Support » Plugin: NinjaFirewall (WP Edition) - Advanced Security » 7G Firewall and NinjaFirewall together

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,
    To quote Nginx’s author: If you need .htaccess, you’re probably doing it wrong 🙂
    Except WordPress own rewrite rules for permalinks, avoid as much as you can to add anything else to your .htaccess (if you have root access, move them to your vhost config file and delete the .htaccess).
    FYI, every 100 lines of rewrite rules using regex will slow down your website by a factor of at least 200%+.

    Regarding security, NinjaFirewall will handle everything for you.

    jkling

    (@jkling)

    Your were very quick with your answer, though I had some time to study all settings of NinjaFirewall. As you say, I could not find anything, that screams for 7G.
    thx

    jkling

    (@jkling)

    😉

    ChriStef

    (@christef)

    Very good Question.

    So is there any conflict? Someone like me would like an extra layer of protection.

    jkling

    (@jkling)

    I am using NJFW for about 3 years on many wordpress websites without any security problems. AFAIK 7G won’t raise a conflict, but it will be redundant.
    Do you mean just an additional tool or realy another layer? Where should this layer be placed.

    ChriStef

    (@christef)

    Yes as an additional tool the 7g setup. That’s very good news. Thanks for your insights.

    One more related I think question in using some rules like 7g. Is ninjafirewall only scan incoming php requests. I mean if a malicious requesting a static file like .js does it stop it and report it?

    Plugin Author nintechnet

    (@nintechnet)

    Requesting a static or JS file will not harm your server, so there’s no need to worry about that. Also JS is ran by your browser, not your webserver.

    ChriStef

    (@christef)

    Thank you for clarifying this.

    I’m thinking how to protect users from already compromised static files might served from my server?

    Plugin Author nintechnet

    (@nintechnet)

    A scanner like NinjaScanner will check them.
    But for a real-time protection, the NinjaFirewall HTTP response headers will help:
    * X-Frame-Options
    * X-XSS-Protection
    * Content-Security-Policy

Viewing 10 replies - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.