Last Updated 2021.01.26
Build WAF on WordPress with SiteGuard WP Plugin
WordPress is a very high-function, and security updates are made every day, but since 30% of the world is building websites with WordPress, it will inevitably be the target of hacking and cracking attacks. In particular, the URL of the management screen is the same / wp-admin / URL by default, so it is a neck that it is easy to become an attack target. The main function of SiteGuard WP Plugin is to reduce the damage of unauthorized logins by automatically changing the URL of this management screen or adding image authentication function when logging in.
What is a WAF?
Have you ever heard of the word WAF? This WAF stands for Web Application Firewall, which means to install a firewall in a web application to increase security. I think that you can search for what a firewall is by searching on Google etc. separately. SiteGuard WP Plugin has also been released as a plugin to add WAF functionality to WordPress, and a company called JP-Secure, the developer, provides security consulting to companies, mainly WAF.
Install SiteGuard WP Plugin
Go to "Plugins" → "Add New" in the WordPress extra screen and enter "SiteGuard WP Plugin" in the search form of the plugin. Then, as shown above, siteguard WP Plugin will come out first, so press the install button to install the plugin. When the installation is complete, press the "Enable" button to activate the plugin. Then, the access URL of the management screen will be changed, so click "New WordPress Management Screen Login Page" on the screen and bookmark it. If you forget to bookmark the login page of the managed screen you moved, let's visit the login page by looking at the JP-Secure page below.
It also works on files related to web servers, such as .htaccess files, so be careful when installing and operating SiteGuard WP Plugin, but since it is developed and updated by a Japanese company, the FAQ is in Japanese and there is a sense of security. After all, you can change the URL of the default management screen of WordPress arbitrarily, so the security will be greatly improved. This plugin is one of the plugins that I would like you to introduce by all means if you are operating a website with WordPress.
SiteGuard WP Plugin Settings
SiteGuard WP Plugin is a highly functional plugin that adds WAF functionality to WordPress, but it's easy to introduce that the post-installation settings remain almost the default. WordPress administrators are a web system characterized by being able to operate a wide range from those with abundant expertise on the WEB to general beginners, so it is a big advantage that installation and setting are OK by default. When you want to change the settings of SiteGuard WP Plugin, the developer JP-Secure publishes a detailed setting method on the web, so it is a good idea to refer to the following page.
SiteGuard WP Plugin update notification settings
Once you've installed SiteGuard WP Plugin, the item you want to set up is the update notification settings. This means that when wordpress itself, installed plugins, and installed themes are updated respectively, an update notification email will be sent to the email address registered in the general settings. I want a notification email when updating the WordPress body, but since it is now possible to automate the update for plugins, I think that update notifications are not necessary.
For theme update notifications, update notifications are not required for themes that are officially registered, but I think that it will be convenient to have update notifications for themes that are not officially registered with external themes. Since this site also uses external paid themes that are not official, update notification of themes is enabled. In addition, the update confirmation is automatically processed every 24 hours, so if you do not want to put too much load on the server, it will be fine to disable them all.
However, recent rental servers have become high-performance and high-performance, so it is not surprising that this level of processing has increased. I think you can use SiteGuard WP Plugin with peace of mind.