Free 5 minute guide to install BitFire website firewall.

BitFire is a best-in-class firewall for PHP websites. It eliminates automated hacking attempts and stops over 140 other security threats.

Cory Marsh
Cory Marsh
Share:
Cory Marsh has over 20 years internet security experience. He is a lead developer on the BitFire project and regularly releases PHP security and programming videos on BitFire's you tube channel.
WordPress users

Stand Alone Install:

This guide walks you through the free manual install in about 5 minutes. To begin, you will need:

  • Internet access to download the software
  • Website login username and password (FTP, SSH, etc.)
  • Edit access for your PHP files

Upload BitFire to your webserver

  1. Download the latest BitFire release at
    Linux: https://bitfire.co/latest-release.tar.gz,
    Windows: https://bitfire.co/latest-release.zip,
    select zip if you use Windows, or tar.gz if you use macOS or Linux.
  2. If you have FTP access, extract the files on your desktop and upload the bitfire directory to your FTP server in the root directory of your website.
  3. If you have SSH access and a Linux server, you can download directly on the webserver to any directory you wish (usually a home directory) with this command (replace 2.0.2 with the latest version available at the time you download):
cd /path/to/your/web/files
curl https://bitfire.co/latest-release.tar.gz -o bitfire.tar.gz; tar zxf bitfire.tar.gz

Configure The Firewall

Now that BitFire has been installed on your webserver, it's time to configure it. You can run the initial configuration wizard and tutorial by visiting the startup page. https://www.yourdomain.com/bitfire/startup.php.


You will be prompted to setup an initial password when you visit startup.php. This password will be required each time you access the BitFire dashboard so be sure to save it someplace safe like your password manager. A secure password will be automatically generated for you but you may change this if you wish at this time.

Setup Wizard and Tutorial

After setting the password, you will be redirected to the setup wizard. You will be prompted for the password you just created, the username field is not required.

The wizard will enable or disable the core features of the firewall. If you do not select "Always on Protection" You will need to manually load the firewall.

If you uploaded BitFire in your public HTML files (standard for FTP access), this path should be something like "/var/www/your_sitename/bitfire/startup.php". If you are unsure about the full path to your website root directory, look at the output of phpinfo in the previous step. Full path to your webroot directory is the value "DOCUMENT_ROOT" located near the bottom of the info.php page.

Now, add the following line to your php.ini file:

auto_prepend_file = "/path/to/bitfire/startup.php"
* replace /path/to with the actual path to your BitFire files on the server

Edit - .htaccess File (only if unable to edit php.ini)

If you can not edit php.ini, you can still enable the same setting by editing your site .htaccess file. Open your root .htaccess file, and add the following lines to the end of your .htaccess file.

<IfModule php7_module>
  php_value auto_prepend_file "/path/to/bitfire/startup.php"
</IfModule>
<IfModule lsapi_module>
  php_value auto_prepend_file "/path/to/bitfire/startup.php"
</IfModule>
* remember to replace /path/to with the path to your BitFire install


Congratulations, BitFire is now installed!

You can monitor your firewall at https://www.your_domain.com/bitfire

Please read the Setup Guide for instructions on how to get the most for your website security.

Web Security University

PHP focused web security tutorials. Each week we cover a new topic in-depth and provide code examples you can integrate today with your current app stack.

Access The University
Cory Marsh
Cory Marsh
Share:
Cory Marsh has over 20 years Internet security experience. He is a lead developer on the BitFire project and regularly releases PHP security and programming videos on BitFire's you tube channel.

Get WebSite Security Notifications

From us to your inbox weekly.