Wordfence and Modsecurity

  • Resolved dciphered

    (@dciphered)


    5 years, 9 months ago

    Dear WF team,

    I’d like to get some more information as to whether there’s any point in running both modsecurity and wordfence side-by-side on the same WP server?

    I’m of the understanding that modsecurity fires first at the web server (apache/nginx) layer followed by wordfence at the wordpress application layer however I’m not entirely sure what the benefit is (if any) to running both WAF’s inline?

    Running both would no doubt add additional overhead to the processing of HTTP requests which I’d prefer to minimise.

    At the moment I have modsecurity with the Atomic corp basic ruleset (within a Plesk deployment) and Wordfence. However, my preference would be to run a single WAF solution.

    Many thanks in advance.

Viewing 4 replies - 1 through 4 (of 4 total)

  • For what it’s worth… I run Modsecurity and Configure Server Firewall, if there is any hit on server speed it’s minimal, as I keep my rules to a reasonable minimum. I like the way the server firewalls catch stuff way early in the process, with nothing but an error message. Wordfence gives way too much information to criminals. It shouts “I use WordPress and Wordfence, test your hacks on me!!” MTN

    Hi @dciphered,

    If you have to choose one over the other,

    I would recommend Wordfence because it’s geared towards security exploits against WordPress sites. If you look at the Rule-set found within Wordfence -> All Options, there are plenty of rules that combat attacks against popular plugins.

    Wordfence also provides you with an interface to easily view Live Traffic, manage settings, get email alerts on your site’s status.

    Dave

    Problem is, Wordfence does little to nothing to protect against attacks on Linux. Run only one firewall at your peril. For example, if you examine what’s going on with your server, you’ll probably discover hundreds if not thousands of attacks on your FTP and Cpanel logins. Fiddling around with Wordfence, protecting the WordPress login, is an interesting exercise, but does nothing to protect from server login attacks. MTN

    Thread Starter dciphered

    (@dciphered)

    Thanks for the reply all, appreciate the various points of view.

    I’ve decided to run both ?? Modsecurity with the Comodo rules in place and Wordfence as the second line of defence for WP specific prevention.

    The only issue with modsecurity is the lack of simple notification capability. Short of creating your own scripts that fire an email on specific rule sets that are triggered, there’s no easy way to do this which is where Wordfence dominates.

    Thanks again.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Wordfence and Modsecurity’ is closed to new replies.