Customizing Firewall Filter Rules in WP Security Ninja
This guide explains how to customize or disable the firewall filter rules in WP Security Ninja to suit your security needs and site specifications.
Modifying Firewall Filter Rules
Customizing firewall filter rules allows you to add or modify existing security checks according to your website’s specific needs. Here’s how you can modify different filter categories using the apply_filters
function.
Modifying Request URI Items
add_filter('request_uri_items', function($items) {
// Add custom rules
$items[] = '\.(exe|bin)$'; // Blocks .exe and .bin file accesses
return $items;
});
Enhancing Query String Checks
add_filter('query_string_items', function($items) {
// Add more specific patterns
$items[] = 'admin(\s|%20)console'; // Blocks attempts to access admin consoles
return $items;
});
Expanding Referrer Blacklists
add_filter('referrer_items', function($items) {
// Include more spammy or malicious referrers
$items[] = 'badreferrer\.com';
return $items;
});
Updating Blocked Hosts List
add_filter('blocked_hosts_items', function($items) {
// Block additional problematic hosts
$items[] = 'examplemalicioushost.com';
return $items;
});
These modifications allow you to tailor the security filters to better fit the security profile of your site, potentially adding more stringent checks or blocking additional vectors of attack. Remember to test these changes in a staging environment before applying them to your live site to ensure they do not interfere with legitimate traffic.
Disabling Filter Rules
To disable specific filter rules, return an empty array for that filter using the apply_filters
function. Disabling filters will prevent the plugin from processing these specific checks, although other firewall functions will remain active.
Request URI Items
add_filter('request_uri_items', function($items) {
return []; // Disables all Request URI checks
});
Query String Items
add_filter('query_string_items', function($items) {
return []; // Disables all Query String checks
});
Referrer Items
add_filter('referrer_items', function($items) {
return []; // Disables all Referrer checks
});
Blocked Hosts Items
add_filter('blocked_hosts_items', function($items) {
return []; // Disables all Blocked Hosts checks
});
Warning: While disabling filters can tailor the security settings to your specific needs, it’s important to understand that doing so may reduce the effectiveness of your site’s security. Disabling all filters will stop the plugin from filtering suspicious queries even if the feature is enabled. It’s advised to use this option cautiously and ensure that other security measures are in place.