WAF stands for Web Application Firewall.


What is a WAF (Web Application Firewall)?

WAF is a generic term for software installed on the server side to prevent hacker attacks. Nowadays, individuals and others own (or can own) websites, so the importance of improving site security through WAFs is becoming more and more recognized not only by large corporations, but also at the individual level.

Main Functions of WAF

There are currently a great number of WAFs that are useful for WordPress, both on your server side and in security plug-ins.
The main features of WAFs that are also useful for WordPress are as follows

1 Prohibit foreign access to wp-admin (admin function)
2 Protection of important WordPress configuration files and prohibition of rewriting
3 Suppression of access via proxy (anonymous intermediary server)
4 Prohibition of program execution in upload folders
5 Monitoring and suppression of unauthorized code transmission
6 IP blocking function

etc.

Examples of Xserver’s WAF

Xserver and other rental servers also offer WAFs mainly specialized for WordPress as WordPress becomes more popular.

Dashboard Access Restrictions
XML-RPC API Access Restrictions
REST API Access Restrictions

and more are available.

Sakura Internet Server WAF Case Study

I see that a similar WAF is also provided by Sakura Internet Servers.

A WordPress plugin that functions just like a server-side WAF

Most of the server WAF features described above are also available in WordPress security plug-ins.
In addition, security plug-ins come with various WordPress-specific security features to prevent hacker attacks, so we recommend that you install one when you operate WordPress.

Examples of recommended WordPress security plugins

All-In-One Security (AIOS) – Security and Firewall
Wordfence Security
SiteGuard WP Plugin (made in Japan, specialized in login security)
WP Doctor WordPress: Malware Scanning and Security Plugin (Made in Japan)