Title: Modsecurity
Last modified: April 5, 2018

---

# Modsecurity

 *  Resolved Anonymous User 14978628
 * (@anonymized-14978628)
 * [8 years, 1 month ago](https://wordpress.org/support/topic/modsecurity-2/)
 * Hi, if one has Modsecurity installed is there any point in using this plugin?
   Thanks

Viewing 8 replies - 1 through 8 (of 8 total)

 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [8 years, 1 month ago](https://wordpress.org/support/topic/modsecurity-2/#post-10152283)
 * Hi
 * You can use both.
    -Modsecurity: use it to handle generic rules. -NinjaFirewall:
   use it to handle all the rest, including WP related rules and policies.
 * The difference is that, even if NinjaFirewall and Modsecurity work before WordPress,
   NinjaFirewall knows what’s going on with your blog. For instance, it could detect
   and block a user attempting to gain administrator privileges while Modsecurity
   couldn’t. It can also do real monitoring with its File Guard feature.
    Also, 
   each site can have a different configuration with NinjaFirewall, while Modsecurity
   will apply to the whole server (which is fine for generic rules).
 * More details about its options and policies: [https://blog.nintechnet.com/securing-wordpress-with-a-web-application-firewall-ninjafirewall/](https://blog.nintechnet.com/securing-wordpress-with-a-web-application-firewall-ninjafirewall/)
 * Both can work well together.
 *  Thread Starter Anonymous User 14978628
 * (@anonymized-14978628)
 * [8 years, 1 month ago](https://wordpress.org/support/topic/modsecurity-2/#post-10153886)
 * Hi, thanks for explaining this. What about if one is using the Cloudflare WAF?
   Would it still be of any benefit using this plugin? Or what about the other way
   around. Could this plugin be used as a replacement for the Cloudflare WAF?
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [8 years, 1 month ago](https://wordpress.org/support/topic/modsecurity-2/#post-10156164)
 * NinjaFirewall can be used as a replacement for any cloud-based WAF. As I mentioned
   in my previous message, one of its advantages is that it knows what’s going on
   with your WP install and more generally, with all your files and DB.
 *  Thread Starter Anonymous User 14978628
 * (@anonymized-14978628)
 * [8 years, 1 month ago](https://wordpress.org/support/topic/modsecurity-2/#post-10156517)
 * That’s good to know, thanks.
 *  Thread Starter Anonymous User 14978628
 * (@anonymized-14978628)
 * [8 years, 1 month ago](https://wordpress.org/support/topic/modsecurity-2/#post-10157340)
 * Just saw this article:
 * [https://blogvault.net/an-in-depth-review-of-ninjafirewall-against-common-wordpress-attacks/](https://blogvault.net/an-in-depth-review-of-ninjafirewall-against-common-wordpress-attacks/)
 * Basically it says that firewalls with predefined rules aren’t always effective
   as attackers can just modify signatures to avoid detection. I guess in such cases
   a cloud WAF would work better due to more rapid updates?
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [8 years, 1 month ago](https://wordpress.org/support/topic/modsecurity-2/#post-10158201)
 * The article is not correct. NinjaFirewall does not only use rules, its uses heuristic
   detection and that works pretty well to block 0-day vulnerabilities. Rules can
   be updated automatically and hourly.
 *  Thread Starter Anonymous User 14978628
 * (@anonymized-14978628)
 * [8 years, 1 month ago](https://wordpress.org/support/topic/modsecurity-2/#post-10158277)
 * Perhaps the article is out of date then as it said Ninjafirewall failed one of
   the tests stating:
 * > NinjaFirewall didn’t stop the attack.
   > We think it was because NinjaFirewall has a list of rules for what attacks 
   > should look like, in a section called Rules Editor.
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [8 years, 1 month ago](https://wordpress.org/support/topic/modsecurity-2/#post-10159911)
 * I don’t know, but I recommend that you make your own tests. It’s always better
   to verify yourself 🙂

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘Modsecurity’ is closed to new replies.

 * ![](https://ps.w.org/ninjafirewall/assets/icon-256x256.png?rev=976137)
 * [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall](https://wordpress.org/plugins/ninjafirewall/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/ninjafirewall/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/ninjafirewall/)
 * [Active Topics](https://wordpress.org/support/plugin/ninjafirewall/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/ninjafirewall/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/ninjafirewall/reviews/)

## Tags

 * [modsecurity](https://wordpress.org/support/topic-tag/modsecurity/)
 * [waf](https://wordpress.org/support/topic-tag/waf/)

 * 8 replies
 * 2 participants
 * Last reply from: [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * Last activity: [8 years, 1 month ago](https://wordpress.org/support/topic/modsecurity-2/#post-10159911)
 * Status: resolved