BitFire is a best-in-class firewall for PHP websites. It eliminates automated hacking attempts and stops over 140 other security threats.
This guide walks you through the free manual install in about 5 minutes. To begin, you will need:
cd /path/to/your/web/files curl https://bitfire.co/latest-release.tar.gz -o bitfire.tar.gz; tar zxf bitfire.tar.gz
Now that BitFire has been installed on your webserver, it's time to configure it. You can run the initial configuration wizard and tutorial by visiting the startup page. https://www.yourdomain.com/bitfire/startup.php.
You will be prompted to setup an initial password when you visit startup.php. This password will be required each time you access the BitFire dashboard so be sure to save it someplace safe like your password manager. A secure password will be automatically generated for you but you may change this if you wish at this time.
After setting the password, you will be redirected to the setup wizard. You will be prompted for the password you just created, the username field is not required.
The wizard will enable or disable the core features of the firewall. If you do not select "Always on Protection" You will need to manually load the firewall.
If you uploaded BitFire in your public HTML files (standard for FTP access), this path should be something like "/var/www/your_sitename/bitfire/startup.php". If you are unsure about the full path to your website root directory, look at the output of phpinfo in the previous step. Full path to your webroot directory is the value "DOCUMENT_ROOT" located near the bottom of the info.php page.
Now, add the following line to your php.ini file:
auto_prepend_file = "/path/to/bitfire/startup.php"* replace /path/to with the actual path to your BitFire files on the server
If you can not edit php.ini, you can still enable the same setting by editing your site .htaccess file. Open your root .htaccess file, and add the following lines to the end of your .htaccess file.
<IfModule php7_module> php_value auto_prepend_file "/path/to/bitfire/startup.php" </IfModule> <IfModule lsapi_module> php_value auto_prepend_file "/path/to/bitfire/startup.php" </IfModule>* remember to replace /path/to with the path to your BitFire install
You can monitor your firewall at https://www.your_domain.com/bitfire
Please read the Setup Guide for instructions on how to get the most for your website security.
PHP focused web security tutorials. Each week we cover a new topic in-depth and provide code examples you can integrate today with your current app stack.