wordpress插件_6个最佳WordPress防火墙插件比较

wordpress插件

Are you looking for the best WordPress firewall plugin for your website? WordPress firewall plugins protect your website against hacking, brute force and distributed denial of service (DDoS) attacks. In this article, we will compare the best WordPress firewall plugins, and how they stack up against each other.

您是否正在寻找适合您网站的最佳WordPress防火墙插件？ WordPress防火墙插件可保护您的网站免受黑客攻击，暴力破解和分布式拒绝服务(DDoS)攻击。 在本文中，我们将比较最好的WordPress防火墙插件，以及它们如何相互堆叠。

什么是WordPress防火墙插件？ (What is a WordPress Firewall Plugin?)

A WordPress firewall plugin (also known as web application firewall or WAF), acts as a shield between your website and all incoming traffic. These web application firewalls monitor your website traffic and blocks many common security threats before they reach your WordPress site.

WordPress防火墙插件(也称为Web应用程序防火墙或WAF)充当网站和所有传入流量之间的屏蔽。 这些Web应用程序防火墙监视您的网站流量，并在它们到达WordPress网站之前阻止许多常见的安全威胁。

Aside from significantly improving your WordPress security, often these web application firewalls also speed up your website and boost performance.

除了可以显着提高WordPress的安全性外 ，这些Web应用程序防火墙通常还可以加速您的网站并提高性能。

There are two common types of WordPress firewall plugins available.

有两种常见的WordPress防火墙插件类型。

DNS Level Website Firewall – These firewall route your website traffic through their cloud proxy servers. This allows them to only send genuine traffic to your web server.

DNS级网站防火墙 –这些防火墙通过其云代理服务器路由您的网站流量。 这使他们只能将真正的流量发送到您的Web服务器。

Application Level Firewall – These firewall plugins examine the traffic once it reaches your server but before loading most WordPress scripts. This method is not as efficient as DNS level firewall in reducing the server load.

应用程序级防火墙 –这些防火墙插件会在流量到达您的服务器后但在加载大多数WordPress脚本之前检查流量。 在减少服务器负载方面，此方法不如DNS级别防火墙有效。

We recommend using a DNS level firewall because they are exceptionally good at identifying genuine website traffic vs bad requests.

我们建议使用DNS级别的防火墙，因为它们特别擅长识别真实的网站流量和错误的请求。

They do that by tracking thousands of websites, comparing trends, looking for botnets, known bad IPs, and blocking traffic to pages that your users would normally never request.

他们通过跟踪成千上万个网站，比较趋势，查找僵尸网络，已知的错误IP并阻止对用户通常永远不会请求的页面的访问来做到这一点。

Not to mention, DNS level website firewalls significantly reduce the load on your WordPress hosting server which makes sure that your website does not go down.

更不用说，DNS级别的网站防火墙可以大大减少WordPress托管服务器上的负载，从而确保您的网站不会崩溃。

Having said that, let’s take a look at the best WordPress firewall plugins that you can use to protect your website.

话虽如此，让我们看一下可以用来保护网站的最佳WordPress防火墙插件。

1. Sucuri (1. Sucuri)

Sucuri is the leading website security company for WordPress. They offer DNS level firewall, intrusion and brute force prevention, as well as malware and blacklist removal services.

Sucuri是WordPress的领先网站安全公司。 他们提供DNS级别的防火墙，入侵和暴力预防以及恶意软件和黑名单删除服务。

All your website traffic goes through their cloudproxy servers where each request is scanned. Legitimate traffic is allowed to pass through, and all malicious requests are blocked.

您的所有网站流量都通过其cloudproxy服务器进行扫描，在该服务器中扫描每个请求。 允许合法流量通过，所有恶意请求均被阻止。

Sucuri also improves your website’s performance by reducing server load through caching optimization, website acceleration, and Anycast CDN (all included). It protects your website against SQL Injections, XSS, RCE, RFU and all known-attacks.

Sucuri还通过缓存优化，网站加速和Anycast CDN(均包括在内)来减少服务器负载，从而提高了网站的性能。 它可以保护您的网站免受SQL注入，XSS，RCE，RFU和所有已知攻击的侵害。

Setting up their WAF is quite easy. You will need to add a DNS A record to your domain and point them to Sucuri’s cloudproxy instead of your website.

设置他们的WAF非常容易。 您需要将DNS A记录添加到您的域，并将它们指向Sucuri的cloudproxy而不是您的网站。

At WPBeginner, we use Sucuri to improve our WordPress security. See how how Sucuri helped us block 450,000 WordPress attacks in 3months.

在WPBeginner，我们使用Sucuri来提高WordPress的安全性。 了解Sucuri如何帮助我们在3个月内阻止450,000次WordPress攻击 。

Pricing: Starting from $199.99/year billed annually.

定价：每年$ 199.99美元起。

Grade: A+

成绩： A +

2. MaxCDN(StackPath) (2. MaxCDN (StackPath))

MaxCDN (now part of StackPath family) is one of the leading CDN security and web application firewall provider in the industry. Their robust platform by default adds Layer 3 and 4 DDoS protection on all plans.

MaxCDN (现StackPath家族的一部分)是业界领先的CDN安全和Web应用防火墙提供商之一。 他们强大的平台默认情况下在所有计划上都添加了第3层和第4层DDoS保护。

The StackPath WAF adds Layer 7 DDoS protection to the domains under its protection. Similar to Sucuri, this is a DNS level firewall which not only helps you speed up your website, but it also protects you from malicious attacks.

StackPath WAF将第7层DDoS保护添加到受其保护的域中。 与Sucuri相似，这是一个DNS级别的防火墙，不仅可以帮助您加快网站速度，而且还可以保护您免受恶意攻击。

StackPath does not offer application level firewall because they do not have a WordPress plugin which is why they’re #2 in our list after Sucuri. However their plans are more affordable and featured-packed for small businesses compared to Cloudflare (our #3 ranked provider).

StackPath不提供应用程序级防火墙，因为它们没有WordPress插件，这就是为什么它们在Sucuri之后在我们列表中排名第二。 但是，与Cloudflare(我们排名第三的提供商)相比，他们的计划更适合小型企业，并且价格实惠且功能齐全。

Pricing: They offer a 1 month free trial and after that pricing starts at $20 per month which is sufficient for most small business WordPress websites.

定价：他们提供1个月的免费试用期，之后的起价为每月20美元，对于大多数小型WordPress网站而言已经足够了。

Grade: A

成绩： A

3. Cloudflare (3. Cloudflare)

Cloudflare is best known for their free CDN service which includes basic DDoS protection as well. However, their free plan doesn’t include website application firewall. For WAF you will need to signup for their Pro plan.

Cloudflare以其免费CDN服务而闻名，该服务还包括基本的DDoS保护。 但是，他们的免费计划不包括网站应用程序防火墙。 对于WAF，您需要注册其Pro计划。

Cloudflare is also a DNS level firewall which means your traffic goes through their network. This improves performance of your website and reduces downtime in case of unusually high traffic.

Cloudflare还是DNS级别的防火墙，这意味着您的流量会通过其网络。 如果流量异常高，这可以提高网站的性能并减少停机时间。

The Pro plan only includes DDoS protection against layer 3 attacks. For protection against advanced DDoS layer 5 and 7 attacks, you will need at least their business plan.

Pro计划仅包括针对第3层攻击的DDoS保护。 为了防御高级DDoS 5层和7层攻击，您至少需要他们的业务计划。

Cloudflare has its pros, which include CDN, caching, and a larger network of servers. The downside is that they do not offer application level security scans, malware protection, blacklist removal, security notifications and alerts. They also do not monitor your WordPress site for file changes and other common WordPress security threats.

Cloudflare有其优点，包括CDN，缓存和更大的服务器网络。 缺点是它们不提供应用程序级别的安全扫描，恶意软件防护，黑名单删除，安全通知和警报。 他们也不会监视WordPress网站中的文件更改和其他常见的WordPress安全威胁。

For more details see our comparison of Sucuri vs Cloudflare.

有关更多详细信息，请参见我们对Sucuri和Cloudflare的比较 。

Pricing: Starting from $20/month for Pro plan and $200/month for Business.

定价： Pro计划的每月费用为$ 20，Business的费用为每月$ 200。

Grade: A-

成绩： A-

4. Wordfence安全 (4. Wordfence Security)

Wordfence is a popular WordPress security plugin with a built-in website application firewall. It monitors your WordPress site for malware, file changes, SQL injections, and more. It also protects your website against DDoS and brute force attacks.

Wordfence是一个流行的WordPress安全插件，带有内置的网站应用程序防火墙。 它监视您的WordPress网站是否存在恶意软件，文件更改，SQL注入等。 它还可以保护您的网站免受DDoS和暴力攻击。

Wordfence is an application level firewall which means that firewall is triggered on your server and bad traffic is blocked after it reaches your server but before loading your website.

Wordfence是一种应用程序级别的防火墙，这意味着在您的服务器上触发了防火墙，并且在到达您的服务器之后但在加载网站之前阻止了不良流量。

This is not the most efficient way to block attacks. Large number of bad requests will still increase load on your server. Because it’s an application level firewall, WordPress does not come with a content delivery network (CDN).

这不是阻止攻击的最有效方法。 大量错误请求仍然会增加服务器的负载。 由于它是应用程序级防火墙，因此WordPress并未附带内容分发网络(CDN)。

Wordfence comes with on-demand security scans as well as scheduled scans. It also allows you to manually monitor traffic and block suspicious looking IPs directly from your WordPress admin area.

Wordfence随附了按需安全扫描和计划扫描。 它还允许您直接从WordPress管理区域手动监视流量并阻止可疑IP。

To learn more about Wordfence, see our guide on how to install and setup Wordfence security in WordPress.

要了解有关Wordfence的更多信息，请参阅有关如何在WordPress中安装和设置Wordfence安全性的指南。

To get their sophisticated application level firewall, you really need the Premium version.

要获得其复杂的应用程序级防火墙，您确实需要高级版本。

Pricing Basic plugin is Free. Premium version pricing starts from $99/year for a single site license.

定价基本插件是免费的。 高级版本的价格从单个站点许可证的每年99美元起。

Grade: B+

年级： B +

5.喷气背包 (5. Jetpack)

Jetpack is a popular WordPress plugin that comes with a suite of features including WordPress security and backups. Similar to WordFence, Jetpack is an application level firewall which means that bad traffic is blocked after it reaches your WordPress hosting server.

Jetpack是一个流行的WordPress插件，带有包括WordPress安全性和备份在内的一系列功能。 与WordFence相似，Jetpack是一种应用程序级防火墙，这意味着恶意流量在到达WordPress托管服务器后将被阻止。

Their free plan offers very basic brute force protection and downtime monitoring. You will have to upgrade to at least the Personal plan to unlock daily automated backups and automated spam filtering.

他们的免费计划提供了非常基本的暴力保护和停机监控。 您必须至少升级到“个人”计划才能解锁每日自动备份和自动垃圾邮件过滤功能。

However to truly unlock the automated malware scanning and security fixes which is what providers like Sucuri offer, you will have to be on Jetpack professional plan.

但是，要真正解锁自动的恶意软件扫描和安全修复程序(像Sucuri这样的提供程序提供的功能)，您将必须采用Jetpack专业计划。

Since Jetpack offers a large suite of features, the price tag makes it a very affordable option. However for a true security firewall, you’re better off going with Sucuri or MaxCDN.

由于Jetpack提供了大量功能，因此价格标签使其成为非常实惠的选择。 然而，对于一个真正的安全防火墙，你最好用Sucuri或去MaxCDN 。

Pricing: Basic plugin is free. Personal plan costs $39 / yr and Professional plan costs $299 / yr.

定价：基本插件是免费的。 个人计划的费用为每年$ 39，专业计划的费用为每年$ 299。

Grade: B

成绩： B

6.防弹安全 (6. BulletProof Security)

BulletProof security is another popular WordPress security plugin. It comes with a built-in application level firewall, login security, database backup, maintenance mode, and several security tweaks to protect your website.

BulletProof安全是另一个流行的WordPress安全插件。 它带有内置的应用程序级防火墙，登录安全性，数据库备份，维护模式以及一些安全性调整措施，以保护您的网站。

BulletProof security does not offer a very good user experience and many beginners may have difficulty understanding what to do. It does come with a setup wizard that automatically updates your WordPress .htaccess files and enables firewall protection.

BulletProof安全性不能提供很好的用户体验，许多初学者可能很难理解该怎么做。 它的确带有安装向导，该向导会自动更新WordPress .htaccess文件并启用防火墙保护。

It does not have a file scanner to check for malicious code on your website. The paid version of the plugin offers extra features to monitor for intrusion and malicious files in your WordPress uploads folder.

它没有文件扫描程序来检查您网站上的恶意代码。 付费版本的插件提供了额外的功能，可以监视WordPress上传文件夹中的入侵和恶意文件。

Pricing: Free basic plugin. Pro version costs $59.95 for unlimited sites and lifetime support.

定价：免费的基本插件。 专业版的无限站点和终身支持费用为59.95美元。

Grade: C

年级： C

结论 (Conclusion)

After careful comparison of all these popular WordPress firewall plugins, we believe that Sucuri is undoubtedly the best firewall protection you can get for your WordPress site.

在对所有这些流行的WordPress防火墙插件进行仔细比较之后，我们相信Sucuri无疑是您可以为WordPress网站获得的最佳防火墙保护。

It is the best DNS level firewall with the most comprehensive security features to give you complete peace of mind. On top of that, the performance boost that you get from their CDN is very impressive.

它是具有最佳安全性的最佳DNS级别防火墙，可让您完全放心。 最重要的是，您从他们的CDN获得的性能提升非常令人印象深刻。

MaxCDN (StackPath) would be a close second in our list for the price and value it offers.

就其价格和价值而言， MaxCDN(StackPath)将在我们的列表中排名第二。

We hope this article helped you find the best WordPress firewall plugin for your website. You may also want to see our ultimate step by step WordPress security guide for beginners.

我们希望本文能帮助您找到适合您网站的最佳WordPress防火墙插件。 您可能还想看看我们针对初学者的终极逐步WordPress安全指南 。

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

如果您喜欢这篇文章，请订阅我们的YouTube频道 WordPress视频教程。 您也可以在Twitter和Facebook上找到我们。

翻译自: https://www.wpbeginner.com/plugins/best-wordpress-firewall-plugins-compared/

wordpress插件