A new set of API endpoints is now available for customizing the outbound firewall rules for sites on the WP Cloud platform. Clients can now allow individual sites to access external databases, SSH/SFTP, and other services that were previously blocked.
To add a firewall rule:
curl -H 'Auth: API_AUTH_TOKEN' -X POST \
--data "direction=egress" \
--data "protocol=tcp" \
--data "port=3306" \
--data "destination=10.20.30.40/32" \
https://atomic-api.wordpress.com/api/v1.0/firewall-rules/example.com/add
List existing rules:
curl -H 'Auth: API_AUTH_TOKEN' -X GET \
https://atomic-api.wordpress.com/api/v1.0/firewall-rules/example.com/list
Remove a rule by its ID:
curl -H 'Auth: API_AUTH_TOKEN' -X POST \
--data "rule_id=2368992788" \
https://atomic-api.wordpress.com/api/v1.0/firewall-rules/example.com/remove
This is an early preview of the firewall feature for sites hosted on WP Cloud.
- Rules may be added, listed, and removed via the
firewall-rulesendpoints. - Rules are limited to 128 per site.
- When setting a rule, the request must include a protocol (TCP or UDP), port, and destination IP address or CIDR range.
- To open a port to all IPs,
0.0.0.0/0is supported. This may be used in situations where a destination IP or range may change. - Rules are tied to a site’s Atomic Site ID and will carry over to other instances via site clones (when using
clone_from), API-driven backup restores (restore_from), geographic failovers, and other platform pool changes. Rules attached to a specific Atomic Site ID are automatically deleted with the site is deleted.
For more details, refer to the API documentation. If you have any feedback, please reach out through our usual support channels.