NinjaFirewall and the General Data Protection Regulation (GDPR).

by

NinTechNet


NinjaFirewall (WP, WP+, Pro and Pro+ Edition) is compliant with the General Data Protection Regulation (GDPR) which will take effect on 25 May 2018. It is required because, as a firewall, it saves IP addresses to a log which is stored on your server. Note that we, NinTechNet - the authors, do not collect any private data from your visitors and do not have access to your logs.

In order to be compliant, NinjaFirewall offers two different options: log deletion or IP anonymisation.


1) NinjaFirewall WP and WP+ Edition

  • Automatic deletion of old log files
    Available since version 3.6.2, it is disabled by default. It can be configured from the "NinjaFirewall > Firewall Log" page:

    I recommend to keep the firewall logs for at least a month or, better, 45 days before deleting them. If there were security issues with your website, you could consult them for digital forensic purposes.
    NinjaFirewall doesn't save its logs in the database, instead they are all stored on disk, inside the wp-content/nfwlog/ folder:

    In addition to the above option, users of the premium WP+ Edition can also delete the log whenever they want by clicking on the "Delete" button:



  • IP anonymization
    Disabled by default, this option is available in the "NinjaFirewall > Firewall Options" page:

    It will anonymize IP addresses (IPv4 and IPv6) by replacing their last 3 characters with the x character. Here's an example of an anonymized IP in the firewall log:
    03/Apr/18 20:03:05  #4835755  CRITICAL  2  90.142.231.xxx  GET /index.php - GET /wp-admin/admin-ajax.php - Unrestricted file upload - [GET:client_action = get_captions_css]
    As indicated, this option does not apply to:
    • Private IP addresses: There is no need to anonymize them, they aren't routable.
    • The "Login Protection": It refers to the "Write the incident to the server Authentication log" feature from the brute-force attack protection which is used to forward the offender's IP to the server authentication log in order to block it at the server level, usually via a third-party application such as Fail2Ban. For obvious reasons, the full IP must be forwarded because the kernel firewall cannot use anonymized IP addresses. Note that this is an optional feature and it is not enabled by default.
      If you are using the WP+ Edition and redirect events to the syslog server ("NinjaFirewall > Firewall Log > Write events to the Syslog server too"), IP addresses will be anonymized too.





2) NinjaFirewall Pro and Pro+ Edition

  • Firewall Log deletion
    I recommend to keep the firewall logs for at least a month or, better, 45 days if you can. If there were security issues with your website, you could consult them for digital forensic purposes. After that period, you can manually delete them whenever you want by clicking on the "Delete" button from the "Logs > Firewall Log" page:

    All logs are all stored on disk, inside the {ninjafirewall_folder}/nfwlog/ folder:

    If you can run scheduled tasks (e.g., crontab), here's a script that can be ran once a day to automatically delete old logs. You only need to configure the absolute path to NinjaFirewall's log folder ($nf_log_folder) and the number of day logs should be kept ($max_days):
    <?php  
    // =====================================================================
    // Script to delete NinjaFirewall's Pro/Pro+ older logs. You can run it
    // from a cron job e.g. `12 0 * * * /usr/bin/php /foo/bar/this_script.php`
    // =====================================================================
    // More info at http://nin.link/gdpr/
    // =====================================================================
    // Enter the full path to NinjaFirewall's log folder (no trailing slash):
    $nf_log_folder = '/foo/bar/nfwlog';
    // Enter how many days you want to keep the logs. Any log older than
    // that will be deleted:
    $max_days = '45';
    // =====================================================================
    
    // Convert to seconds:
    $max_days *= 86400;
    // Today's date:
    $now = time();
    // Retrieve the list of all logs:
    $glob = glob( $nf_log_folder . '/firewall_*.php' );
    if ( is_array( $glob ) ) {  
        foreach( $glob as $file ) {
            // Check its mtime:
            $filemtime = filemtime( $file );
            // Delete it, if it is too old:
            if ( $now - $max_days > $filemtime ) {
                unlink( $file );
            }
        }
    }
    
    // =====================================================================
    // EOF
    


  • IP anonymization
    Disabled by default, this option is available in the "Firewall > Options" page:

    It will anonymize IP addresses (IPv4 and IPv6) by replacing their last 3 characters with the x character. Here's an example of an anonymized IP in the firewall log:
    03/Apr/18 20:03:05  #4835755  CRITICAL  2  90.142.231.xxx  GET /index.php - GET /wp-admin/admin-ajax.php - Unrestricted file upload - [GET:client_action = get_captions_css]
    Note that this option does not apply to private IP addresses because they aren't routable, and thus there is no need to anonymize them.
    If you are redirecting events to the syslog server ("Logs > Firewall Log > Write events to the Syslog server too"), IP addresses will be anonymized too.






NinjaScanner

A powerful antivirus
scanner for WordPress.



NinjaMonitoring

Website Monitoring
for just .99 per month.



NinjaFirewall

Web Application Firewall
for PHP and WordPress.



NinjaRecovery

Malware removal
and hacking recovery.

Table of contents