itomicspaceman

Thanks so much @gappiah ! Your advice looks spot on. That said, I’m new to Elementor, and searching around, can’t seem to find and action in the area(s) you’re talking about. But I know a friend who does, so I’ll defer to my friend at this time… unless my searching around reveals the answer sooner.

I’ll report back when it’s done, in case it helps someone else.

Thx again!

Thanks really helpful, thanks so much @gappiah !

I’m also interested to learn from the experience and advice of others for the same reason as the original post:

“I already use ModSecurity with COMODO firewall rules, which I believe is largely redundant to the Wordfence WAF.”

We know that the two can run together because we’re doing it now.

Arguably two firewalls are better than one, e.g. because (maybe) a weakness in one is compensated for by a strength in the other.

Conversely I think there’s an excellent chance that the benefits of two firewalls are fully negated by the extra complexity associated with having two, starting with having to remember that you have two firewalls at play.

This Wordfence article clearly shows the limitations of a Cloud WAF versus Wordfence: https://www.wordfence.com/blog/2016/10/endpoint-vs-cloud-security-cloud-waf-user-identity-problem/ but doesn’t go as far as to say “and therefore the only firewall you need for a WordPress site is Wordfence”.

In summary: in the interests of “less is more” I’d prefer to run Wordfence only, and to whitelist such sites with ModSecurity so that it doesn’t attempt to protect them. But keen to hear from others on whether this is smart or not.

Comments anyone?

Thx.