Setting Up SafeLine WAF for WordPress Security

WordPress powers over 40% of websites globally, making it a prime target for hackers. To protect your WordPress site from malicious traffic, SQL
injection, XSS attacks, and bot abuse, you can deploy SafeLine WAF as a reverse proxy in front of your web server.

This guide will walk you through setting up SafeLine WAF for WordPress security with a practical, hands-on approach.

1. Prerequisites

Before you begin, ensure you have:

• A WordPress site running (e.g., on Apache or Nginx).
• A server or VPS where SafeLine WAF will be installed (can be the same or different from your WordPress host).
• Docker and Docker Compose installed.
• Root or sudo access to your SafeLine server.

---

2. Installing SafeLine WAF

Step 1 — Download and Start SafeLine

Deployment Guide: https://docs.waf.chaitin.com/en/GetStarted/Deploy

Use the following command to start the automated installation of SafeLine. (This process requires root privileges)

bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/manager.sh)" -- --en

After the command is executed, it means the installation is successfully.

Step 2 — Access the Management Console

Once SafeLine is running, open your browser and go to:

https://<Your_SafeLine_Server_IP>:9443

docker exec safeline-mgt resetadmin

After the command is successfully executed, you will see the following content:

[SafeLine] Initial username：admin
[SafeLine] Initial password：**********
[SafeLine] Done

---

3. Adding Your WordPress Site

In the SafeLine dashboard:

1. Navigate to Applications → Add Application.
2. Enter your WordPress domain name.
3. Set the Upstream Server to the IP and port where your WordPress site is hosted.
4. For secure connections, enable HTTPS and either:
   • Use Let’s Encrypt to auto-generate a certificate.
   • Upload your own SSL certificate.
5. Save the configuration.

SafeLine will now sit between the internet and your WordPress site, filtering traffic.

---

4. Updating DNS

To route traffic through SafeLine:

1. Log in to your DNS provider (e.g., Cloudflare, GoDaddy, Namecheap).
2. Update your domain’s A record to point to your SafeLine server’s public IP.
3. Wait for DNS propagation (usually 5–30 minutes).

---

6. Configuring WordPress for Proxy Headers

Since SafeLine acts as a reverse proxy, you must ensure WordPress correctly detects visitor IPs.

This ensures WordPress logs real IP addresses instead of SafeLine’s IP.

---

7. Testing the Setup

Once everything is configured:

• Visit your WordPress site and confirm it loads correctly.
• Check SafeLine’s Logs section to see requests being filtered.
• Try simulating an attack (e.g., a SQL injection attempt like ?id=1' OR '1'='1) — it should be blocked.

---

8. Additional Protection for WordPress

Inside SafeLine, enable:

• Bot Protection to block malicious bots and scrapers.
• Rate Limiting to prevent brute-force login attempts.
• Geo Blocking if you want to restrict access from certain countries.

---

9. Keeping SafeLine Updated

To update SafeLine:

Back up your SafeLine data first:

cd <safeline-directory>
docker compose down
cp -r <safeline-directory> <backup-path>
docker compose up -d

Use the following command to upgrade your SafeLine:

bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/manager.sh)" -- --en

Check the SafeLine Changelog for update details: https://docs.waf.chaitin.com/en/GetStarted/Upgrade

---

Conclusion

By placing SafeLine WAF in front of your WordPress site, you add a strong layer of defense against common web threats.

With proper DNS, SSL, and proxy configuration, you can significantly reduce the risk of attacks while maintaining fast performance.

Next Step: Monitor logs, fine-tune rules, and keep both SafeLine and WordPress updated for maximum protection.

Resources

SafeLine Website: https://ly.safepoint.cloud/ShZAy9x
Live Demo: https://demo.waf.chaitin.com:9443/statistics
Discord: https://discord.gg/dy3JT7dkmY
Doc: https://docs.waf.chaitin.com/en/home
Github: https://github.com/chaitin/SafeLine