Since version 3.4, NinjaFirewall (WP and WP+) can be installed in two different modes: Full WAF or WordPress WAF.
Full WAF mode
In Full WAF mode, NinjaFirewall will hook, scan, reject or sanitise any HTTP and HTTPS request sent to a PHP script before it reaches WordPress, its plugins or even the database. All scripts located inside the blog installation directories and sub-directories will be protected, including those that aren't part of the WordPress package. Even encoded PHP scripts (e.g., ionCube), potential backdoors and shell scripts (e.g., c99, r57) will be filtered by NinjaFirewall.
That makes it a true firewall and gives you the highest possible level of protection: security without compromise.
To run NinjaFirewall in Full WAF mode, your server must allow the use of the
auto_prepend_file PHP directive. It is required to instruct the PHP interpreter to load the firewall before WordPress or any other script. Most of the time it works right out of the box, or may require some very little tweaks. But in a few cases, mostly because of some shared hosting plans restrictions, it may simply not work at all.
WordPress WAF mode
The WordPress WAF mode requires to load NinjaFirewall via the WordPress
wp-config.php script. This process makes it easy to setup and the installation will always be successful, regardless of your hosting plan restrictions. NinjaFirewall will still load before WordPress, its plugins and the database and will run as fast as the Full WAF mode.
However, the downside of this mode is that NinjaFirewall will be able to hook and filter HTTP requests sent to WordPress only. A few features such as "File Guard", the URL Access Control and "Web Filter" (WP+ Edition only) will be limited.
Despite being less powerful than the Full WAF mode, it still offers a level of protection and performance higher than any other security plugin.
Switching from one mode to the other
There is no way to switch from one mode to the other. However, you can export your current configuration ("NinjaFirewall > Firewall Options > Export configuration") and uninstall NinjaFirewall. Then, reinstall it in the mode you want it to run, and simply reimport your saved configuration afterwards.