Leaderboard

Hello ! 👋 I'm excited to share WireWall, a comprehensive security firewall module I've been developing for ProcessWire. After months of real-world testing on production sites (including blocking 99.98% of malicious traffic on my e-commerce platform), I'm ready to release it to the community. What is WireWall? WireWall is a ProcessWire-native security module that provides enterprise-grade protection with granular geographic and network-level blocking. Unlike traditional firewalls that only block by country, WireWall lets you block by city, region (state/province), VPN/Proxy/Tor, ASN, and more. Key Features Geographic Blocking: City-level blocking - Block specific cities worldwide (e.g., "Philadelphia", "Beijing", "Tokyo") Region blocking - Block entire states/provinces (e.g., "Pennsylvania", "California", "Tokyo Prefecture") Country blocking - Traditional country-level controls with whitelist/blacklist modes Network Protection: VPN/Proxy/Tor detection - Multi-API detection system with intelligent fallback Datacentre detection - Block AWS, Google Cloud, DigitalOcean, and other hosting providers ASN blocking - Block entire autonomous systems by ASN number Rate limiting - Per-IP rate limits with automatic temporary bans AI bot blocking - Automatically block GPTBot, ClaudeBot, and other AI scrapers Performance & Scalability: File-based cache - Scales to 1M+ IPs with zero database overhead Lightning-fast lookups - 0.5-2ms with MaxMind databases HTTP fallback - Works without MaxMind databases (though less performant) Smart caching - GeoIP cached for 30 days, VPN checks for 7 days Developer-Friendly: Priority-based system - 14 security layers evaluated in order JavaScript challenge - Detect and block headless browsers Comprehensive logging - Debug mode with detailed request information Cache management UI - Built-in interface to view stats and clear cache Triple admin protection - Logged-in users, IP whitelist, admin area bypass Real-World Results On my e-commerce site (LQRS.com), WireWall has been running for several months with impressive results: 99.98% blocking rate - Nearly all malicious traffic blocked Zero false positives - Legitimate customers unaffected Significant reduction in AWS/cloud-based automated attacks Complete elimination of VPN/proxy fraud attempts Installation cd /site/modules/ git clone https://github.com/mxmsmnv/WireWall.git Then in ProcessWire admin: Modules → Refresh Install WireWall Configure your blocking rules You're protected! How It Works - Priority System WireWall processes every request through 14 prioritised security layers: Admin Area → ALLOW (ProcessWire admin always accessible) IP Whitelist → ALLOW (manual whitelist bypass) Rate Limiting → BLOCK (excessive requests) IP Blacklist → BLOCK (permanent blocks) JavaScript Challenge → CHALLENGE (suspicious requests) VPN/Proxy/Tor → BLOCK (anonymous services) Datacentre Detection → BLOCK (cloud hosting) ASN Blocking → BLOCK (autonomous systems) Global Rules → BLOCK (known patterns) Country Blocking → BLOCK (country rules) City Blocking → BLOCK (city rules) Region Blocking → BLOCK (region rules) Country-specific Rules → BLOCK (custom rules) Default → ALLOW ✓ First match wins - once a rule triggers, evaluation stops. MaxMind Integration WireWall works best with MaxMind GeoLite2 databases (free): GeoLite2-Country.mmdb - Country detection GeoLite2-City.mmdb - City and region detection GeoLite2-ASN.mmdb - Network/ISP detection Without MaxMind, it falls back to ip-api.com HTTP API (slower, with rate limits). City and region blocking require the MaxMind City database. Download MaxMind databases from: https://dev.maxmind.com/geoip/geolite2-free-geolocation-data Technical Details ProcessWire Version: 3.0+ PHP Version: 7.4+ (8.0+ recommended) Hook Point: ProcessWire::init (runs before any page execution) Cache Location: /site/assets/cache/WireWall/ Logging: /site/assets/logs/wirewall.txt (when debug mode enabled) Why Another Firewall Module? I needed something specifically for ProcessWire that: Scales efficiently - File-based cache handles millions of IPs without database bloat Provides granular control - City and region blocking isn't available in other solutions Works offline - MaxMind databases work without external API calls Integrates natively - Built specifically for ProcessWire's architecture Stays free - Open source, no premium tiers or upsells Other solutions like Wordfence (WordPress), Sucuri (paid service), and ModSecurity (server-level) either don't integrate well with ProcessWire or lack the geographic granularity needed for fraud prevention. Resources GitHub Repository: https://github.com/mxmsmnv/WireWall Documentation: Full README with installation, configuration, and troubleshooting Landing Page: https://wirewall.org Licence: MIT (free for commercial use) Quick Start TL;DR # Install cd site/modules && git clone https://github.com/mxmsmnv/WireWall.git # Activate in ProcessWire admin Modules → Install → WireWall # Configure - Enable module - Set blocking rules (cities/regions/countries) - Enable VPN detection - Configure rate limiting - Save # Monitor Setup → Logs → wirewall.txt I'm happy to answer any questions! Has anyone else been working on security solutions for ProcessWire? I'd love to hear about your approaches and challenges. Best regards, Maxim

I've settled on Omarchy! I spent a couple days getting used to Hyprland and tweaking it to my needs. It's a bit of a mind shift not having a taskbar/dock anymore, but I made it nice and easy to switch workspaces very quickly and do some basic window manipulations. It's nice having a Windows VM set up as well (I need Photoshop for work since I work with printing companies; CMYK support is a must). It's time to say goodbye to Windows!

This would be the ultimate development tool. I understand how it could be difficult to implement, as I found out the hard way with repeaters that if you save all field properties into a migration file it deletes data when applied. So far I haven't experienced anything so catastrophic with any other field types. I wonder if in a migration for a module at least, that's using config migrations, whether it would be possible to define a watch list of fields and templates so that any time these are changed via the GUI, their individual migration file will be updated? They probably would still need some manual editing to remove unnecessary properties, but a good diff tool can do this quickly. I hadn't spotted that before. Very nice feature to avoid having to remember lots of stuff. I think I can remember 'rmf'. 🙂 What happened here is I defined the fields via the UI as normal fields without any prefix, then copied the definitions from the UI into config migration files. When I installed the module, the fields got created, but with prefixes. I will experiment with renaming the fields and templates in the GUI before I add them to config migrations, and see if this gives me just a single copy of each field and template. Do I still need to follow the convention of site/RockMigrations/templates, site/RockMigrations/fields etc? I made the files in a module because I thought config migrations require a module, but if they work at the site level as well, that might be more appropriate. My migrations probably don't need to be part of a module however I started thinking about a website itself like an object. Even the most basic website will probably have certain fields and templates to be functional. Depending on what else it does, it will need additional fields and templates that extend that base. If I decide I want to refine that base, I can do it in one place and apply it to all sites that use it without having to copy and paste any code if I have it defined in a module.

@ryan I'd be interested to hear how you work on a project with multiple developers and manage keeping each developer's development instance in-sync. For example, are you using a migrations module like RockMigrations or writing migrations in a module specific to the site that adds/updates fields/templates/pages/settings when the module is updated using a version compare? Or are you doing something completely different? I'd be interested to hear how you handle this given that ProcessWire stores much of its configuration in the database.