The Joomla! Extensions Directory ™

RSFirewall! ComponentModulePlugin

RSFirewall! is the most advanced Joomla! security extension that you can use to protect your Joomla! website from intrusions and hacker attacks. It's backed up by a team of experts that are trained to be always up to date with the latest known vulnerabilities, security updates making RSFirewall! the best choice in keeping your website safe.

» Compatible with Joomla! 2.5 & 3.x

» Backend Password - Add an extra layer of security by typing in a password before logging in the administration!
» Blacklist - Block unwanted (single or multiple using wildcards *.*.*.*, CIDR notation and ranges) IP addresses.
» IPv6 support
» Whitelist - Bypass protections for selected IPs.
» Stop brute-force login attempts - Capture login attempts (as well as incorrect passwords).
» Malware database - Detects obfuscated, encoded as well as potentially dangerous files (eg. base64_encode, eval, gzinflate, preg_replace /e)
» Automatically drop dangerous files when they're uploaded - such as .php, .js, .exe, .com, .bat, .cmd
» Disable the creation of new Administrators
» Protects selected Administrators from any changes - including password change!
» Log all security events and send messages to specified email address(es)
» Powerful exception system - Disable protections based on User Agent, URL or component (regular expressions allowed).
» Database Check - Optimize & repair your database tables.
» Display CAPTCHA in the administration section after a predefined number of failed login attempts.

Active Protections
» Country blocking - Allows you to select which countries have access to your Joomla! website (also blocks anonymous proxies). Based on GeoIP Lite Country database.
» Local file inclusion (LFI)
» Remote file inclusion (RFI)
» SQL injection (SQLi)
» HTML, Javascript and CSS filtering (XSS)
» Denial of Service (DoS) - Block unwanted User Agents
» Automatic blacklist
» Actively scans POST and GET variables.
» Keeps an eye on sensitive Joomla! files and alerts you if they are changed.

System Check
» Check for the latest Joomla! & RSFirewall! versions.
» Provides suggestions on how to tighten your PHP & Joomla! configuration.
» Scan Joomla! core files for integrity.
» Scan files and folders for common permission errors.
» Scan files for common malware.

Report Extension




Reviews: 2
I am using this extension since last 2 years. After installing this extension I am bit relieved as earlier my site was hacked twice. This extension immediately informs about any suspicious activity. Very easy to install and use. I think it is a must for every joomla site
Reviews: 10
I have slowly worked my way into the RSJoomla family of products [RSForm Pro, RSSEO], and am never let down when I purchase a subscription to another. And RSFirewall is no exception. Powerful site protection, quick to configure, and their tech support [team] is quick, & knowledgeable. And unlike unlike some extension developers ... they give you great answers / replies to your support tickets, and actually take the time to understand the issue and get it fixed right ... the first time.
Reviews: 9
I've used RS Firewall for several years now and every time I wish it could do something that is doesn't. It magically appears in one of the next updates. May take a few updates, but it happens pretty quick. There is so much power and ease of use for such a complex component that I'm always finding something new on every site I install it on. I'm so happy you can buy an unlimited site license at a reasonable price. I install it on every site I build. The best new features to come along, that other reviews mentioned it lacked is the ability to block an IP address after X amount of failed attempts. This is selectable for front or backend access. No more 400 emails in my inbox from a hacker attempting to gain access to the backend of one of my customers sites. Keep up the great work.
Reviews: 26
Been using it for a couple of years now and never had a successful intrusion. This version includes two features i have requested which makes it even better...
Reviews: 12
This component is awesome. detects any core files that are missing or modified. and gives suggestion on how to fix issues.
Reviews: 8
RSFirewall is an excellent extension. There is no need to repeat all these great evaluations already made here. It is enough to say that for obvious reasons this component is a "must have".

However I would like to underline an exceptional and professional support delivered by the developers from They are awesome!
Reviews: 32
Using RSFirewall in Joomla 2.5 since version 1.0.34 (January 2012).
Advantages: Protection against SQL injection, PHP, LFI and XSS injections and attacks in real time.
The analyzer site for twenty-four parameters that affect the safety of Joomla. Advanced System log. Protection of the administrative area site with a password and additional safety circuits. Blocking site of the changes. Analyzer database schema. Blocking access to the settings of the RSFirewall with a password. Black list of IP addresses that are denied access to the site. Allocation of access rights to the site administrators, and administrative area to the individual components. Basic protection against DoS attacks. Filtering files uploaded to the site. Protection from scanning the site for vulnerabilities. Protection of the Administrator account of any changes.
Disadvantages: not currently found.
Very good extension for the comprehensive protection of the site. Translated in the Russian language.
Support - very good. Questions decide quickly.
I use to protect the personal blog of weekly attacks.
Engaged in web technologies since March 2007. Use Joomla since December 2009.
Reviews: 2
I've used most of RSJoomla's extensions including the Firewall on many sites (I have an unlimited license) and I've been very happy with the support I've received.

The last ticket I had with them ended up not even being related to their Firewall component but I had thought it was. I couldn't access the backend Admin and the site was ready to go live the next day. They identified the problem and explained to me how to fix it. They really saved my butt.

Reviews: 3
I use this component to secure and monitor over 40 sites and it's enabled me to stay in business - without it, I'd be spending most of my working hours manually scanning, monitoring and updating Joomla websites and prowling round server logs with no real idea of how safe each site is.

It's highly flexible so I can lock a site down tight as a drum, or leave specific elements open for ease of access and ramp up their security in other areas instead. For more vulnerable sites with lots of plugins and users, the email notifications keep me advised of every threat in real time from the negligible to critical.

If you're in any doubt but run more than one website then just buy it, with a multiple license and the offers they make on Twitter it ends up being a few quid per year, per site, and it's a load off your mind :)
Reviews: 35
been using it for a while...
worth it! excellent features
coulod add the support to block after a few attempts automatically ... but all together smooth and easy to upgrade !

Great job!
Reviews: 5
This extension does its job pretty well, I get emails for failed logon attempts along with the IP address so that you can add it to the black list if necessary.

But, you will have to be very careful while doing the following
1. Using ACL option - make sure to allow full access to an administrator account before you click save after enabling this option. If not you will be locked out of your site.
2. fixing the problems via System Check. Contact support if you are not sure what you are doing. I lost access to WHMCS pages & its back-end and ability to install any Joomla extensions. Also make sure to backup php.ini before you apply the fix.

Only request to developer is to provide enough warning and detailed documentation about the cause of applying certain security options. I learnt it myself by making many mistakes.
Reviews: 1
This is an excellent application. I would give it 5 stars except for one issue -- and it is such a BIG issue with the potential for BIG problems for the end user that I have to give this application 1 star.

Here is the issue: RSFirewall! has a system lockdown function; you can disable key aspects of Joomla that make your site harder to hack. This is a good thing. RSFirewall! has a master password function; you need to enter in a master password (if you create one) to change the component settings. This is also a good thing. However, when creating a master password, the characters you are entering are masked and there is no field to re-enter your password. So if you enable the system lockdown then mistype when you create a master password you won't know it until you go to log into the application. At which point you would not be able to do anything -- there isn't even the extra security questions to enable you to retrieve your master password -- you know like, "what is your favorite restaurant?" etc -- that you see on some banking sites.

I would love to see this issue resolved --either by having an option to unmask the password when you create it or a field to re-enter the password AND some sort of password retrieval option (security questions, email, something) in the unlikely event you forget your password or type in the wrong one.

If this one issue were fixed, I would give this application 5 stars -- it is great! Just with one MAJOR issue waiting to go awry.
Owner's reply

This review is pointless and should be removed, because is totally wrong. There is an article in the documentation that explains how to clear the master password:

Reviews: 1
It was a toss up between tow different security applications ...

After the numerous excellent reviews I decided on RS Firewall and have not been disappointed

Already it has found what where gaping holes in my three sites ... and resolved the issues.

One little issue though, I am sure it is mentioned some where in the T & C's

I bough the multi site license assuming that I could protect my three sites, in fairness I can but I am only entitled to updates on one Domain, I have to pick which one ... that was a little disappointing and probably a little misleading with the term multi site license.

Otherwise ... I cant complain and I am very happy
Owner's reply

Thanks for the review John.

For your information: a multi-site license allows you to install and update RSFirewall! on unlimited websites. You only have to register these websites on our website.

Reviews: 6
RS Firewall just works perfect. It monitors perfectly who tries to login the site and protects the elemental files! Perfect solution
Reviews: 7
Once again, I'm compelled to write a review about how good the RSJoomla! Support team is.
I've installed RSFirewall (the 5th RSJoomla extension on my site, by the way) only this morning, and had two critical issues that were solved in no time (less than an hour) by the support team! They are not only incredibly fast, but also very efficient! Highly recommended.
Reviews: 3
We have been building a new J16 site and wanted to reduce the chances of any unauthorized visits.
I fully back the claims of the others who have written what they have how good this module is.
We had a problem with what happened when we allowed the module to improve the rating by fixing issues found in our J1.5.23 sites, RSJoomla's support was excellent and was fixed in no time at all.
Well worth the urchase
Reviews: 1
We administer upwards of around 50 websites all running Joomla and I initially came across this component and took their claims with a grain of salt. You can't trust everything you read. We had been hacked so many times on so many of our sites that security fixes had become a weekly chore. Then we installed RSFirewall and it all stopped. In the 6 months we have been using this we have not had one single instance of being hacked. Our core Joomla files we getting hacked on a weekly basis... now I haven't had to address one security concern in 6 months. If your Joomla installations attract a lot of traffic, this is a must-have component that does all the hard security work for you. Do be aware that the ratings it gives you on a Windows server are low due to not being able to assign Unix permissions to files, but otherwise, we have subscribed to the top level of support for this and will continue to do so. RSFirewall saved us from having to dump Joomla all together and buy a custom CMS.
Reviews: 15
Excellent Firewall!
Using it on 5 websites and couting.

I have some suggestions to keep it the best:
- Emergency shutdown button (see Admin Tools)
- Automatic IP banning for high alerts (adjustable)
- More extensive back-end access control
- Check for all vulnerable extensions, not just Jummi
- Maybe a passive scanner that scans ones a day all files (see Eyesite)
- Checking/adjusting default admin ID (not sure if it does).
- Checking/adjusting default database prefix

Don't get me wrong there are LOTS of possibilities with this excellent Firewall!
System Lockdown is also nice, don't forget to add a secure password to RSFirewall!
Can't say anything about the support, didn't need any yet (Good manual)

BUY this Firewall, your Joomla website deserves it!
Reviews: 1
I run many Joomla websites, over 50+, and a couple of them were compromised at times.

From reading the previous reviews, I decided it was a good decision to use RSFirewall.

Just from installing it I can see it is a quality and well made component.

Very nicely done!

One recommendation to the author:

Maybe allow the dashboard to show more reporting and statistics about the component.

Number of malware found, etc - give some perspective on the whole thing and its performance.

Good stuff!
Reviews: 5
I've been using RS Fiewall for over one year (my first subscription just expired) ad am utterly impressed. I've used a few other RS components, and while the rest are good, this is polished, well documented, and just plain works. I admit that I did have a problem when I selected for RS to "fix" my PHP.ini file - let's just say it didn't work. No need to fix this, though. It may work for some configurations, but the fixed php.ini file caused problems for me. Now I just skip this suggestion when performing the site scans. Regardless, I was able to follow their simple instructions to revert to the original file, and this and all of the other sites I administer are running smoothly. I haven't had ANY security issues with any of my sites since installing, and was having problems daily before.

This software has saved me tens, if not hundreds of hours or headaches, and is worth every penny. I won't build a Joomla site without it.
Page 2 of 5