Website security has been and always will be the biggest concern for anyone who even runs a single site. Hackers have gotten very smart over the years, and so has the companies which try to prevent them from accomplishing their malicious tasks.
Sadly the situation is not any different for WordPress powered websites as well. Lots of sites get attacked or hacked every day due to poor security and absence of an application firewall. But all of this can be avoided if a website has a layer of a firewall to check the incoming requests.
Lucky for us, there are a lot of website security companies that are working around the clock to keep our sites safe and secure from security attacks. SiteLock — a Website Security Company — is one of the prominent names when it comes to site security.
SiteLock has a bunch of different tools to make sure that your site security is airtight. TrueShield Web Application Firewall is one of these tools. It allows you to create a firewall around your site so that it can scan the traffic coming towards your website and make sure that it is secure.
Today I am super excited to share how TrueShield can help keep your WordPress site safe and sound from the brutal attacks. So let’s get started 🤘
🔰 TrueShield™ by SiteLock®
For those who are not familiar with SiteLock, then it is one of the fastest growing website security company. Neill Feather — President & CEO SiteLock — and Scott Lovell started it back in 2008 as a secret project because both of them were working fulltime at the time. They kept it a secret for the next three years.
By 2013, the company had grown to 40 team members with over 980,000 customers with an office in Scottsdale, Arizona. In 2015, SiteLock started a dedicated website called The District to embrace and support the open source WordPress community. You can get to know more about their history over here.
SiteLock offers cloud-based website protection, tools to find and fix threats, and prevent future attacks on your website. It currently protects over 12 million websites around the globe.
Folks at SiteLock actively participate and speak at WordCamps around the globe to support their love for the open source & WordPress. The efforts of Adam Warner — Open Source Community Manager — and Jamie Schmid — WordPress Evangelist are especially noteworthy in this regard.
TrueShield by SiteLock is a web application firewall which deals with the incoming traffic of your website. It helps you to
- 💻 Learn the source of blocked attacks against your website.
- 🙋🏻♂️ Differentiates between human & bot traffic visiting your site.
- 🔰 Protect your site against malicious traffic and harmful requests.
- 👊 Keeps your website safe and secure from bots and targeted attacks.
🚀 Getting Started with TrueShield™
TrueShield is pretty easy to set up with your WordPress website. But before we get started, you need to add SiteLock to your site. You can read more about it in our previous SiteLock review. Now all you need to do is to purchase a plan of TrueShield from SiteLock.
→ Step #1
After you have purchased a plan for TrueShield, log-in to the dashboard of SiteLock. Here, a pop-up will appear asking you to configure TrueShield for your WordPress website. Click on the Configure button to start the process.
→ Step #2
You will be redirected to the TrueShield Wizard to configure the firewall. In the first step of this wizard, you need to add a TXT record to the DNS records of your website so that TrueShield can validate the ownership of your domain.
Once you have added the record, it will take a few hours to propagate so you will need to wait until the validation is complete. You also have the option of adding your SSL certificate to your website.
→ Step #3
When the domain verification step is complete, you can move on to the next step. Now you need to modify your DNS routing records — A and CNAME to be precise — to route your traffic through SiteLock’s CDN.
If you don’t know to make these changes, click on the Instructions button and it will download a PDF document which contains all the help you need to modify the said records. Once the edited DNS records propagate, a green check icon will appear before instructions, and then you can move to the last step.
→ Step #4
Now that you have successfully configured TrueShield for your website, you can also place a Trust Seal on your site linking your website to SiteLock verification page. This step is not necessary though, and you can skip it if you want.
But if you want to, then go ahead and click on Begin Trust Seal Installation link to start the process. It will ask you a few details like language, color, size, style, and whether or not to display your contact information. In the end, it will give you a simple HTML snippet to place on your site.
👊 That’s about it. You have successfully configured TrueShield for your website in four simple steps.
🎨 TrueShield Features
TrueShield, web application firewall, comes with a lot of features. Let’s quickly take a peek at these.
🔥 Protection Against Top Ten Online Threats
OWASP — Open Web Application Security Project — has a list of top ten online threats that can cause damage to your website. TrueShield, web application firewall, protects your site against these threats. Here is the list of these threats.
- 1️⃣ SQL Injection
- 2️⃣ Security Misconfiguration
- 3️⃣ Cross-Site Scripting
- 4️⃣ Insecure Direct Object References
- 5️⃣ Broken Authentication and Session Management
- 6️⃣ Sensitive Data Exposure
- 7️⃣ Missing Function Level Access Control
- 8️⃣ Cross-Site Request Forgery — CSRF
- 9️⃣ Using Components with Known Vulnerabilities
- 🔟 Unvalidated Redirects and Forwards
📊 Visitors Data Visualization
After configuring TrueShield with your WordPress site, go to the SiteLock dashboard and click on the TrueShield icon to view the details of your website’s visitors. This page contains the following charts and graphs.
- 📈 Visitor Statistics — A graph between the number of visitors and days of the month. It also differentiates human and bot visitors.
- 🇺🇸 Visitors by Country — A pie chart mapping the visitors of your site by country.
- 🖥 Visitors by Client — A pie chart mapping the visitors of your website by clients.
- 🌍 Word Map — As the name shows, it is a world map which highlights the countries from which your site is getting traffic.
- ⚡️ Cached Data — This bar graph differentiates the data served by the server v/s the data served from the cache in megabytes.
- 🏎 Cached Requests — This one visualizes the number of requests normally served v/s the number of requests served from the cache.
- 😈 Threats — This section lists all the threats blocked by TrueShield. Each threat contains the data related to it, for example, Type, IP, Country, Hits, Date, Entry Page, Client Application, etc.
🛡 Data Protection
The web application firewall by TrueShield can protect customer information and website database by blocking access to malicious traffic. It analyzes the incoming traffic and makes sure that any suspicious request which is requesting sensitive information never makes it to the site’s server.
💥 Prevent Common Hacks
TrueShield is programmed to detect commonly known hacks — for example, SQL Injection, Cross-Site Scripting, etc. — and prevent them from execution before they cause an issue for your website.
🔐 Block Backdoor Access
Hackers can access the files on your site by finding a backdoor into the server. TrueShield blocks backdoor access to your website files so that no one can view them insecurely. In this way, you can make sure that the code on your site’s files is safe and secure.
📜 Protect Published Content
Website scrapping is another way of stealing the published content on your website. Scrappers use HTTP protocol to send automated requests to your site and get publicly available content in return. TrueShield does not let the scrappers access the content of your website.
🚫 Block Spam Comments
Spammers are the ones who post unsolicited messages or comments on your website. All they need from you is to click on their stuff. But spamming is bad for business because you do not want irrelevant content on your site. TrueShield gives you the ability to block spam comments on your website.
💰 Pricing and Membership Discount
TrueShield is a premium product by SiteLock. Like SiteLock itself, there is no specific pricing for this product. You can get a custom quote from them — suited according to the needs of your website — by using the contact form on their site or by calling their security experts at 888.878.2417.
SiteLock is also one of the generous partners of WPCouple. They are offering an exclusive discount for the readers of WPCouple. You can use the coupon code WPCOUPLE25 to avail this discount. However, it must be redeemed over the phone because of some issues with the online purchase process at the moment.
🙌 Final Words
The protection which TrueShield offers is worth every penny. It allows you to be sure that the traffic on your website does not mean harm. In this way, you’re making it easier for your genuine customers to find your site while at the same time, making it hard for the malicious users to spot you.
Once you block access to the spammers and attackers, the performance of your website will also increase for your visitors. It is because your visitors will have more resources readily available to them.
Are you using TrueShield firewall already? Or are you thinking of deploying it to increase the security of your WordPress site? In any case, should you have any comments, feel free to leave them in the comments section below ↓
SUBSCRIBE TO DEVELOPERS TAKEAWAY!
A Premium Development Newsletter by TheDevCouple! What is TheDevTakeaway?