A simple Web Application Firewall for WordPress.
A very simple firewall for WordPress that allows you to see all real requests to your WordPress and protect you from Internet attacks. It’s a WAF, a Web Application Firewall that is installed in front of WordPress. It’s installed in the server with the plugin, and it checks requests from the web browsers, bots or webcrawlers to your WordPress. It executes the WAF codes before every request to PHP files of WordPress, so it also works before every request to the WordPress cache.
Features:
- Feel free to contribute in GitHub to improve the project.
- It’s free, completely free.
- Detection and protection of DoS attacks.
- Detection and notification of possible DDoS attacks.
- It can protect you against SQL injection, XSS and Xploit attacks using your own Regexes.
- Permanent block or bypass of custom IPs, it allows you to configure IPs with your own Regexes too.
- Log and show Regex errors, for debug and improve your Regexes.
- Save payloads, all or only when match a regex.
- Block and allow countries and continents.
- 404s detections.
- Show URLs or IPs doing 404s.
- Show IPs that are doing most of the visits.
- Show URLs most visited.
Uninstall
- Uninstall .user.ini file.
- Deactivate the plugin into the Plugins menu in the admin panel of WordPress.
- Delete into the Plugins menu.
All the options configured into the plugin are removed when plugin is deleted, not when plugin is deactivated. All the database tables are removed when plugin is deactivated. So if you want to remove the plugin and all data stored, first deactivate the plugin and then remove it from the plugin admin zone into the WordPress backend.
Screenshots
The main view into the admin panel.
Administration of unique IPs.
Regexes administration.
DoS detection and prevention, DDoS detection and notification.
Countries and continents administration.
Last blocks reasons and times blocked.
Suspicious behaviours.
Administration of the ban rules.
Current banned IPs and rules that banned them.
FAQ
Can I block myself?
You cannot block yourself while you are activating the plugin. But you can block yourself while setting restrictions for the firewall. First read carefully and config it slowly, testing configurations and showing the results.
I blocked myself, how can I disable it without access to the backend?
If something is broken because of this WAF, edit and empty the files /waf-going-on.php and /wp-content/plugins/whats-going-on/waf-going-on.php. Do not remove it, you can rename it and make an empty one with the same name. It will continue working, but doing nothing.
ChangeLog
v1.3
- Join main table with the 404’s table.
- Show 404’s info in the main view and all needed changes.
v1.2
- Tested up with WP6.0.
- Some style changes.
- Usability changes for banned, blocks and suspicious section.
v1.1
- Administration zone improved.
- Autoreload main graph, main table content.
- New section for suspicious behaviours.
- New section for ban rules administration, IA/SBR working in background in a cronjob.
- New section for IPs banned.
- Some other small fixes, styles and Javascript changes.
v1.0
- Datatables for showing the main data.
- Improving and refactoring assets.
- Fix filling country randomizeing select query.
- Fix no URL encoding when filtering.
- Fix last blocks total and listing.
v0.9
- Bugfix DB update system.
- Bugfix download Regexes capturing submit.
v0.8
- Refactoring codes.
- Main chart with min line for % of request for DDoS detection.
- Bugfix JS onload undefined and onload overriding.
- Bugfix WAF file for empty options.
- Download current Regexes files.
v0.7
- Set default Regexes buttons to protect you from URI and Payload attacks.
v0.6
- Securize input and outputs in the backend.
- Improving install of firewall outside of WordPress plugin files.
- Config files and logs into uploads dir.
- Some checks and fixes.
v0.5
- AJAX loading of more info.
- Payloads saving, for all or only when matching a regex.
- A better install for all subdirs of WordPress.
- Some other bugfixes.
v0.4
- Countries and continents section working.
- A lot of checks done, bugfix and more refactoring of codes.
v0.3
- Main chart with requests, average, standard deviation and others.
- Fix Regexes saving for XSS, SQL injection and Xploits detection.
- Debug zone for your own Regexes results.
- Background filling data of countries.
- More configurable option like: email of notifications, behind a proxy or not, days to store data..
- DDoS detection is working.
- Refactoring of all files, implementing VC with singletones.
v0.2
- Fill countries data in background.
- New section of countries started.
- Maths of DDoS detection, and chart.
- Some fixes and refactoring.
v0.1