Our cloud-based Website Firewall (WAF) sits between your visitors and your server, filtering out malicious traffic before it ever reaches your site. We block SQL injection, cross-site scripting, brute-force attacks, and zero-day exploits — and update rules across the entire network within minutes of identifying a new threat.
How the firewall works
When a visitor types your URL, their request first goes to our global edge network — not your server. We inspect the request, check it against our rule set, and only forward it to your server if it passes. Malicious requests never touch your hosting.
This architecture has two big advantages: attacks consume our resources, not yours, and we can update protection instantly across every site on the grid without you needing to do anything.
What we block
- SQL injection — attempts to read or modify your database through crafted query strings
- Cross-site scripting (XSS) — malicious scripts injected through forms, URL parameters, or comments
- Remote code execution — exploit attempts targeting WordPress core, plugins, or themes
- Brute-force attacks — repeated login attempts from bots trying password lists
- File upload exploits — attempts to upload shells, malware, or backdoors
- XML-RPC abuse — request floods designed to overwhelm WordPress endpoints
- Zero-day exploits — emerging attacks blocked via virtual patches
No configuration required
The firewall is fully managed, requires no server configuration, and works with any hosting provider. After you connect your site, our rule set deploys automatically — and updates continuously without any action from you.
Performance, not just protection
Because the firewall lives on a global CDN, requests from your visitors are served from the nearest edge node — meaning the average page load is actually faster after enabling protection, not slower.
We also handle HTTP/2 and HTTP/3 termination, image optimization, and intelligent caching at no extra cost.