A systems administrator here. I've been using we application firewalls to protect websites, but I see a lot of webmasters still preferring to rely on plugins, etc. to keep their sites secure.
I feel wide spread attacks such as the recent GuruIncSite infection attacks are best blocked through a firewall.
What's your opinion? Which tools do you use?