It could be the best, but flaws

  • MrBrian

    (@mrbrian)


    9 years ago

    While NinjaFirewall definitely has a lot going for it with it’s speed and extensive firewall rules, it may cause issues with your site – whether you realize it or not.

    This plugin is basically like mod_security and shouldn’t be compared to other security plugins like Wordfence. It’s firewall rules are often ‘too secure’ and you’ll find the support forum littered with people complaining about false positives. I ran into multiple issues with some as simple as copy and pasting HTML code into my post that it thought were malicious (detected a comparison operator i POST request? come on). Personally, after about the 10th random issue over 5 months of using this plugin on different sites.. I finally had to toss it out the window.

    The last straw was I started doing backups with VaultPress and saw the firewall log filling with “critical” entries, basically blocking some of the backup operations. With no way to whitelist by IP, request URI, or even an option to never block requests from logged in users – you’re sh*t out of luck.

    And good luck reading the firewall log because it’s a mess. I really have to scroll all the way down to see the latest log entries? No way to filter out the pointless “allowed uploads” or constant repeating “suspicious bots/scanners” entries? A different log for each day? No thanks.

Viewing 1 replies (of 1 total)

  • Just to point out that with the pro version you get options to filter the log based on events such as today/critical/high/medium/uploads/info/debug: https://snag.gy/jATMuc.jpg

    With the free version you can whitelist users based on IP through the .htninja file, and all admin level users are whitelisted by default.

Viewing 1 replies (of 1 total)
  • The topic ‘It could be the best, but flaws’ is closed to new replies.