Àpèjúwe
The RSFirewall! WordPress plugin is the optimal solution for securing your website, helping you stay one step ahead of malicious users that wish to harm your website. The plugin is backed by a team of professionals with a long history in website security that are up to date with the latest known vulnerabilities and security updates.
RSFIREWALL FREE VERSION FEATURES:
- Free WordPress Firewall for your website
- Active protections against local file and remote file inclusion attacks
- SQL injection protections
- ReCAPTCHA for registration, login and commenting forms
- Filter uploaded files for possible malware and improper extensions
- Active monitoring WordPress core files integrity
- Active monitoring for your own files
- XML-RPC blocking
- REST API blocking with proper exceptions that you can define
- Protect the wp-admin/ slug with an extra password
- Change the wp-admin/ slug into a custom one
- Disallow direct access to PHP files in (wp-content, wp-content/uploads, wp-includes) with proper exceptions that you can define
- Receive email notifications on detected threats
- Automatically block repeated offenders IP addresses
- Perform a System check (WordPress and server configuration checks)
- Disable the creation of new Administrator accounts
RSFIREWALL PAID VERSION FEATURES:
- Two Factor Authentication
- Country blocking
- Convert email addresses to images
- Protect forms from abusive IPs
- File integrity check
- Convert email addresses from plain text to images
- More control over the system check
- Whitelist blocked PHP files
- Protect admin users from changes
3rd Party services
RSFirewall! will compare the MD5 hash of files with the original ones from the WordPress installation package. If differences are found (ie files have been modified) RSFirewall! upon request can download the original files from the GitHub synchronised repository of WordPress:
https://github.com/WordPress/WordPress/
All connections are made with wp_remote_get and the following information will be sent along with the request:
Ìtumọ̀ Yorùbá: – WordPress version
Ìtumọ̀ Yorùbá: – WordPress user agent along with your WordPress website address
Ìtumọ̀ Yorùbá: – Your serverÌtumọ̀ Yorùbá: ’s IP address
Ìgbéwọlẹ̀
Upload the RSFirewall! plugin to your blog and activate it. Out of the box protection is supplied upon activation but itÌtumọ̀ Yorùbá: ’s always wise to check out the Configuration area to view all options available and perform a System Check to ensure your websiteÌtumọ̀ Yorùbá: ’s integrity.
Àwọn àgbéyẹ̀wò
Èbìbí 20, 2025
After WP update WP till 6.8, canÌtumọ̀ Yorùbá: ’t login to sites! My customers become angry! We use Pro version, paid for it. But after this bug, we uninstall from all sites!
Problem was solved!
Agẹmọ 25, 2022
IÌtumọ̀ Yorùbá: ’m the author of plugins and themes on envato for more than 10 years. experienced many malicious code incidents. i went looking for plugins to prevent and minimize the infection of malware, i was thinking to write security plugins but i found rsfirewall. ItÌtumọ̀ Yorùbá: ’s so great, it completely meets our requirements. This is a plugin that deserves 100 stars.
Bélú 3, 2021
Very good lightweight firewall. Other firewalls are cpu/memory intensive, but RSFirewall does a solid job and is feature rich.
Bélú 16, 2020
1 ìdáhùn
Now after last update, os ok 🙂
Igbe 7, 2020
Really, really good plugin, have been using it since Joomla days 😉
Àwọn Olùkópa & Olùgbéejáde
“RSFirewall!” jẹ́ ètò ìṣàmúlò orísun ṣíṣí sílẹ̀. Àwọn ènìyàn wọ̀nyí ti ṣe ìkópa sí plugin yìí.
Àwọn Olùkópa
Túmọ̀ “RSFirewall!” sí èdè rẹ.
Ṣe o nífẹ̀ẹ́ sí ìdàgbàsókè?
Ṣàwárí koodu, ṣàyẹ̀wò ibi ìpamọ́ SVN, tàbí ṣe àgbékalẹ̀ sí àkọsílẹ̀ ìdàgbàsókè nípasẹ̀ RSS.
Àkọsílẹ̀ àwọn àyípadà
1.1.47
- Added Ìtumọ̀ Yorùbá: – Support for the Google Safe Browsing V5 API.
1.1.46
- Fixed Ìtumọ̀ Yorùbá: – Referer was not properly escaped in the Threats page.
1.1.45
- Added Ìtumọ̀ Yorùbá: – Possibility to add multiple IP addresses at once (Bulk add IPs button) to the blocklist/safelist.
- Updated Ìtumọ̀ Yorùbá: – Can now set own DNS server for querying PBL in Firewall Configuration Ìtumọ̀ Yorùbá: – Active Scanner.
- Fixed Ìtumọ̀ Yorùbá: – Various PHP 8.4 compatibility improvements.
- Fixed Ìtumọ̀ Yorùbá: – Spamhaus PBL did not allow querying using default Cloudflare DNS, now attempting to use Open DNS as primary DNS.
1.1.44
- Fixed Ìtumọ̀ Yorùbá: – A request to update was incorrectly showing up even if you were running the latest version.
1.1.43
- Fixed Ìtumọ̀ Yorùbá: – System Check ‘View file contents’ would incorrectly allow reading files outside your WordPress root.
1.1.42
- Fixed Ìtumọ̀ Yorùbá: – Some translations were still not loaded correctly
1.1.41
- Fixed Ìtumọ̀ Yorùbá: – When using ‘Lockdown’ Ìtumọ̀ Yorùbá: – ‘Protect the following administrator users from any change’ and updating to WordPress 6.8, users would not be able to login due to changes in the WordPress hashing algorithm. To login, temporarily disable RSFirewall! by following the instructions at this page: https://www.rsjoomla.com/support/documentation/rsfirewall-wordpress/frequently-asked-questions/i-cannot-access-my-administration-section.html Ìtumọ̀ Yorùbá: – this will allow you to update RSFirewall! to the latest version and then reactivate it.
1.1.40
- Updated Ìtumọ̀ Yorùbá: – ‘RSS Feeds’ section has been removed since RSFirewall! is not a feed reader and there are plenty of dedicated tools for that.
- Fixed Ìtumọ̀ Yorùbá: – Translations were not loaded correctly (since WordPress 6.7 changes)
1.1.39
- Updated Ìtumọ̀ Yorùbá: – Database installation improvements
- Fixed Ìtumọ̀ Yorùbá: – In some cases duplicate hashes could be added to the database
1.1.38
- Updated Ìtumọ̀ Yorùbá: – Improved CIDR matches for IPv6.
- Fixed Ìtumọ̀ Yorùbá: – In some cases IPs were not blocklisted / safelisted
1.1.37
- Fixed Ìtumọ̀ Yorùbá: – In some cases the Pro version was updated to the Free one
1.1.36
- Fixed Ìtumọ̀ Yorùbá: – Locale loading hook triggered an error on WordPress versions older than 6.7
1.1.35
- Fixed Ìtumọ̀ Yorùbá: – WordPress 6.7 locale loading hook
1.1.34
- Fixed Ìtumọ̀ Yorùbá: – Some PHP 8.1+ compatibility improvements.
1.1.33
- Fixed Ìtumọ̀ Yorùbá: – In some cases the post types used by the firewall could not be permanently deleted.
- Fixed Ìtumọ̀ Yorùbá: – Some PHP 8.1+ compatibility improvements.
1.1.32
- Fixed Ìtumọ̀ Yorùbá: – Some PHP 8.1+ compatibility improvements.
1.1.31
- Added Ìtumọ̀ Yorùbá: – Button to empty the ‘Threats’ log.
1.1.30
- Fixed Ìtumọ̀ Yorùbá: – WP DB errors were showing up forcefully in other plugins.
- Fixed Ìtumọ̀ Yorùbá: – Some PHP 8 compatibility improvements.
1.1.29
- Fixed Ìtumọ̀ Yorùbá: – Sometimes the login didnÌtumọ̀ Yorùbá: ’t work properly with third-party plugins.
1.1.28
- Updated Ìtumọ̀ Yorùbá: – Capturing the backend password attempts.
1.1.27
- Fixed Ìtumọ̀ Yorùbá: – Filtering ‘Critical’ threats was not working.
1.1.26
- Fixed Ìtumọ̀ Yorùbá: – Sometimes a PHP error could occur when sending email alerts on newer versions of PHP.
1.1.25
- Fixed Ìtumọ̀ Yorùbá: – ‘Grab IP from Proxy Headers’ is now empty by default on installation. Please select the appropiate header if your hosting provider or reverse proxy does not reveal the connecting IP address in the REMOTE_ADDR variable.
1.1.24
- Fixed Ìtumọ̀ Yorùbá: – A PHP Warning could occur when grabbing the GeoIP location of the visitor.
1.1.23
- Fixed Ìtumọ̀ Yorùbá: – Display input for the Two Factor Authentication code.
1.1.22
- Fixed Ìtumọ̀ Yorùbá: – Ignore files counter.
- Fixed Ìtumọ̀ Yorùbá: – Bulk actions threats counter.
- Updated Ìtumọ̀ Yorùbá: – Malware hashes.
- Updated Ìtumọ̀ Yorùbá: – DNS Library.
1.1.21
- Fixed Ìtumọ̀ Yorùbá: – Some PHP 8 compatibilities.
1.1.20
- Fixed Ìtumọ̀ Yorùbá: – Email addresses were converted into images even in REST API calls.
1.1.19
- Added Ìtumọ̀ Yorùbá: – Ignored Hidden Files option that can be used to ignore hidden files (false positives) that start with dot on the System Check.
- Updated Ìtumọ̀ Yorùbá: – The System Check can now be run with Xdebug enabled by adjusting the xdebug.max_nesting_level directive.
- Updated Ìtumọ̀ Yorùbá: – Replaced references to lists as ‘Blocklist’ and ‘Safelist’.
1.1.18
- Fixed Ìtumọ̀ Yorùbá: – Files starting with a dot were not being downloaded during the System Check.
1.1.17
- Fixed Ìtumọ̀ Yorùbá: – Cached functions were not cleared correctly.
1.1.16
- Fixed Ìtumọ̀ Yorùbá: – Range and wildcard IPs were not working in the Blacklist/Whitelist section.
1.1.15
- Updated Ìtumọ̀ Yorùbá: – License key support for downloading the GeoIP Database from MaxMind.
1.1.14
- Fixed Ìtumọ̀ Yorùbá: – In some cases bulk blacklisting was not working.
1.1.13
- Fixed Ìtumọ̀ Yorùbá: – IPs could be added multiple times in Blacklist/Whitelist
1.1.12
- Added Ìtumọ̀ Yorùbá: – Google Web Risk API added as an alternative to the Google Safe Browsing API.
- Updated Ìtumọ̀ Yorùbá: – Choose which Google APIs to use during the System Check.
- Fixed Ìtumọ̀ Yorùbá: – Logout Redirect Link was not working.
1.1.11
- Fixed Ìtumọ̀ Yorùbá: – A Fatal Error (memory_limit reached) could occur in the Dashboard when there were too many threats blocked
- Fixed Ìtumọ̀ Yorùbá: – A PHP Notice could show up in the Dashboard area
1.1.10
- Fixed Ìtumọ̀ Yorùbá: – A wrong password in TFA could generate a PHP Fatal Error.
- Fixed Ìtumọ̀ Yorùbá: – In some cases the System Check would halt on the Safari browser.
1.1.9
- Added Ìtumọ̀ Yorùbá: – Possibility of disabling the plugin using a “.disabled” file in the plugin root directory.
1.1.8
- Fixed Ìtumọ̀ Yorùbá: – Check PHP version during activation and deactivate plugin if lower than 5.4.0.
1.1.7
- Added Ìtumọ̀ Yorùbá: – Google reCAPTCHA for comment and registration forms.
- Updated Ìtumọ̀ Yorùbá: – Country blocking is now using the GeoLite2 database.
1.1.6
- Fixed Ìtumọ̀ Yorùbá: – “Disable the creation of new Administrators” was throwing a 500 error in some cases.
1.1.5
- Updated Ìtumọ̀ Yorùbá: – Added a “Logout Redirect Link” for the backend password when the logout process redirects the user to the wp-login.php page.
- Updated Ìtumọ̀ Yorùbá: – Added an exception for the Backend Password so that login forms in frontend that trigger the login action in wp-login.php continue to work.
- Fixed Ìtumọ̀ Yorùbá: – “Disable the creation of new Administrators” from Lockdown in some cases did not work.
- Fixed Ìtumọ̀ Yorùbá: – 2FA could not be used with Email Authentication and Unique Codes when updating from older versions.
1.1.4
- Fixed Ìtumọ̀ Yorùbá: – Blacklisted IPs were shown an incorrect reason.
- Fixed Ìtumọ̀ Yorùbá: – Resolved MainWP compatibility issue.
1.1.3
- Updated Ìtumọ̀ Yorùbá: – IP address is now included in the subject of the email alerts.
- Updated Ìtumọ̀ Yorùbá: – Added the option “Use MD5 Signature DB” for the System Check.
- Updated Ìtumọ̀ Yorùbá: – Removed the buttons “Add New” from the Plugins and Themes pages for non administrator users.
- Updated Ìtumọ̀ Yorùbá: – Prevent the WP GDPR Compliance plugin vulnerability exploit for versions below 1.4.3.
- Updated Ìtumọ̀ Yorùbá: – Added the System Check step “Checking administrator users for compromised accounts”.
- Updated Ìtumọ̀ Yorùbá: – Added some exceptions for Malware checking on files that should not be there.
- Fixed Ìtumọ̀ Yorùbá: – Table Views are no longer checked in the Database Check because they will halt the scan.
- Fixed Ìtumọ̀ Yorùbá: – Disable access to the WordPress Plugins and Themes installer for non administrator users.
- Fixed Ìtumọ̀ Yorùbá: – Remote file inclusion is now checking for both www and non-www domains of current website so it doesnÌtumọ̀ Yorùbá: ’t trigger false positives.
1.1.2
- Fixed Ìtumọ̀ Yorùbá: – Skipped the step “Checking if your website is blacklisted” from System Check if the server IP address is not available.
1.1.1
- Added Ìtumọ̀ Yorùbá: – New signature that checks for all “eval()” instances in the File Integrity check.
- Added Ìtumọ̀ Yorùbá: – A Tooltip on the Threats list with the Country name on the IP of each listing, when using the GeoIP.
- Fixed Ìtumọ̀ Yorùbá: – Backend Password login screen was showing up on logout process stopping it in some cases.
1.1.0
- Added Ìtumọ̀ Yorùbá: – Two Factor Authentication security feature.
- Added Ìtumọ̀ Yorùbá: – Accept Changes for the Quick actions in the RSFirewall! dashboard.
- Added Ìtumọ̀ Yorùbá: – Checks for files that are not supposed to be on the installation.
- Fixed Ìtumọ̀ Yorùbá: – Accept Changes for the core files in the System Check wasnÌtumọ̀ Yorùbá: ’t working correctly.
- Fixed Ìtumọ̀ Yorùbá: – “Upload license code from the configuration.json” option was not taken in consideration.
- Fixed Ìtumọ̀ Yorùbá: – Backend password login screen was showing up on AJAX requests from the frontend.
1.0.6
- Added Ìtumọ̀ Yorùbá: – The Configuration area can be accessed directly through the Plugins area.
- Fixed Ìtumọ̀ Yorùbá: – GeoIP files were not being downloaded in the Country Blocking area.
1.0.5
- Fixed Ìtumọ̀ Yorùbá: – Incorrect WordPress core files were scanned in the Quick Actions.
- Fixed Ìtumọ̀ Yorùbá: – On Windows servers the file paths would not appear correctly in the Dashboard and Threats areas.
1.0.4
- Fixed Ìtumọ̀ Yorùbá: – Some tables were missing when installing the plugin.
- Fixed Ìtumọ̀ Yorùbá: – Left side plugin menu was not translated.
- Fixed Ìtumọ̀ Yorùbá: – Some options were incorrectly appearing as selected.
- Fixed Ìtumọ̀ Yorùbá: – Some signatures were missing from the database.
1.0.3
- Fixed Ìtumọ̀ Yorùbá: – Configuration page was throwing an error when using a language other than English.
- Fixed Ìtumọ̀ Yorùbá: – Some strings were untranslated.
1.0.2
- Fixed Ìtumọ̀ Yorùbá: – An SQL error would show up in the Threats section.
1.0.1
- Fixed Ìtumọ̀ Yorùbá: – A Javascript error was preventing the System Check from completing on Mac Safari.
- Fixed Ìtumọ̀ Yorùbá: – Frontend logins are now being monitored as well.
1.0.0
- Initial release