» Compatible with Joomla! 2.5 & 3.x
» Backend Password - Add an extra layer of security by typing in a password before logging in the administration!
» Blacklist - Block unwanted (single or multiple using wildcards *.*.*.*, CIDR notation and ranges) IP addresses.
» IPv6 support
» Whitelist - Bypass protections for selected IPs.
» Stop brute-force login attempts - Capture login attempts (as well as incorrect passwords).
» Malware database - Detects obfuscated, encoded as well as potentially dangerous files (eg. base64_encode, eval, gzinflate, preg_replace /e)
» Automatically drop dangerous files when they're uploaded - such as .php, .js, .exe, .com, .bat, .cmd
» Disable the creation of new Administrators
» Protects selected Administrators from any changes - including password change!
» Log all security events and send messages to specified email address(es)
» Powerful exception system - Disable protections based on User Agent, URL or component (regular expressions allowed).
» Database Check - Optimize & repair your database tables.
» Display CAPTCHA in the administration section after a predefined number of failed login attempts.
» Country blocking - Allows you to select which countries have access to your Joomla! website (also blocks anonymous proxies). Based on GeoIP Lite Country database.
» Local file inclusion (LFI)
» Remote file inclusion (RFI)
» SQL injection (SQLi)
» Denial of Service (DoS) - Block unwanted User Agents
» Automatic blacklist
» Actively scans POST and GET variables.
» Keeps an eye on sensitive Joomla! files and alerts you if they are changed.
» Check for the latest Joomla! & RSFirewall! versions.
» Provides suggestions on how to tighten your PHP & Joomla! configuration.
» Scan Joomla! core files for integrity.
» Scan files and folders for common permission errors.
» Scan files for common malware.
I love this firewall. It has everything I could possibly want to protect my system. It does a system check and gives explanations as to why something is being recommended.
I would recommend this product to all users looking to protect their site from injections, hackers, etc - anyone looking for protection.
PROS: Easy Easy Easy - just click. The usual EXCELLENT RSJoomla technical support. Very educational as to how Joomla works and vulnerabilities.
CONS: Some suggestions are a challenge to decide on, though the docs are pretty good. We easily got 75 out of 100 ranting without lifting a finger.
I'd never run my computer without an anti-virus software, nor will I leave my site exposed.
Definitely the best Firewall for Joomla that's out there!
Great pricing this month with the 50% off!!!
Thank you RSJoomla!
I was at a loss! What could I do? I had 7 customers and I did not have the expertise to fix this problem and guarantee that it would not happen again! Was I going to have to give them a refund? I couldn't do that... There money was already spent!
I started researching the options I had to secure Joomla, and I found RSFirewall... Looking at the information, it seemed simple enough.
1. Buy a license.
4. Set password, turn on lock down.
5. Drink a diet coke and watch Law & Order, because RSFirewall was handling all of my real life offenders, I could spend time watching TV about made up offenders.
Honestly though this extension is Great. After installing it my problems stopped. Sure I sat around waiting for it to hit the fan... but it never did. As a matter of fact during my first 6 month membership, I didn't even have anyone try to hack my sites (I'm guessing they know not to try with the RSFirewall badge on the public side of the website.) I just renewed for my second 6 months, and I am excited to see that it supports Joomla 1.6 too! I finally had someone try to hack one of my sites again! :-D It was great, because I got to watch in real time through my email each attempt they made to try and login. Because of the email notifications letting me know that they were failing, I was also able to login to the administration side of the site they were attempting to access and verify that it was locked down... After the "hacker" tried about 9 or 10 times, he/she gave up and moved on!!! Thank you RSFirewall, I literally sleep better at night because for a while I really did have to worry about getting up each morning and making sure that my sites had not been hacked while I was asleep, but no more!
Yes it may be the most expensive Joomla extension you buy (Although I'm sure there are others that cost more) but it is the most valuable one you will buy! Big time saver! Plus the protected by badge looks great! :-)
I don't regret it for one moment! Not only I feel the website is safer, but it made me aware on a lot of security issues I didn't know that were such.
It was installed in seconds and even when we had everything set up already, we run into no problem at all. Everything kept working just fine as it was before.
Not only that, I ran into an unrelated to the component issue (that had more to do with my ignorance on how to work the php.ini file) and the ticket submitted was replied within an hour. I also liked that is was assigned to a single staff member (which gives you the feeling they are attending you more personally), and he was very friendly and helfpul.
In my opinion it's worthy every single penny you pay for it; they provide with documentation and tutorials at their website too (which btw looks very professional and organized).
I very much recommend this extension.
RSFirewall has given me nothing but headaches with:
1. Unwanted redirects (from http://mydomain.com/adminitrator to http://www.mydomain.com/administrator and we all know what issues the www. can cause.)
2. Failed login issues (even when the login and password names are copied directly from my password vault) usually related to www. redirect
3. missing WYSIWYG editors since I installed it.
I have tried to get answers from the developers 3 different times but got 3 different responses each time basically saying: "It’s not our programs fault it doesn’t effect any of the issues you are having..."
The worst part is it got worse over the last two updates. So I am convinced without doubt that this extension is the source of all my issues.
I finally got tired of messing with it and decided to just uninstall the whole thing, now I have even more issues with my admin area. It will sort of work in IE8, won’t work in Firefox now, and we won’t even discuss Chrome.
Be careful if you use this extension. I don’t know exactly what this extension did that caused all the problems but I know I didn’t have any of these issues till I installed this extension and ran the security check. I will likely be uninstalling and reinstalling my entire joomla site from scratch because of all of this.
On the plus side I did like the reporting features and the lock down feature.
1) & 2) RSFirewall! will never create any redirects and there's not a single line of code in the package that would have to do anything about redirects. You wrongfully created a htaccess file that redirects from non-www to www, and in the process left $live_site in your configuration.php to the non-www version. This way, your redirects where happening even when submitting forms (such as the user login).
3) There hasn't been a single report of such an issue, furthermore RSFirewall! has been tested with the most popular editors (tinyMCE, JCE, JoomlaCK) and there are no incompatibilites.
The fact that when you uninstalled RSFirewall! your admin panel "crashed" has no logic and there's no proof to support it - if such issues did exist, we would have known about them and fixed them. RSFirewall! does not modify any system files so it's highly unlikely that a simple uninstall would have caused something like this.
This review states facts that have no explanation other than the user error - since RSFirewall! does not handle redirects (how would that be a security feature, since RSFirewall! is a security software ?), does not change any lines within system files (including editors, and has even been tested for compatibility with them), how can all of this have happened ? The user clearly made some changes to his website around the same time he installed RSFirewall! and, without thinking it through (or even listening to our replies, even though we searched for this user and couldn't find any information on him) blamed RSFirewall! for everything (because it's easier to blame somebody else than to fix your own errors).
I had a couple technical issues, as a result submitted tickets and received assistance within 24 hours. They fixed my problems via the back-end - truly a wonderful experience. Support staff really cares and fixed my site, plus they installed the updated version without asking. I look forward to having my site secure while I sleep at night.
I also use RSProForm which is a great product to use. It integrates well with the rest of the extensions!
Soon after I looked for security solutions and found RSFirewall. I have since used it on every site I have build and I will continue to do so for as long as I build Joomla sites. The cost, while high compared to some extensions, is incredibly cheap when you factor in the hours it would take to restore the site in the event of it being hacked.
I am now far more diligent with my updates, however recently a third part extension was compromised across the web, ck forms, and many hundreds of sites were attached due to the sql injection attack used.
My sites were also targeted, before I learned of the exploit, but I was pleased to learn that RSFirewall had been protecting me the whole time.
If you only buy one extension for your Joomla site, make it this one. Take the advise of someone who has worked many free hours restoring websites due to hacks and don't make the same mistakes that I did.
Thanks for the great extension guys. I hope you continue to support it for many years to come.
We use other RSJoomla products too. All products of this company have perfect technical and commercial support.
Thank you, colleagues!
If your site does get hacked you can install a backup but you still need to find where and to protect it from further attacks. RSFirewall can save you a lot of time and headaches and the price ... how much do you value your website!
I submitted a ticket and within 24 hours the problem was solved.
Good support, good product.
I feel so much better knowing my website is protected.
RS Firewall requires some input though, you need to adjust and finetune settings of your website in order to get a good protection grade.
I had several hackings lately, and I had to move to a new host, and wanted something that will keep an eye on my site, and I was blessed to find RS Firewall.
It even notifies me when any admin logs in, and from what IP address.
The only thing I wish was that it allows me to prevent certain admins from accessing certain components. Because what it does currently that if you prevent access to a certain component, ypu prevent it from all including yourself, which is impractical.
But all in all, this component is a must-have.