The mentions of WP blogs being hacked has been high lately. Looks like this script will work for everything on the server that uses php. Wondering if it is domain specific or offers protection for everything on the server. Easy to install?

This is definitely something I need to look into. Good question-Is it easy to install.? I guess we will fine out when Shoe tests it next weekend. I for one am looking forward to that post.

This is an interesting idea and I’m curious to how it functions on a shared hosting platform. I just can’t see how a php script can protect your site on a shared hosting platform where you don’t have direct access to the specific server modules. Then again I would say that as the sceptical programmer I am

Would be nice to hear from some one who has used the service before…

I agree… I’d love to hear what someone thinks of this who has used it before!

Dunno about whos used it/how good it is, but they have a affiliate program and I think I could make a assload of money promoting this all over the place.

Glad to see dave got something in return for bloggin about fighters.com!

Just remember folks, this doesn’t replace a real firewall. It’s just for the application layer. A normal firewall blocks before reaching the script. The combination will work wonders, but leaving either side out still leaves you vulnerable.

@tim -

Using .htaccess preappend, it would stop it before it reaches the script. Its the same thing as modsecurity- so its just as much a firewall as modsec is. Any .php page thats called, it calls the firewall first, and if the firewall doesnt like it, it discards the request never even reaching the script

I’ll try it out when my community gets bigger.

Looks very interesting. I have a normal software firewall, but no “php firewall”. I have many blogs on my server, and keeping them upto date is annoying.

Shame it only works with php5, I might have to look into updating.

Does it not concern anyone that the one testimonial on their site is from a guy who thinks aliens were trying to hack his site?

For those wanting an open source solution one alternative may be PHP-Intrusion Detection System. The default is to send an alert following suspect behaviour but killing the script instead wouldn’t be too much work.

Linux already comes with a pretty easy to use firewall. Its called iptables.

If one hosts on a dedicated server? No sharing, will that decrease WP’s vulnerability to hacking attacks? Or does one still need this software too?

Thank’s for this script

Cool script. Thanks from me

Fantastic script!

Not really, vulnerabilities in wordpress are due to the code which makes up the software. This program merely monitors what looks like it may be an attack and then you decide from there whether to ban that person or not. At least I would imagine that’s how it works. I have not actually used the program.

Thanks for the link, i will test it.

It’s a shame it only works on PHP5.

And before people tell me to upgrade, I have too many PHP4-only scripts to bother doing that. Seemed like a good script though.

How bout a Plugin For WP for this ?

Not a replacement for a real firewall, but it should work great paired with one. The price is right too if you’re running any kind of serious site.

Thanks, Look forward to your findings before I give it a go.

Thanks for the script. Definitely worth it.

i’m a small player and a firewall isn’t in my priorities list yet

Iooks interesting, cant wait to hear what you think.

Getting your website secured is very good in this insecure online world.