MokoConsulting/MokoSuiteClient

Table of Contents

Security & Firewall

WAF Shields
Security Headers
IP Management
Password Policy
Admin Access
Current IP Display

Security & Firewall

The firewall plugin provides comprehensive security hardening for Joomla sites.

WAF Shields

Shield	Description	Default
SQL Injection	Blocks SQL injection patterns in GET/POST	On
XSS	Blocks cross-site scripting attempts	On
Malicious User Agents	Blocks known scanner/attack tools	On
Remote File Inclusion	Blocks URL includes in parameters	On
Directory Traversal	Blocks `../` path traversal	On

Security Headers

Header	Default Value
X-Frame-Options	SAMEORIGIN
X-Content-Type-Options	nosniff
X-XSS-Protection	1; mode=block
Referrer-Policy	strict-origin-when-cross-origin
HSTS	Off (enable manually)
Content-Security-Policy	Empty (configure per site)
Permissions-Policy	Empty (configure per site)

IP Management

Trusted IPs: bypass WAF shields, extended session timeout
IP Blocklist: block specific IPs, CIDR ranges, wildcards
Auto-Ban: automatically block IPs after N WAF triggers within M minutes

Password Policy

Minimum length (default: 12)
Require uppercase, number, special character

Admin Access

Admin Secret URL: require ?secret=xyz to access /administrator
Block Frontend Super User: prevent super admin accounts from logging into frontend

Current IP Display

The firewall settings page shows your current IP address with a copy button for easy addition to the trusted IPs list.

Pages