Nginx rate limiting

NinjaFirewall doesn’t limit the number of HTTP requests a visitor can make. Instead, it monitors all HTTP requests, regardless of the IP. That means that it will trigger the protection even if it is a distributed attack coming from hundreds/thousands of different IP addresses.

What kind of protection is available in NinjaFirewall Rate Limiting?

What happens if Nginx Rate Limiting and NinjaFirewall Rate Limiting is implemented?

Is Rate Limiting available only in the NinjaFirewall WP+ Edition?

The Rate Limiting option available in the WP+ Edition is similar to Nginx: it monitors every IP address and will block the one that reaches the threshold. Using both protections together would be redundant, unless they have a different configuration.

In the WP+ Edition, is it possible to implementing Rate Limiting specifically to wp-login.php and xmlrpc.php?

And once the IP address is blocked is it possible to unblock it manually and automatically?

Does the Rate Limiting work on Apache servers?

The login protection (WP and WP+) is the only rate limiting feature that can be used specifically for the wp-login.php and xmlrpc.php scripts.

In the WP+ Rate Limiting feature, IP addresses are temporarily banned, and they can be unblocked by clicking either the “Save Access Control Directives” or “Restore Default Values” buttons in the “Access Control” page. That will flush the cache used to store those IP addresses.
It does work on Apache too.

What other rate limiting feature is in the WP+ besides wp-login.php and xmlrpc.php scripts?

Rate limiting the wp-login.php and xmlrpc.php scripts is part of the Login Protection in the WP and WP+.
The WP+ rate limiting will monitor all HTTP requests sent to any PHP script.