Protection starts with traffic analysis. Shield immediately blocks malicious traffic that’s intended to infiltrate your site, execute malicious code, or by-pass authentication.
The Shield's Firewall module is designed to analyse data sent to your WordPress website and block any requests that appear to be malicious. It is composed of 4 parts:
Important: "Firewall Block Message" option is available with Shield Pro only. To find out what the extra features for Shield Pro are, read the article here.
This module is accessible from within Shield Security Dashboard => Settings:
How does the Shield's module work?
The Firewall in this plugin is an application level firewall. It examines the nature of the data sent to WordPress to determine whether it contains any funky data we don't like.
Data comes to the site in 1 of 3 ways:
- HTTP GET
- HTTP POST
The funky data can be passed to the site using any or all 3 of these methods and the Firewall examines this data for anything that breaks its rules set.
If you'd like to understand what these 3 methods for data are, read on. But all you really need to know about the firewall blocking rules is that they are trying to look for bad data transmitted within these 3 data channels.
What is GET and POST, and how do they relate to the firewall?
First we'll look at GET.
When you type in a website address or click on a link on a web page, what you are actually saying is "GET" that page. It's a method of requesting that page and it signifies a certain method of communicating with that site.
You may have noticed some web address have "bits" on the end of them, so you might have: www.my-web-site.com/my-page/?bit=hello&boot=goodbye
You can break up this address in parts - before and after the question mark '?'
- The Page address: www.my-web-site.com/my-page/
- The Variables: bit=hello&boot=goodbye
Then you can break up the variables by every ampersand '&' so you would have:
This is saying that you are requesting a page and you'd like to pass to it, the variables of the given names and given values.
But, bad people can send "bad" values. If they're really clever, they can engineer the values of these variables to interact with code in your website to do certain naughty things.
So, the WordPress Shield Security, based on the restrictions you place, will look for potential bad values within those GET variables. And if it finds them, it will block the request.
What is POST and how is it different?
POST is just like GET, but you can't see the variables and the values as easily as you would with GET - they're not visible in the address.
Typical places you would see POST used is in comment forms and contact forms. Most all forms in general use POST - they literally "post" variables and their values to a page and then wait for a response for where to go, or what to do next.
In the same way, the WordPress Shield Security plugin will examine variables and their values that are 'post'ed to a site.
Does the WordPress Shield Security examine Cookies?
Yes, but only if you tell it to.
By default it doesn't, but in the same way as POST and GET can have bad values, Cookies may also have been illegitimately set to contain nasty stuff.
To find out more what the Shield's Firewall does not do read the article here.
To learn more about this Firewall and how it works, read the blog article here.
Note: Shield Security also gives you the ability to manage blacklisted and whitelisted IP addresses. To find out how this IP Lists Manager works, read the article here.