Free 5 minute guide to install BitFire website firewall.

BitFire is a best-in-class firewall for PHP websites. It eliminates automated hacking attempts and stops over 140 other security threats.

Cory Marsh
Cory Marsh
Share:
  • ...
  • ...
Cory Marsh has over 20 years internet security experience. He is a lead developer on the BitFire project and regularly releases PHP security and programming vidoes on BitFire's you tube channel.
Quick Install:

This guide walks you through the free manual install in about 5 minutes. To begin, you will need:

  • Internet access to download the software
  • Website login username and password (FTP, SSH, etc.)
  • Edit access for your PHP files

Upload BitFire to your webserver

  1. Download the latest BitFire release at https://github.com/bitslip6/bitfire/releases, select zip if you use Windows, or tar.gz if you use macOS or Linux.
  2. If you have FTP access, extract the files on your desktop and upload the bitfire directory to your FTP server in the root directory of your website.
  3. If you have SSH access and a Linux server, you can download directly on the webserver to any directory you wish (usually a home directory) with this command (replace 2.0.2 with the latest version available at the time you download):
cd /path/to/your/web/files
curl https://github.com/bitslip6/bitfire/archive/refs/tags/2.0.2.tar.gz -o bitfire.tar.gz; tar zxf bitfire.tar.gz
security can be complex

Configure The Firewall

Now that BitFire has been installed on your webserver, it's time to configure it. You can run the initial configuration wizard and tutorial by visiting the startup page. https://www.yourdomain.com/bitfire/startup.php.


You will be prompted to setup an initial password when you visit startup.php. This password will be required each time you access the BitFire dashboard so be sure to save it someplace safe like your password manager. A secure password will be automatically generated for you but you may change this if you wish at this time.

Setup Wizard and Tutorial

After setting the password, you will be redirected to the setup wizard. You will be prompted for the password you just created, the username field is not required.

The wizard will enable or disable the core features of the firewall. If you do not select the recomended "Always on Protection" you will need to manually load the firewall. This can be done by adding a single include /full/path/to/bitfire/startup.php line to the top of your index.php or other root php startup script.

We recommend you also enable "Require Full Browser" and "Block Impersonating Robots" to block all automated requests. This functionality is similar to Cloudflare's Browser Integrity Check but is transparent and completes in just a few milliseconds.

After the setup wizard saves the configuration, you will be redirected to the dashboard and a short intro will show you how to view the firewall blocking behaivor.

Malware Scan

After the dashboard tutorial, you will be taken to the malware scanner page with a short tutorial. The current malware scanner is only available for WordPress, if you are using a difference CMS or custom application please contact us about support options.



Congratulations, BitFire is now installed!

You can monitor your firewall at https://www.your_domain.com/bitfire

Please read the Setup Guide for instructions on how to get the most for your website security.

Web Security University

PHP focused web security tutorials. Each week we cover a new topic in-depth and provide code examples you can integrate today with your current app stack.

Access The University
Cory Marsh
Cory Marsh
Share:
  • ...
  • ...
Cory Marsh has over 20 years Internet security experience. He is a lead developer on the BitFire project and regularly releases PHP security and programming vidoes on BitFire's you tube channel.

Get WebSite Security Notifications

From us to your inbox weekly.