The AIOS plugin logic is so smart that it determines whether the new firewall system is implemented or not.
If it is not implemented, it will show other admin notices for how to setup it up manually.
You will check the aios-firewall.php file that exists in the root folder to verify that the new firewall is working properly.
By default, this new firewall system has 6G rules. If you would like to disable it, go to Admin Dashboard > Firewall > 6G Blacklist Firewall Rules and untick the checkbox labelled as “Enable 6G Firewall Protection” and save it.
If you want to completely remove this new firewall system, deactivate the AIOS plugin and all files related to the new firewall system will be removed instantly.
Hi Prashant,
Thank you for your reply but my questions are not answered.
You mention the new firewall system is using the 6G rules, but according to the notification in the AIOWPS-dashboard the firewall system is PHP-based. The 6G rules are .htaccess-based.
What is correct?
According to your answer, I can disable the PHP-based firewall function by turning of the 6G rules in the dashboard. However, the 6G rules are already disabled in all of my WordPress-websites since almost two years. I am already using the 7G rules, which are more robust, and have added them as custom rules in the .htaccess-file.
At the same time I can see an aiowps-bootstrap.php-file in the root-directory of my WordPress isntallation and also some references to this file in the .htaccess-file in the same directory.
So my conclusion is now that the PHP-based firewall is still actie (the aiowps-bootstrap.php-file exists), but the 6G rules aren’t (they are .htaccess-rule based and do no appear in the .htaccess-file).
So, again, please answer my questions:
1. Where can I find the settings for this PHP-based firewall functionality?
2. How can I disable this PHP-based firewall functionality?
And in addiiton:
3. What does this PHP-based firewall functionality add to this existing one?
Hi Tommy,
You are right the 6G firewall rules are htaccess based. For AIOS PHP-based firewall rules, we have converted them to PHP-based rules. The htaccess rules are working only on the apache server. In these days, other webservers like nginx, IIS and Litespeed are used too. so, this feature makes the AIOS plugin web server independent and portable. If our user needs to change the server in the future, the AIOS plugin should help to secure their site.
If the 6G firewall rules are disabled, then PHP-based firewalls do nothing. The PHP firewall without 6G rules is just an empty wrapper outside your WP site.
To disable and remove the PHP-based firewall, you should deactivate the plugin.
To disable PHP based firewall manually, please follow the below instructions:
1. Open the .htaccess file and remove the all code wrapped between # Begin AIOWPSEC Firewall
and # End AIOWPSEC Firewall
2. Remove the aios-firewall.php file from the root folder
In the future, we will implement 7G firewall rules in PHP based firewall.
For expert users like you, We will make a setting an option to disable PHP based firewall in a future release. We have also planned to give the dismiss link on the PHP-based firewall admin notice.
Thank you very much for your feedback.
That would be great, thanks!