Customizing Firewall Filter Rules

Customizing Firewall Filter Rules in WP Security Ninja

This guide explains how to customize or disable the firewall filter rules in WP Security Ninja to suit your security needs and site specifications.

Modifying Firewall Filter Rules

Customizing firewall filter rules allows you to add or modify existing security checks according to your website’s specific needs. Here’s how you can modify different filter categories using the apply_filters function.

Modifying Request URI Items

add_filter('request_uri_items', function($items) {
    // Add custom rules
    $items[] = '\.(exe|bin)$'; // Blocks .exe and .bin file accesses
    return $items;
});

Enhancing Query String Checks

add_filter('query_string_items', function($items) {
    // Add more specific patterns
    $items[] = 'admin(\s|%20)console'; // Blocks attempts to access admin consoles
    return $items;
});

Expanding Referrer Blacklists

add_filter('referrer_items', function($items) {
    // Include more spammy or malicious referrers
    $items[] = 'badreferrer\.com';
    return $items;
});

Updating Blocked Hosts List

add_filter('blocked_hosts_items', function($items) {
    // Block additional problematic hosts
    $items[] = 'examplemalicioushost.com';
    return $items;
});

These modifications allow you to tailor the security filters to better fit the security profile of your site, potentially adding more stringent checks or blocking additional vectors of attack. Remember to test these changes in a staging environment before applying them to your live site to ensure they do not interfere with legitimate traffic.

Disabling Filter Rules

To disable specific filter rules, return an empty array for that filter using the apply_filters function. Disabling filters will prevent the plugin from processing these specific checks, although other firewall functions will remain active.

Request URI Items

add_filter('request_uri_items', function($items) {
    return []; // Disables all Request URI checks
});

Query String Items

add_filter('query_string_items', function($items) {
    return []; // Disables all Query String checks
});

Referrer Items

add_filter('referrer_items', function($items) {
    return []; // Disables all Referrer checks
});

Blocked Hosts Items

add_filter('blocked_hosts_items', function($items) {
    return []; // Disables all Blocked Hosts checks
});

Warning: While disabling filters can tailor the security settings to your specific needs, it’s important to understand that doing so may reduce the effectiveness of your site’s security. Disabling all filters will stop the plugin from filtering suspicious queries even if the feature is enabled. It’s advised to use this option cautiously and ensure that other security measures are in place.

Tags: ,

Was this helpful?