Do we all need a Web Application Firewall?
Really, what is this WAF (web application firewall) doing for me? Simple as that, it creates a set of rules designed to protect your website. A Web Application Firewall (WAF) is a tool that looks at the information in an HTTP request and blocks the request if it is malicious. This prevents malicious requests that are trying to exploit vulnerabilities in applications such as WordPress from being able to reach the vulnerable code.
Blocking unwanted web traffic from accessing your site, Protecting against some kind of hacks, brute force attacks, DDoS attacks, cross-site scripting, SQL/PHP/Code Injection, Cache Poisoning, HTTP Response Splitting, Directory Traversal, File Injection/Inclusion, Null Byte Injection, WordPress exploits (such as revslider, timthumb, fckeditor), Exploits (such as c99shell, phpshell, remoteview, site copier), PHP information leakage and a range of malicious requests, bad bots, spam, and other nonsense.
And when you thinking, “My Website Isn’t a Target for a Hack” oh yeah maybe.
The bottom line: No matter how unlikely you think a hack on your website might be. The website itself is a potential target, just because it’s out there, https isn’t enough, this goes along for strong passwords, 2FA and certificates too, these days.
“its a hostile world, be prepared to fight”