Free slot games play free without downloading,bamboo lucky ruby ??game.Recharge Every day and Get Bonus up-to 50%!

Resolved armanmprr
(@armanmprr)

4 years, 6 months ago

Hi i want to know that is ninja firewall enough for woocommerce o i should install ithemes security for hardening too. i dont want my site to be so slow can you tell me the best way to protect my website. do i need a cloud waf as well?

Viewing 4 replies - 1 through 4 (of 4 total)

Plugin Author nintechnet
(@nintechnet)

4 years, 6 months ago

NinjaFirewall is enough for WooCommerce and WordPress. There’s no need for additional plugins or external services. The best is to run it in Full WAF mode if you can.
Thread Starter armanmprr
(@armanmprr)

4 years, 6 months ago
thank you for your perfect plugin .
some guys told me that external cdn waf dont slow down your site dont use plugins are they correct? sorry for my noobie questions
- This reply was modified 4 years, 6 months ago by armanmprr.
Plugin Author nintechnet
(@nintechnet)

4 years, 6 months ago

I disagree with them.
First you shouldn’t see any speed difference with or without NinjaFirewall. Then, CDN WAFs perform very poorly when it comes to block zero-day vulnerabilities. NinjaFirewall works before WordPress (like a cloud WAF), but also while it loads and after it is loaded. So it knows what’s going on. For instance:
* if an attacker exploited a zero-day vulnerability that allowed them to escalate their account into an admin account, NinjaFirewall would detect it right away (and would block them). A cloud WAF wouldn’t.
* if an attacker stole your FTP pass, uploaded a backdoor and accessed it from their browser, NinjaFirewall would detect it (with its File Guard option), a cloud WAF wouldn’t.

Additionally, if your customer pay with a credit card, the HTTPS connection will be decrypted by the cloud WAF before being forwarded (encrypted or not) to your server. Personally, I would never allow a 3rd-part company to decrypt my HTTPS traffic on their server.

CDNs (without WAF) are nice, but only for static content such as JS, images etc, because you don’t mind that they decrypt this kind of traffic that doesn’t forward any confidential data. But for dynamic content, I would avoid them because the purpose of HTTPS traffic is to be encrypted from the client to the server, not to be decrypted by someone else in the middle of the HTTP connection.

I disagree with them.
First you shouldn’t see any speed difference with or without NinjaFirewall. Then, CDN WAFs perform very poorly when it comes to block zero-day vulnerabilities. NinjaFirewall works before WordPress (like a cloud WAF), but also while it loads and after it is loaded. So it knows what’s going on. For instance:
* if an attacker exploited a zero-day vulnerability that allowed them to escalate their account into an admin account, NinjaFirewall would detect it right away (and would block them). A cloud WAF wouldn’t.
* if an attacker stole your FTP pass, uploaded a backdoor and accessed it from their browser, NinjaFirewall would detect it (with its File Guard option), a cloud WAF wouldn’t.

Additionally, if your customer pay with a credit card, the HTTPS connection will be decrypted by the cloud WAF before being forwarded (encrypted or not) to your server. Personally, I would never allow a 3rd-part company to decrypt my HTTPS traffic on their server.

CDNs (without WAF) are nice, but only for static content such as JS, images etc, because you don’t mind that they decrypt this kind of traffic that doesn’t forward any confidential data. But for dynamic content, I would avoid them because the purpose of HTTPS traffic is to be encrypted from the client to the server, not to be decrypted by someone else in the middle of the HTTP connection.

Thread Starter armanmprr
(@armanmprr)

4 years, 6 months ago

thank you ninja firewall for your awesome support and plugin thumbs up

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Woocommerce security’ is closed to new replies.