Web application firewall?
There are more robots visiting your website than humans – and a lot of them are looking for a vulnerability to gain access.
Web Application Firewall or WAF makes exploiting undiscovered or unpatched vulnerabilities harder.
Activate WAF – it’s free!
In Zone, you can now easily activate WAF which protects you from the most common attack vectors and is in accordance with OWASP rules.
You can find the activation options at the root domain and at each subdomain. The easiest way is to activate Block and log suspicious requests. Please check if the web and management platform are working properly.
In case of false positives we recommend switching WAF to log-only mode and contacting your web developer to adjust the rules.
What are the robots doing on your site?
This map shows a small portion of web queries from one evening, where bots are searching and exploiting WordPress plugins with security vulnerabilities. Their target is to find a way to uplaod code snippet to your server, retrieve wp-config.php with database access password, or send spam through an unprotected contact form.
How effective is WAF?
Try CloudBrick Labs’ WAFer, which tests your web for OWASP TOP10 attacks and responds with a report. Because the firewall has to strike a balance between detecting attacks and preventing false positives, we think 83,5% is a very good result: