David Naylor has been pimping this Firewall Script software for the last week or so. I figured I would check it out. Seems pretty slick. Looks to do what a lot of mod_security does but without all the silly dependencies and the root admin access.
I think its another great example of a very badly needed service. People are getting hacked all the the time and the cost of this is like 80 bucks…. which is nothing for a serious site. I personally have not had time to test it but Dave has asked me to go through it so I will probably give it a go next weekend on some boxes and report my findings back.
About the author...
Jeremy Schoemaker – who has written 2415 posts on ShoeMoney.com.
Hi I am Jeremy Schoemaker and ShoeMoney.com is my blog. 99% of the post here are done by me but you will see others occasionally make guest posts. This blog is fun to write but for my day job I run several online companies.
Images provided by ShutterStock
What Internet Marketers Can learn From Harry Potter 
9 Random Tips On Being A Successful Online Marketer 
PPV Advertising 101 – Untap the Potential (Part 1 of 3) 
{ 38 comments… read them below or add one }
The mentions of WP blogs being hacked has been high lately. Looks like this script will work for everything on the server that uses php. Wondering if it is domain specific or offers protection for everything on the server. Easy to install?
This is definitely something I need to look into. Good question-Is it easy to install.? I guess we will fine out when Shoe tests it next weekend. I for one am looking forward to that post.
it looks pretty easy. I should have one of our less technical people give it a go and report on it. Btw u need a gravatar!
This is an interesting idea and I’m curious to how it functions on a shared hosting platform. I just can’t see how a php script can protect your site on a shared hosting platform where you don’t have direct access to the specific server modules. Then again I would say that as the sceptical programmer I am
Would be nice to hear from some one who has used the service before…
I agree… I’d love to hear what someone thinks of this who has used it before!
Dunno about whos used it/how good it is, but they have a affiliate program and I think I could make a assload of money promoting this all over the place.
I have one but I guess I needed to add another email address. Let’s see if it works.
Glad to see dave got something in return for bloggin about fighters.com!
Just remember folks, this doesn’t replace a real firewall. It’s just for the application layer. A normal firewall blocks before reaching the script. The combination will work wonders, but leaving either side out still leaves you vulnerable.
@tim -
Using .htaccess preappend, it would stop it before it reaches the script. Its the same thing as modsecurity- so its just as much a firewall as modsec is. Any .php page thats called, it calls the firewall first, and if the firewall doesnt like it, it discards the request never even reaching the script
Lets see if mine works…
I’ll try it out when my community gets bigger.
I think what Tim is trying to say is that there are ways to exploit sites before they even reach the application level, which btw the .htaccess would be part of.
Looks very interesting. I have a normal software firewall, but no “php firewall”. I have many blogs on my server, and keeping them upto date is annoying.
Shame it only works with php5, I might have to look into updating.
Does it not concern anyone that the one testimonial on their site is from a guy who thinks aliens were trying to hack his site?
For those wanting an open source solution one alternative may be PHP-Intrusion Detection System. The default is to send an alert following suspect behaviour but killing the script instead wouldn’t be too much work.
That testimonial must be true – you can’t make stuff like that up!
Seriously, I would be interested to find out how easy this is to install and setup. I’m a linux noob and am eager to learn about this kind of stuff
Yes you are correct in thinking what I’m saying
The point is you can DOS Apache and having an application firewall would do nothing. You’d need something that stops it before getting to Apache. The point isn’t to say this firewall is bad, but to remind people that it’s part of the solution not “the” solution.
$40 dollars per sale and $19.99 just for joining the program. $100 payment minimum. Not bad commish
~Terry
mine worked below. seems you gots some work to do…
Linux already comes with a pretty easy to use firewall. Its called iptables.
If one hosts on a dedicated server? No sharing, will that decrease WP’s vulnerability to hacking attacks? Or does one still need this software too?
Thank’s for this script
Cool script. Thanks from me
Fantastic script!
Hows that work out on shared hosting?
Oh, right.
It is really awesome having The Shoe to not only alert us to new toys, but also to test them for us!
Not really, vulnerabilities in wordpress are due to the code which makes up the software. This program merely monitors what looks like it may be an attack and then you decide from there whether to ban that person or not. At least I would imagine that’s how it works. I have not actually used the program.
Thanks for the link, i will test it.
It’s a shame it only works on PHP5.
And before people tell me to upgrade, I have too many PHP4-only scripts to bother doing that. Seemed like a good script though.
How bout a Plugin For WP for this ?
Not a replacement for a real firewall, but it should work great paired with one. The price is right too if you’re running any kind of serious site.
Thanks, Look forward to your findings before I give it a go.
Upgrading to php5 doesnt take much time. I just did on my vps a day ago. Just re compiled with Apache…
Thanks for the script. Definitely worth it.
i’m a small player and a firewall isn’t in my priorities list yet
Iooks interesting, cant wait to hear what you think.
Getting your website secured is very good in this insecure online world.