Wordfence Integrates Malware Scan Into Firewall
If you’ve been using the Wordfence Firewall for a while, you may have noticed that our firewall ruleset has been growing steadily over the past few months. This happens as we turn new threat intelligence into firewall rules and release them into production to protect your website.
The Wordfence Firewall protects you against attackers hacking into your website using known weaknesses like the vulnerabilities that have been exploited in Timthumb, Mailpoet, Gravity Forms, Slider Revolution and many others.
We also protect against many zero day vulnerabilities that aren’t yet known to the public but are known to us exclusively. These rules protecting against zero day vulnerabilities are unique to Wordfence.
We also protect against vulnerabilities that haven’t yet been discovered by using a smart ruleset that recognizes malicious activity and blocks it.
We knew we could do better
Many firewalls only protect against common attacks that exploit vulnerabilities. One of the things we see when a site is targeted is that an attacker has a goal in mind; They want to upload malicious code so that they can execute that code on your website.
In the security industry we use the phrase “Defense in Depth”. This describes a multi-layered approach to security, so that if one layer of security doesn’t stop an attacker, another will.
We realized if we took a multi-layered approach with our firewall, we would do an even better job of protecting our customers and have a very high probability of stopping attacks.
Announcing a new break-through feature
With this in mind we have integrated our scan engine into the Wordfence Firewall. This layered approach means that even if a rule that recognizes an attacker exploiting a vulnerability doesn’t block the attack, our scan rules will block the attack when the attacker tries to upload malicious content.
Last week we quietly rolled Wordfence 6.1.17 into production. This update integrates Wordfence Scan and the Wordfence Firewall. With this update, as traffic passes through the Wordfence Firewall before it hits your website, it is inspected using our full scan capability and if we find any malicious code in a request, it is blocked.
This has the effect of adding a powerful malware and virus scanner to your firewall to complement the already comprehensive ruleset that Wordfence uses to protect you. This new layer of protection is extremely fast and comes with zero performance penalty for your website.
This is a very exciting change because through our forensic research, our scan capability has massively increased over the past few months. This scan capability has now been added to the firewall.
Right now our free Wordfence community users are protected using 402 unique scan signatures, many of which detect multiple malware types. Our Premium Wordfence users are protected using 137 additional malware signatures. As always, these signatures will become available to free customers within 30 days of release.
We also have 163 beta signatures that we are currently testing and will be bringing online for our Premium customers over the next few days and weeks.
This new firewall detection capability has just been added to the Wordfence Firewall in a single release, which has the effect of adding hundreds of new firewall rules at once.
Bringing this new capability online for our customers is a big deal and our team worked hard to make this release happen. I’d like to extend my special thanks to our Dev and QA team who made sure that adding this new detection did not result in any false positives on your website and made sure that, as we rolled this out, the over 1.5 million websites we protect would continue to run fast and flawlessly.
Since our release last Thursday over half a million websites have upgraded to Wordfence 6.1.17 without a hitch. If you haven’t done so already, upgrade now so that you too can benefit from this new capability and protection for your WordPress website.