How to protect all site?

Hi,

You can protect your WordPress folder with the WP Edition, and the main site with the Pro Edition (which is free and open source too).
Check our blog post: https://blog.nintechnet.com/installing-ninjafirewall-with-hhvm-hiphop-virtual-machine/
Scroll down to the “Multiple-site installation” section.
Note that this was written for HHVM, but it can apply to PHP as well, it is just the same method.

It is important that you only use the WP Edition to protect WordPress, because the Pro Edition is a generic one and it does not have specific WordPress protection (e.g., privilege escalation, zero-day vulerability etc).

Thank you for your quick response. Very helpful I ve got the concept.

I’m wandering if I just pass to the main php index website to just include the required file from the blog folder. Why not? This way I think the wp plug in will handle the requests, right? I don’t mind an extra workout it might do if it’s not a wp access request but my website’s php.

Keep in mind that I don’t have several domains. One domain and my php website and under this a wp folder.

You can try to move the PHP INI (which includes NF auto_prepend_file directive) to your main root folder. In most cases, that should work.

Thanks for the support. That done the trick as well as the .Htaccess include directive.