our rule lists, your WAF can identify traffic trying to take advantage of this vulnerability and stop it. All without needing to touch the code on your site.
Meet security compliance requirements and offer extra assurance for customers
If your organisation processes or stores sensitive information (credit card details etc.), it's obviously important you comply with security requirements, and standards such as the PCI, HIPAA and GDPR.
One of these requirements is: “installing and maintaining a firewall configuration to protect cardholder data.” This makes having a WAF valuable from both a compliance, and a security perspective.
It can also give your customers further assurance that they’re fully protected.
Easy integration with additional safety measures
Of course, any additional layer of security is invaluable, and our WAF also integrates perfectly with other security measures.
The WAF becomes the second line of defence against plugin, theme and WordPress vulnerabilities after updates. It can often detect and block undiscovered or unfixed vulnerabilities.
The WAF and our Defender plugin can also help ensure that, if you are attacked, the attacker won’t gain anything other than hurting the performance of your site or bringing it down.
How our WAF compares with other providers:
|Blacklist or Whitelist Settings||✔||✔||✔|
|Automatic Virtual Patching||✔||✔||✔|
|Optimised For WordPress||✔||❌||✔|
|Minimal Performance Hit||✔||✔||❌|
|OWASP Top Ten Protection||✔||✔||✔|
|Cost||FREE||≈ USD 20||≈ USD 99|