What is a whitelist?
A whitelist, also known as an allowlist, is a list of trusted sources or objects such as IP addresses, users, and applications, among others. Whitelists effectively create a blanket access restriction with whatever makes it to the whitelist being exempt from the restrictions in place.
Whitelisting is a strategy that locks down access completely and then makes exemptions to the trusted objects and sources. This works in the opposite way to a blacklist, which grants access to everything and then blocks untrusted sources and objects.
How do whitelists work?
Whitelists are lists of trusted sources and objects. Systems and software that support and use whitelists, such as firewalls and WordPress security plugins, will consult the whitelist whenever access is requested and only grant access to sources and objects listed there.
Whitelists are congruent with the principle of least privilege, which starts from denying access to everyone and then granting access as required. Because of this, it tends to be more secure and far easier to manage than blacklists.
The benefits of whitelisting
Whitelists can be very useful when you know who should be accessing a specific resource, for example, which of your employees should have access to your WordPress website dashboard. In such cases, you should be able to block access to everyone, except those people who are authorized.
In scenarios where access should be granted by default, such as websites, whitelists are counterintuitive. In such cases, a blacklist might be a better solution since by default it allows rather than restricts access.
