Perhaps there is a wrong declarattion within the virtualhosts.conf:
Current stuation with some occurances: SetHandler "proxy:unix:/var/run/rh-php73-php-fpm/VHOST-php73.sock|fcgi://localhost/"
This declaration prevent the mode switch of my WordPress firewall (NinjaFirewall) from WAF to Full-F
WAF mode.
I replaced all occurrences of:
SetHandler “proxy:unix:/var/run/rh-php73-php-fpm/ec1117VHOST-php73.sock|fcgi://localhost/”
I observe intensively the system behavior in the interaction of vhosts, WordPress and Ninja Firewall.
Conclusion:
To run Nina Firewall in Full WAF-Mode, the final “/” in the SetHandler declaration must be removed.
The problem of additional and not starting non-WordPress scripts must be solved by an additional configuration file for the Ninja firewall. In my case by adding an exclude-path in .htninja:
Every time virtualhosts.conf is regenerated, the manual changes are overwritten and NinjaFirewall falls back into the limited WordPress WAF mode. This is also pointed out in the file header.
So for me it is clear that I permanently need SetHandler declarations for my WordPress installations which do not have a closing “/”.
Negative effects on other functions of the webserver I could not find out if it is missing.
I can’t judge if it would be better to remove it by default for every vhost with WordPress installations or if only I need a customized standard solution.
For the latter, I would need your help.
I also thought that I could do without NinjaFirewall. But two reasons speak against it:
a look at the LOG-files with the massive intrusion attempts
At first, reading your post, I wanted to recommend Wordfence which I am using since a few years, but I thought if you had chosen Ninja Firewall you probably had a very good reason.
So I looked on the WordPress plugins site: Ninja Firewall and Wordfence.
Usually, I choose by virtue of the total number of installations of an extension, the number of comments, the response time on their forum, the time between updates, the number of languages they offer, etc. In this sense, Wordfence is the winner. Also, Wodfence has a very good newsletter with lot of advices on security.
Then I went to see if I could find a comparison between these two extensions. There, Ninja Firewall is ahead of Wordfence in terms of analysis speed and load on the system.
Hi Miche-Andre, I compared it 2 years ago and the winner was NinjaFirewall, because they protect against many more threads.
If you use Wordfense, please check your system, it’s really easy. https://nintechnet.com/ninjafirewall/wp-edition/?webscanner
(my result: Results: 49 out of 49 threats were blocked)
There a basic technical comparison and not only a comparison of the marketing brochures is attempted.
Some other real test scenarios:
I’m very interested to get real test experiences. The most “expert-test-blog-articles” are marketing comparisons.
As soon as I have a valid basis for comparison, I immediately change to avoid my calamities.
Nor am I waging a holy war for or against a solution; I am just very suspicious of the prospectus promises. And Nintech seemed to me at the time to go far beyond what other manufacturers offer with their published test results.
But the watches did not stop there.
