Yesterday, we compared the claims the developer of WordPress security plugin BBQ Firewall makes about its protection to the reality of the very limited protection in provides. The developer of the plugin is also the developer of a set of .htaccess rewrite rules they refer to as the 7G Firewall. Like the BBQ Firewall, the developer makes claims it is a strong and powerful firewall (emphasis in the original):

7G is a lightweight (only 12KB) strong firewall that provides site security and peace of mind.

The 7G Firewall is a powerful, well-optimized set of rewrite rules that checks all URI requests against a set of carefully constructed Apache/.htaccess or Nginx directives.

It gives your site a super strong layer of protection at the server level.

To see how our own WordPress firewall plugin is doing compared to other plugins, we do automated testing to see if they provide protection against the same threats that our firewall blocks. As we noted in yesterday’s post, the BBQ Firewall currently only blocks 3.92% of the malicious requests. With a non-default setting turned on, it does a bit better, at 5.23%. We set things up so that we could test the 7G Firewall using that. The results were not much better, as it only blocked 9.8% of the requests. By comparison, the best competing firewall plugin, NinjaFirewall, blocks 35.9%.

So the 7G Firewall will not provide your website with much protection. This shouldn’t really be surprising, as .htaccess rewrite rules are going to be limited in what they can do, which the developer should understand, but apparently doesn’t.