What is the function of Solid Security’s Firewall Feature? #
The Firewall feature in Solid Security provides essential protection against malicious traffic, unauthorized access attempts, and common web vulnerabilities on WordPress websites. By offering customizable rules and advanced traffic filtering, the firewall helps to ensure that only legitimate traffic reaches your site while blocking harmful requests that could compromise its security.
The firewall is fully integrated with Patchstack for real-time vulnerability scanning, prioritization of vulnerabilities using Patchstack Priority scores, and virtual patching, providing an added layer of protection by automatically blocking known vulnerabilities. The feature allows administrators to tailor security policies to meet the specific needs of their website.
Firewall Settings Overview #
The Firewall section within Solid Security allows administrators to configure and manage several key security tools, all designed to safeguard a website from various types of attacks. The firewall can be managed through several core areas:
- Logs: Displays detailed information about blocked threats and other firewall activity.
- Rules: Enables the creation of custom firewall rules to control specific traffic.
- IP Management: Provides charts for managing banned, locked out, and authorized IPs.
- Configure: Offers an alternative way to manage general settings for the Solid Security plugin.
- Automated: Integrates with Patchstack for virtual patching and vulnerability scanning.
Logs #
The Logs section provides a detailed overview of all firewall activity. It includes firewall logs, which display all incoming threats that have been detected and blocked, as well as statistics on the types of threats that have been blocked. Administrators can view detailed information about each logged event, including the source IP, the type of attack, and the date and time it occurred. This feature helps users understand the nature of the threats and the effectiveness of the firewall.
An example of the Logs section can be seen here:
Rules #
The Rules section allows administrators to create custom firewall rules to fine-tune security based on specific traffic patterns. To create a rule, users fill out a form with the following fields:
- Rule Name: A descriptive name for the rule.
- Field: Choose which part of the request to examine, such as the URI, request method, content type, header, cookie, or IP address.
- Name: If “header” or “cookie” is selected as the field, an additional “Name” field will appear for further specification.
- Operator and Value: Define the comparison operator (e.g., equals, contains) and the value to match.
- Additional Conditions: Optionally add “and” statements to create more complex rules.
Once the rule is defined, administrators can choose the appropriate action for when the rule is triggered:
- Block: Deny access to the request.
- Redirect: Send traffic to a different location.
- Log: Record the event without taking further action.
- Allow: Permit the request to pass through.
After creating the rule, administrators can deploy it to activate the firewall protection.
For more detailed instructions on creating custom rules, refer to the blog post:
Creating Custom Firewall Rules
Activating Custom Firewall Rules #
The firewall feature can be activated through the Security > Settings > Features > Firewall tab. In this section, administrators can toggle the firewall rules engine on or off, enabling custom rules for enhanced security.
Force all origin traffic through Cloudflare #
If using Cloudflare, you can force all origin traffic through Cloudflare by adding an allowlist of Cloudflare IP ranges at the top of your .htaccess file so only Cloudflare (and any required host IPs) can reach the origin directly.
Follow these steps to do so:
1) Open your site’s .htaccess file, and place this at the very top above # BEGIN iThemes Security and # BEGIN WordPress.
<IfModule mod_authz_core.c>
<FilesMatch ".*">
<RequireAny>
# Hosting-server
Require ip 194.242.11.166
Require ip 127.0.0.1
# Servetheworld
Require ip 83.143.83.166
# Cloudflare IPv4
Require ip 103.21.244.0/22
Require ip 103.22.200.0/22
Require ip 103.31.4.0/22
Require ip 104.16.0.0/13
Require ip 104.24.0.0/14
Require ip 108.162.192.0/18
Require ip 131.0.72.0/22
Require ip 141.101.64.0/18
Require ip 162.158.0.0/15
Require ip 172.64.0.0/13
Require ip 173.245.48.0/20
Require ip 188.114.96.0/20
Require ip 190.93.240.0/20
Require ip 197.234.240.0/22
Require ip 198.41.128.0/17
# Cloudflare IPv6 (recommended)
Require ip 2400:cb00::/32
Require ip 2606:4700::/32
Require ip 2803:f800::/32
Require ip 2405:b500::/32
Require ip 2405:8100::/32
Require ip 2a06:98c0::/29
Require ip 2c0f:f248::/32
</RequireAny>
</FilesMatch>
</IfModule>2) Save the changes.
3) Keep ranges current from Cloudflare’s official list.
4) For NGINX, use server-level allow/deny, as .htaccess doesn’t apply. Ensure correct client IPs via mod_remoteip/proxy settings.
IP Management #
The IP Management feature helps administrators track and manage IP addresses that interact with the site. It includes three key sections:
- Banned IPs: Displays IP addresses permanently banned due to rule violations or suspicious behavior. Administrators can remove IPs from this list if necessary.
- Active Lockouts: Shows IP addresses under temporary lockout due to activities such as failed login attempts or triggering firewall rules.
- Authorized IPs: Lists IPs exempt from lockouts or bans, ensuring that trusted users are not affected by security measures.
Administrators can easily manage these IPs to ensure proper access control and security.
Configure #
The Configure section offers an alternative method to manage Solid Security’s overall firewall settings. It provides access to the same settings found in the Security > Settings > Features > Firewall tab, allowing administrators to toggle the firewall rules engine on or off, manage lockout timers, and more.
Automated #
The Automated tab integrates with Patchstack to offer virtual patching and vulnerability scanning. This integration ensures that any known vulnerabilities are automatically patched in real-time without requiring manual intervention. It provides an added layer of protection by addressing threats as they are identified, ensuring your website is protected against newly discovered vulnerabilities.
For more information on virtual patching, visit:
Patchstack Virtual Patching
Integration with Patchstack #
The Solid Security firewall is integrated with Patchstack to offer real-time protection against vulnerabilities, utilizing Patchstack Priority vulnerability scores to give you real-world insight into the risks they pose to your site. By continuously scanning for vulnerabilities and applying virtual patches, this integration helps protect your site from known threats without the need for manual patching. It provides dynamic and automated security measures, ensuring your website is always safeguarded.
Things to Keep in Mind #
While the Solid Security firewall is a powerful tool, there are a few important considerations:
- The firewall focuses on blocking malicious traffic but does not include malware scanning or breach detection.
- Custom firewall rules should be configured carefully to avoid blocking legitimate traffic unintentionally.
- Administrators should regularly review firewall logs and adjust rules to ensure that security measures are effective without disrupting legitimate website activity.
Conclusion #
The Firewall feature in Solid Security provides a robust solution for protecting WordPress websites from malicious attacks, unauthorized access, and traffic anomalies. With customizable rules, real-time vulnerability patching through Patchstack, and IP management, administrators have full control over their site’s security.
