Securing WordPress goes beyond strong passwords and regular updates. As a WordPress professional, I often recommend adding a web application firewall (WAF) like NinjaFirewall to protect sites against malicious requests. If you’re hosting on RunCloud with OpenLiteSpeed, you can configure PHP to automatically prepend NinjaFirewall to every request. This ensures your firewall runs before WordPress executes, giving you an extra layer of defense.

Why This Matters

  • Expert insight: Prepending NinjaFirewall means every PHP request is filtered before WordPress loads. This is a best‑practice setup for serious WordPress security.
  • Trustworthiness: NinjaFirewall is widely respected in the WordPress community, and RunCloud’s flexibility makes it easy to integrate.
  • SEO benefit: A secure site is less likely to be compromised, which protects your rankings and reputation.

Step‑by‑Step Guide

1. Navigate to Your Application

  • Log in to your RunCloud dashboard.
  • Go to Server → Web Applications.
  • Select the application you want to secure (e.g., khoipro).
  • Scroll down to find LiteSpeed Config.

2. Locate the Config File

RunCloud stores LiteSpeed handler configs per app. For our example, the file path is:

/etc/lsws-rc/conf.d/khoipro.d/handler/<appname>.conf

Open this file with your preferred editor (nano, vim, or via RunCloud’s UI editor).

3. Add PHP Overrides

Inside the phpIniOverride block, add the auto_prepend_file directive pointing to NinjaFirewall:

phpIniOverride {
  php_value short_open_tag On
  php_value upload_max_filesize 100M
  php_value post_max_size 100M
  php_value auto_prepend_file "/home/runcloud/webapps/khoipro/wp-content/nfwlog/ninjafirewall.php"
}

This ensures NinjaFirewall loads before WordPress runs.

4. Save and Reload

After editing:

sudo systemctl reload lsws-rc

This reloads OpenLiteSpeed and applies your changes.

5. Verify the Configuration

  • Create a phpinfo.php file in your web root with: <?php phpinfo(); ?>
  • Visit it in your browser.
  • Search for auto_prepend_file. You should see the NinjaFirewall path listed.

Key Takeaways

  • Security first: NinjaFirewall is now protecting every PHP request.
  • RunCloud flexibility: Editing OpenLiteSpeed configs is straightforward and powerful.
  • WordPress expertise: This setup is recommended for professionals who want hardened security without sacrificing performance.
Tags Runcloud WAF WordPress
Khoi Pro
About the author

Khoi Pro

WordPress Expert, Open Source Contributor & Founder of CODE TOT. Building high-performance WordPress websites with clean code.