RSFirewall! Configuration

The RSFirewall! Configuration panel is composed out of the following elements:

 
Country Blocking
  • Using this feature you can block all IPs that appear to be coming from specific countries. A country checkbox list will be shown for you to allow/disallow access.
  • The country blocking feature will not work unless you install a "GeoIP.dat" package, for a step by step tutorial regarding obtaining GeoIP.dat, please click here.
 
Backend Password

Prevents unwanted access to your WordPress installation by setting up an additional backend password.

  • Enable: Yes / No - set to Yes in order to enable this feature
  • Type password: Type in the desired password
  • Retype password: Retype the desired password for verification
Change Admin Slug
  • Enable Admin Slug: Yes / No - Use New Secure Admin URL Slug (ex: myadminlogin)
  • Text Slug: Enter the Slug that you want to use!(If the feature is enabled by default the used slug is "login")
 
System Check

Here you can find some some configurable options for the System Check:

  • Number of files/folders to check in a cycle: This is the number of files/folders to check in one cycle. If you set a higher value there's a good chance you will run out of memory and the System Check will not finish. Please use a lower value if you are experiencing issues. The default value is 300.
  • Ignore files and folders: During the System Check these folders and/or files will be ignored. Warning! If you select a folder, all its files and subfolders will be ignored as well. Files and folders can be added in the ignore list by clicking on the Open File Manager button which will open a modal in which you can browse through your website's file system.
  • Enable Logging: Set to Yes to enable debugging the System Check. The output will be added to WordPress log folder, in the rsfirewall.log file.
  • File Permissions: Defaulted to 644 but you can change this value should your server require other permissions. RSFirewall! will check your files for the permissions set here when running the System Check.
  • Folder Permissions: Defaulted to 755 but you can change this value should your server require other permissions. RSFirewall! will check your folders for the permissions set here when running the System Check.
  • Pause between requests (seconds): you can set up an interval, in seconds, between requests that are sent to the server when the System Check is being performed. This is useful if your hosting provider's server is too sensitive about these requests and regards you as an attacker.
  • Google Safe Browsing API Key: RSFirewall! checks your website against Google's constantly updated lists of suspected phishing, malware, and unwanted software pages. Generating this API key can be done as instructed here.
 
Active Scanner

Provides a configuration tool for the RSFirewall! Active scanner which actively protects your WordPress website, offering the following configurable options:

  • Enable / Disable Active Scanner
  • Enable Active Scanner in the administrator(backend) section: this is useful if you don't trust people that have access to your administration.
  • Log all blocked attempts: Set to Yes in order to log all blocked attempts. Use this option to identify false alerts on your website. Turn it off once you are done to make sure that automated attempts don't fill up your logs.
  • Convert email addresses from plain text to images
  • Grab IP from Proxy Headers: some servers are behind a proxy or firewall and will not provide the correct IP. If this is your case, contact the proxy provider and ask them through what header are they sending the real IP. Otherwise just leave these all checked by default and RSFirewall! will attempt to grab the IP by looking through all of them.
PHP Protections:
  • Local file inclusion - disallows directory traversal techniques that might allow an attacker to read sensitive files by exploiting poorly coded extensions.
  • Remote file inclusion - disallows attackers to download an run malicious scripts by exploiting poorly coded extensions
  • Enable protections for - Form data (POST) enables filtering for information submitted through forms (eg. article editing, user registration etc). While URL data (GET) enables filtering for variables that are located in the URL (eg. http://www.yoursite.com/index.php?option=com_test&parameter1=value1)
SQL Protections:
  • Enable protections for - Form data (POST) enables filtering for information submitted through forms (eg. article editing, user registration etc). While URL data (GET) enables filtering for variables that are located in the URL (eg. http://www.yoursite.com/index.php?option=com_test&parameter1=value1)
 
JS Protections:
  • Filter Javascript - by setting this to Yes, the Javascript will be filtered instead of the connection being dropped.
  • Enable protections for - Form data (POST) enables filtering for information submitted through forms (eg. article editing, user registration etc). While URL data (GET) enables filtering for variables that are located in the URL (eg. http://www.yoursite.com/index.php?option=com_test&parameter1=value1).
 
Denial of Service:
  • Protect against DoS(Denial of Service) attacks for User Agents (perl, cURL, Java or empty User Agents)
  • Protect forms from abusive IPs - checks if IPs of form submitters exist in the Spamhaus XBL and SBL lists.
  • Deny access to the following referers - Referers are visitors coming from another website(domain). You can block multiple domains by specifying them each on a new line. You can also use wildcards, such as *.domain.com which will block any request coming from all subdomains of domain.com(e.g www.domain.com, images.domain.com etc.).
 
Automatic Blacklisting:
  • Automatic blacklisting: if repeated threats are detected with the same IP address, this will automatically be added to the Blacklist area
  • Automatic blacklisting for /administrator login: with this option enabled, failed backend logins will lead to an automatic ban. This option is independent from the CAPTCHA configurable below.
  • # of attempts: this is the minimum number of attempts before the attacker will be added to the blacklist and banned from your website.
 
CAPTCHA:
  • Enable CAPTCHA for the admin area: Yes / No This will prompt a CAPTCHA security code in the /wp-admin section. CAPTCHA will appear after the number of failed login attempts you specify below.
  • Secret Key
  • Site Key
  • Activate CAPTCHA after this number of failed login attempts: you will need to specify threshold limit
 
Backend login:
  • Capture backend login attempts: Yes / NoBy enabling this, every time a user fails to login in the /wp-admin section will trigger an event in the Threats.
  • Store passwords: Yes / NoSet whether to store the passwords used in the failed login attempts or not.
 
Uploads:
  • Filter uploads by deleting the file(s) instead of the connection being dropped.
  • Verify if uploaded files have multiple extensions
  • Verify uploaded files for known malware patterns
  • Don't upload files with the configured list of banned extensions
 
 
Core scanner:
  • Remove the generator meta tag - Removing the generator meta tag from your website's template will protect you from spambots or attackers that target WordPress websites
  • Check core WordPress files integrity - Checks a few core WordPress files for integrity, like the WordPress login and index.php
  • Monitor the following files for changes - If any of the following files will be changed, you will be alerted by email and an entry will be posted in the System Log.
  • Monitor the following files for changes - If any of the following files will be changed, you will be alerted by email and an entry will be posted in the System Log.
  • Block access to XML-RPC Server (including Pingbacks and Trackbacks) - Stops malicious scripts exploiting the xmlrpc.php and wp-trackback.php files from being accessed (except whitelisted IP's).
 

Hardening:
  • Stop PHP files in Uploads directory - Stops PHP files from Uploads directory!
    Be careful on using this option because many plugins/themes uses PHP files to generate images or save temporary data!
    Please use the "Whitelist PHP files" option to allow specific files to run properly!
  • Stop PHP Files in WP-CONTENT directory - Stops PHP files from WP-CONTENT directory!
    Be careful on using this option because many plugins/themes uses PHP files to generate images or save temporary data!
    Please use the "Whitelist PHP files" option to allow specific files to run properly!
  • Stop PHP Files in WP-INCLUDES directory - Stops PHP files from WP-INCLUDES directory!
    Be careful on using this option because many plugins/themes uses PHP files to generate images or save temporary data!
    Please use the "Whitelist PHP files" option to allow specific files to run properly!
  • Disable plugin editors - Disables the plugin editors to prevent unwanted core files modifications!
  • Remove root readme.html - Removes the root readme.html. The information could be used by malicious users!
  • Whitelist Blocked PHP Files - After applying hardening to any of the above folders you can whitelist any php file located in those folders if you require them to run.
 

Lockdown:
  • Protect users from any changes - this will create a snapshot of the selected users. If any changes will happen to any of them, it will get reverted back immediately. If you want to update your snapshot, you will have to deselect all the users, press Apply and then select the users again and finally Save the configuration.
  • Disable access to the WordPress installer - by setting this to Yes, the WordPress installer will no longer be accessible.
  • Disable the creation of new Administrators - by setting this to yes, new users that can login in the /administrator section will be deleted as soon as they are created. Keep in mind that new users (such as the ones added to the Registered user group) will not be affected, unless you are trying to add Super Administrator rights to them (in this case, they will be deleted as well).
 
 

Logging utility
  • Logs any events that trigger RSFirewall! so that you can review them. The logging utility also offers the possibility to send out an email if a security event is recorded that has a security level higher then a preconfigured value (low, medium, high, critical).
  • To keep the database fresh and prevent if from overloading, a days to keep log history option was added, log entries older then the number of days you set, will be automatically deleted.
  • To limit the potential high number of emails (each event / attempt) can potentially generate an email, a maximum number limit of sent emails per hour option has been added. If the limit is reached, no more emails will be generated.
  • Here you can also set how many RSFirewall! related events to show in the System Overview by adding a number in the events to show field.
  • You can set the preferred WhoIs service for both IPv4 and IPv6. Up until this point, http://whois.domaintools.com/ was used by default. You can use the {ip} placeholder to transmit the IP directly though the URL.
 
Import

RSFirewall! allows exporting all the configuration settings in order to migrate them on another RSFirewall! installation. The export button is available at the top of the "Firewall Configuration" tab and when is pressed it will generate a configuration.json file which can later be imported using the "Import" tab.

 
Updates
  • Here you need to enter the license code in order to receive update. The license code is generated after you have registered a domain.
 
Note:
  • If, for example you have configured RSFirewall! to send email notifications to 3 email addresses, the email counter will be incremented by 3, as each event will generate three emails in this case.
  • The more options you have enabled the more protection is offered by the RSFirewall! component however note that these options may affect the overall performance of your site.

Was this article helpful?

Yes No
Sorry about that