A WAF, or Web Application Firewall, is a security solution designed to protect web applications from various types of online threats and attacks. It acts as a security barrier between a web application and the internet, inspecting and filtering the incoming and outgoing traffic to the application.
WAFs are an essential component of web application security, helping to safeguard against a wide range of cyber threats and vulnerabilities that can potentially exploit weaknesses in web applications. They are commonly used to enhance the security of websites, online services, and web-based applications.

A hit is a page request. Each time user asks to display your web application and a request is sent to the firewall to verify his legitimacy to access, a hit is recorded (this does not include internal crons and activities). Each visitor can have one or more hits (page view/your application request). Hits are pooled until they reach the package limits.
Once you hits reach your limits, the firewall will no longer consider your ruleset and will allow all ip requests. Visitor hits are logged, with a focus on both the initial and final hits displayed prominently in your dashboard’s history section.
The hits limits are set far beyond the average traffic that a website does on a monthly bases total hits expected.
This intends to protect our clients from surpassing their monthly package’s in few hours because of abnormal activity. The firewall will alert you about such limits reached, as this will trigger you to check details about the reasons of such suspicious activity.

The service is designed to be compatible with most hosting servers and can be easily installed using PHP. As PHP is widely used across the web, with most of websites (as of May 2023) utilizing it, most hosting environments either have PHP installed or offer support for it. This includes popular applications such as “Prestashop,” “Magento,” “Drupal,” “Joomla,” “WordPress,” “WooCommerce,” “OpenCart,” and many others, which are predominantly built on PHP.
Even if your website primarily consists of static HTML pages, or if you use other programming languages like ASP or Python, as long as your hosting provider supports PHP, you should be able to take advantage of our solution. PHP provides the necessary foundation for integrating our service with your web application, regardless of the specific technologies used. Users should note that our support is exclusively for clients utilizing our plugins on PHP native servers.

In case, the proficiency scale ranges from 0 to 10, where 0 signifies minimal skill requirements, and 10 denotes an advanced level of expertise for managing a WAF. While managing competing WAF services typically demands a baseline skill level of 2, our website application firewall service stands out as the world’s most sophisticated, requiring minimal user skills, making it the ideal solution for individuals with 0 skill level.

Yes. If you server already supports PHP otherwise you may just add PHP support to Asp and Python. Alternatively you web host should do it for you. For more information please visit our Knowledge Base on how to do this @ https://cloud.geniusplugin.com/knowledge-base/installation~5/

Yes. The back and front office protection are activated separately. The WAF protection rules are also slightly different.

These are basic information you need to know to setup your website firewall rules
Ips – Each visitor has an ip. Visitors are tracked thanks to Internet ip system. IP (Internet Protocol) like 35.170.81.33, which is YOUR ip, is a unique address that identifies a unique device (or network) on the internet.
Host – A Host or Hostname is a computer which acts in most cases ”without the human intervention”. It exchanges or collects data, offers services..etc, but whether it has malicious or legitimate activity, that depends!
URL – URL is nothing more than the address of a given page on the Web. For example, current page url is: https://www.geniusplugin.com/faq/. The url is always seen on the browser address bar. To access a url (web address), you may click on a link, or write it manually on the browser address bar.

Yes. You can use a single ip address or a CIDR range to allow/deny special user(s)

We automatically update one to many times a day the list of tens legitimate services, with hundreds of thousands of IP addresses associated with these service providers, among which:
Googlebot, Google crawlers, Msn, Facebook, Yahoo, Yandex, Linkedin, Exalead, Duckduckgo, Blekko, Baidu, Pinterest.
If you think a search engine or a website should/not be among this list, you may just add it into your Website Firewall ruleset and it will be instantly authorized/denied depending on your choice.

To manage access permissions for search engines, bots, or specific servers, you can easily control the authorization or denial by adding their full or partial names to the allow/deny hostname list. It is essential to prioritize the protection of your back-office against any non-human entities, particularly search engines and crawlers. By doing so, you can prevent them from publicly displaying sensitive information such as your back-office login page, error messages, or folder structure.

By maintaining control over the allow/deny hostname list, you can ensure that only authorized entities have access to your back-office, enhancing the overall security of your website.


Another feature of GP Website Firewall is “Test Mode”. The test-mode allows you to simulate access to your site as if you are a chosen visitor. You can fake any ipv4 or ipv6 address. To use the test-mode, it would have to be activated from your ruleset withing the settings page.
Once activated, you simply have to add a shortcode into your browser address bar url on any of your website page, then check your dashboard to see how GP Firewall deals with this user. Awesome!
Always remember to deactivate this function after finishing the use. If you forget, GP Firewall will anyway do it for you.

From within your GP Firewall dashboard history, you can check for a particular user. The table filters and search engine make it very easy and fast to find whatever information related to.

Definitely yes!
Tor is a software for enabling anonymous communication. Used mainly to access dark-web where users are hidden under the exit nodes the Tor network.
Proxy (open/HTTP, SOCKS5, public, Glype, PHProxy ..) is a forwarding server. Users are hidden under the IP address of the proxy server.
Anonymizing VPN service create a tunnel between user and the internet. Users are hidden under the IP address of the VPN server.
Fake crawlers are robots that imitate major search engines (Google, Bing, Yandex ..).
Bad IP addresses run attacks on the web.
Legitimate users typically have no need to hide their IP data, just as you would not allow masked strangers into your home or office and give them unrestricted access.

Yes. Your WAF can send an e-mail alert on fired visitor. You may activate this function temporarily, first time you are trying out the GP Firewall behavior and your ruleset, or when you are under attack. Bad ips and long deny countries list may lead to receive huge number of notification email, that’s why we do not recommend activating this function for no reason.

Yes.

No, you will not be blocked by your own firewall ruleset. You have complete control over your firewall settings and can always manage and adjust them as needed. Unlike a firewall that is integrated within your web application code, our firewall solution operates separately from your website, reducing the risk of inadvertently blocking yourself or your administrative access.
By maintaining a clear separation between your firewall and your web application, you can ensure that the firewall functions independently and does not interfere with your own access or administrative activities. This design approach minimizes the chances of accidental blocks and allows you to effectively manage your firewall without hindering your ability to administer your website.

No, the GP Firewall Live World Cyber Attack Map is intended for individual clients and not for public distribution. It is a proprietary technology exclusive to GP Website Firewall and is provided to our clients as a value-added feature. While it is impressive and informative, it is not meant to be published on external websites or blogs.

You may at anytime download a csv format list of your hits from the dashboard. You just have to click on the “Generate report” button at the top right of the dashboard page.

Yes. We meticulously monitor both your SSL and DNS status, conducting several hundred checks each day. Any potential issues are promptly communicated to you through email notifications and prominently displayed on your dashboard’s main page for immediate attention. Read more about SSL Status

We accept Visa, Mastercard, American Express, Discover, Diners Club, JCB, China UnionPay payments from customers worldwide and Bank Transfer to our US based bank from almost anywhere.

In addition, depending on your location, and client group, you can credit your account with:
Alipay, Google Pay, Cash App Pay, WeChat Pay, Bancontact, EPS, iDEAL, Giropay, Przelewy24 – P24, Afterpay Clearpay, Klarna

Please contact our support team to discuss suitable options based on your specific circumstances.

You can search Client Area knowledge base, chat with a support agent if we are live right now or rise a support ticket if you have already an account with us. Alternatively you can still email us your questions with this form.

We Protect Your Website

Wordpress, Joomla, WHMCS, Clientexec, any php open source or custom script.. GP WAF is designed for everyone.