Web Application Firewall (WAF)

Web Firewall & Scanner

SellCloud enables NinjaFirewall (WP Edition) Advanced Security Plugin and Firewall on your Wordpress Apps. It is a stand-alone firewall that stands in front of WordPress.

Site Antivirus & Maleware Scanner

SellCloud enables NinjaScanner on your Wordpress Apps. A lightweight, fast and powerful antimalware scanner for WordPress to help you scan your site for malware and virus.

WAF Features

1

Blocks all major threats

  • Protects against very large brute-force attacks
  • Cross-Site Scripting (XSS)
  • Local & Remote File Inclusion (LFI, RFI)
  • Insecure Deserialization
  • SQL Injection (SQLi)
  • PHP object injection
  • Remote Code Execution (RCE)
  • XML External Entity (XXE)
  • OWASP Top 10
  • Phishing and clickjacking attempts

2

Large set of options

  • 50+ firewall policies
  • 300+ security rules
  • Access Control
  • Syslog Logging/Fail2Ban
  • IPv4, IPv6 & AS number
  • Geolocation
  • Rate-limiting
  • And many more...

3

Speed & Powerful filtering engine

  • High Performance Firewall
  • Low CPU/RAM usage
  • Fast & compact
  • Lightweight
  • Highly optimized
  • Sanitize
  • Transform
  • Normalize
  • Decode
  • Deobfuscate

How to change WAF Settings

Ninja Firewall tab

Log in your to your Wordpress Admin panel, scroll down the left tab and click the Ninja Firewall tab. On the Dashboard tab, click Activate Full WAF Mode button

In the pop-up page, follow the settings shown on the left image.

Scroll down the pop-up page and click Finish Installation button

Wp-Login.php Protection

The process is easy. Simply scroll down and go to the "Login Protection" tab under Ninja Firewall options.

Activate wp-login.php Protection

The process is easy. Simply scroll down and go to the "Login Protection" tab under Ninja Firewall options. You need to click on "Enable". You will be prompted with the below page, enter the information as mentioned. Here you also need to set a separate ID and Password for the Firewall Page.

Enable XMLRPC protection

Scroll down the page and also enable xmlrpc protection. It is very important to activate the Protection for XML-RPC too. Protecting the xmlrpc.php is as important as protecting wp-login.php. All of the Brute-Force attempts will be shifted to the xmlrpc.php if wp-login.php is not directly accessible.

Return To Tutorials Section