{{header}}

Settings Documentation

BitFire Server Settings Enable (general configuration)

BitFire Enable

Enable / Disable all functionality

Always On Protection

Run BitFire before WordPress. Prevent Firewall bypass and save server resources by blocking bad traffic before WordPress loads

Send HTTP Security Headers

Deny iframes, disable content sniff, remove detailed referer data

Disable XMLRPC

Disable WordPress XMLRPC functions. This will disable remote API for WordPress mobile app and remote scraping and login API.

Require SSL

Force SSL and disable browsers connecting without SSL

Log Everything

Log all traffic, not just blocked traffic (add ~1ms to response time)

BitFire Bot Blocking Enable (block scanners, hacker tools and automated traffic)

Require Full Browser

Verify browsers are not actually bots with Fingerprinting or passing a JavaScript challenge

Always Challenge Browsers

Also challenge browsers that are only viewing pages. Enabling will always challenge and block web scrapers. This does not improve security, only block automated web scraping.

Block Bots not on Allowlist

Over 3,000 Search Engines and SEO tools included. All bots allowed when off. Each bot configurable in BotControl Settings

Block Scanners

Identify and block bots identifying themselves as malware or scanning tools
The page to display for the browser challenge. This page will verify and instantly redirect.
  • Blank Page
  • Simple Spinner
  • BitFire Security Page
  • CloudFlair Light Emulated
  • CloudFlair Dark Emulated

Web Application Firewall Features Enable (Traditional WAF configuration)

Generic Web Blocking

Block generic attacks, XXE, SSI, SSRF, CSRF, etc

Block XSS

Block Cross Site Scripting Attacks

Block SQLi

Block SQL injection attacks

Block Malicious Files

Inspect all file uploads for malicious code

BitFire PRO RASP Settings Enable (Runtime Application Self-Protection )

Block WordPress Scanners

Block scanning for WordPress vulnerable plugins and themes.

RASP FileSystem Protection

Force RASP Access Control on all PHP files. Prevent PHP files from being modified or deleted unless logged in as Administrator.

RASP Database Protection

Force RASP Checks on all database queries. Prevent altering sensitive DB tables unless logged in as Administrator.

RASP Network Protection

Prevent connecting to bot command and control networks, stop man in the middle attacks.

Multi Factor Authentication

{{mfa}}

Server Configuration
These settings are auto-configured for your server. Only change if required.

Server Side Cache (must have cache or cookies enabled)
  • SHMOP
  • OPCACHE
  • none
CloudFlair (1.1.1.1) or localhost
  • 1.1.1.1
  • localhost
HTTP response code for block page
  • 200 OK
  • 203 NON AUTHORITATIVE
  • 204 NO CONTENT
  • 400 BAD REQUEST
  • 401 NOT AUTHORIZED
  • 403 FORBIDDEN
  • 406 NOT ACCEPTABLE
  • 500 SERVER ERROR
  • 503 UNAVAILABLE
IP Address, X-Forwarded, Forward
  • REMOTE_ADDR
  • X-FORWARDED
  • FORWARD
  • CloudFlair
Disable if server does not support cookies
Log BitFire PHP errors and send to developers
Allow BitFire support team to review and fix bot configuration errors

BitFire PRO / PREMIUM Licensing

Check your email for license code after purchase

Uninstall BitFire This will uninstall BitFire from the startup script and remove all files.

The script files can be removed after the php cache expires in 5 minutes