Support Home > Security > Jetpack Firewall in the Jetpack Protect Plugin

Jetpack Firewall in the Jetpack Protect Plugin

Jetpack Firewall examines incoming traffic to your site and decides to allow or block it based on various rules. This adds an important layer of protection to your site, particularly when attackers actively exploit unpatched vulnerabilities. 

The Firewall Premium features require a connection to a WordPress.com account and a plan that has a Scan feature, like Jetpack Security, Jetpack Complete, or Jetpack Scan, to allow or block incoming traffic based on various rules.

Activate Jetpack Firewall

1. Install and activate the Jetpack Protect plugin. 

2. Once activated, you can select either a paid or a free plan:

After activating the plugin, you choose between the paid and free plans.

The free plan allows manual rules only to be used, providing the ability to block or allow specific IP addresses from accessing your site. The paid plan offers automatic firewall rules that identify and block harmful requests. 

3. After choosing a plan, you will be redirected to the Jetpack Protect page and see the first scan started:

Upon choosing the plan, Jetpack Protect will initiate the initial scan for your website.

4. To access Jetpack Firewall settings, you can click the Firewall tab inside the Protect settings page, or navigate to Jetpack → Protect.

The free plan only allows for the use of manual rules and the automatic rules option is not activated.

With the free plan, automatic rules option is not accessible and only manual rules can be applied

Upgrading to a paid plan will enable the automatic rules:

With the paid plan, automatic rules are applied.

To add manual rules, use the toggle to turn on the feature. When enabled, an “Edit manual rules” button will be displayed on the right side. Click the button and a new modal will be displayed where manual rules can be edited. You can add IP addresses to your block / allow list by entering complete IP addresses, separated by commas. Adding IP ranges or IP addresses in CIDR notation is not currently supported. Once you’ve entered IP addresses into your block / allow list, click on Save Settings to save y your block / allow list.

Edit manual rules by adding specific IP addresses to the allow or block list.

Privacy Information

This feature is deactivated by default. However, when activated, you can deactivate the feature by visiting the Jetpack Protect dashboard and clicking the toggle in the firewall tab.

Data Used
Site Owners / Users and Site Visitors

This feature evaluates the incoming HTTP requests and blocks them if they’re considered malicious.
Activity Tracked
Site Owners / Users and Site Visitors

If the Share data with Jetpack checkbox is selected we track which rules caused a request to be blocked. We don’t track actual request data with this option.
Data synced and how it’s used (Read More)
Users:
Used in the authentication process for some of our APIs.

Themes:
Used to get the themes list that we should check against the WPScan API in the free version.

Plugins:
Used to get the plugins list that we should check against the WPScan API in the free version.

WordPress version:
Used to know which version we should check against the WPScan API in the free version.

For general features and FAQs, please see our Jetpack Security features.

  • Table Of Contents

  • Categories

  • Contact Us

    Need more help? Feel free to contact us.