It seems that lately more and more WordPress receiving attacks by various methods and different types of attacks that can damage any installation of WordPress and “step” can ruin the credibility or “safety” of any blog, regardless of visits have.
In the protection of websites and web applications based on PHP, plays a big role of the WAF or Web Application Firewall, that means this type of “software” is responsible for protecting important potential security holes that a website may have and although it is impossible to get 100% security, this type of applications is the most common plug holes.
Relatively, recently I met a WordPress plugin that works as WAF and is quite effective, also adapts very well to the environment, enabling effectively protect from installations running on Apache with FastCGI to plants operating on Nginx with PHP-FPM.
The plugin in is called NinjaFirewall (WP Edition) and can be downloaded for free from the repository of plugins for WordPress.
NinjaFirewall for WordPress allows you to configure different types of rules for WAF or Firewall, protecting even the most common types of attacks by default and without us having to configure anything specific.
We can protect against increases of WordPress installations and protect the site against potential attackers that can send or we receive data via GET and POST requests, both through HTTP to HTTPS. NinjaFirewall even protect against the misuse of variables as HTTP_REFERER, HTTP_USER_AGENT and HTTP_REQUEST, and even protects against XSS injection attacks.
We can create a “snapshot” and configure the module File Guard time to time to examine the website to check if files have been changed, this is perhaps one of the most interesting options NinjaFirewall.
Personally I have found in this plugin a form of secure about some WordPress installations are at greater risk of being infected or that at some point have already been infected with any type of malware.