A web application firewall (WAF) is a service that monitors data transfer traffic to and from a web service. It prevents unauthorized software from accessing the network and potentially injecting malware or leaking sensitive information.
There are two types of WAF currently available for WordPress websites.
A cloud-based firewall operates at the server level and monitors your hosting infrastructure. It only allows legitimate traffic and blocks any malicious requests coming to your WordPress site before they reach the webserver.
Aside from enhancing WordPress security, a cloud-based firewall also helps reduce the load of your WordPress hosting and can potentially improve its availability. Therefore, these firewalls are often considered a primary option.
Another WAF type to consider is the plugin-based firewall. As the name suggests, this WAF type comes as a plugin that is installed on your WordPress site. Unlike the cloud-based option, these firewalls examine traffic and requests once it reaches the server, but before loading most WordPress scripts.
Which WAF type to choose depends on your needs and preferences, since these two options offer different capabilities and pricing models. There are numerous brands offering different WAF types, which means WordPress users have many options.
Some popular WAF brands for WordPress sites include Sucuri, Cloudflare, and Wordfence.