PrestaShop Firewall:
block attacks in real time
Collaborative protection against SQL injections, cross-site scripting (XSS), brute force and directory traversal attempts. Every blocked attack strengthens security across the entire network.
Threats the firewall blocks
SQL injections
SQL injections are the number one threat for PrestaShop stores. Attackers exploit GET/POST parameters to execute malicious SQL queries and steal your customer data, orders and payment information.
Cross-Site Scripting (XSS)
XSS attacks inject malicious JavaScript into your pages. They enable admin session theft, customer redirection to phishing sites and skimmer injection.
Brute force
Brute force attacks target your admin page (/admin) and customer accounts. Thousands of login/password combinations are tested automatically every day.
Directory traversal (Path traversal)
Attackers attempt to access sensitive files (config/settings.inc.php, .env, etc.) by manipulating paths in URLs. The firewall blocks these attempts before execution.
Vulnerable module exploitation
Many third-party PrestaShop modules contain known vulnerabilities. The firewall blocks exploitation attempts even if the module has not yet been updated.
Malicious bots and scanners
Automated bots continuously scan your store for vulnerabilities. The firewall identifies and blocks these scanners before they find an entry point.
SSRF (Server-Side Request Forgery)
Attackers manipulate URLs in payment or import modules to force your server into making requests to internal resources or third-party services. The firewall detects and blocks these attempts.
Open redirects
Attackers exploit redirect parameters to direct your customers to phishing sites. The firewall analyzes redirect URLs and blocks those pointing to unauthorized external domains.
Collaborative defense: a network that protects every store
The PrestaSecure firewall doesn't protect your store in isolation. Every attack detected across the network automatically strengthens protection for all members. True collective intelligence for your security.
Progressive local ban
Every malicious request is blocked instantly. After 3 attempts, the IP is temporarily banned: 15 minutes, then 2 hours, then 24 hours. Bans expire automatically after 24h of inactivity.
Network escalation
If an IP attacks 3 different stores, sends 10+ malicious requests in 24h, or uses multiple attack types, it is added to the network blacklist and blocked on all protected stores.
Temporary network blacklist
Network-blacklisted IPs are blocked for 30 days. If the IP doesn't reoffend, it is automatically released. No permanent blocking: dynamic and shared IPs are never penalized indefinitely.
How the firewall works
Intercept before PrestaShop
The firewall runs before the PrestaShop router. Every HTTP request (GET, POST, cookies) is analyzed against hundreds of detection rules specifically designed for PrestaShop.
Block and escalate
Malicious request detected? Instant block (403). The IP gets a strike. At 3 strikes: progressive local ban. Beyond network threshold: shared blacklist across all stores.
Hourly synchronization
Every hour, the module syncs its threat logs with the central server. The network blacklist is recalculated and redistributed to all stores on the network in near real-time.
Expiration and release
No ban is permanent. Local bans expire after 24h of inactivity. Network blacklist expires after 30 days. Dynamic IPs are never penalized for life.
Firewall FAQ
-
Can the firewall block legitimate visitors?
The risk of false positives is extremely low. Our rules are designed specifically for PrestaShop and tested on thousands of stores. If in doubt, you can whitelist an IP from the dashboard.
-
Does the firewall slow down my site?
No. Request analysis takes less than one millisecond. The impact on load time is imperceptible to your visitors.
-
Does the firewall replace a server firewall (CSF, iptables)?
No, it complements it. A server firewall operates at the network level (ports, protocols). The PrestaSecure firewall operates at the application level (HTTP parameters, request content). Both are complementary.
-
Can I see blocked attacks in detail?
Yes. Every blocked attack is logged with the source IP, threat type, full request and timestamp. You can view these logs from the module or from prestasecure.com.
-
Is the firewall included in all plans?
The firewall is included in the Advance (EUR 29/month) and Serenity (EUR 690/year) plans. The Essentials plan includes antivirus only.
-
How does the collaborative blacklist work technically?
The module sends its threat logs to the central server every 6 hours. The server aggregates data from all stores and identifies dangerous IPs based on 3 criteria: attacks on 3+ sites, 10+ attacks in 24h, or use of multiple attack vectors. These IPs are added to the network blacklist (30 days) and redistributed to all modules at the next sync.
-
Can an IP be permanently blocked?
No. All bans are temporary. Local bans expire after 24h of inactivity. The network blacklist expires after 30 days without reoffending. If a dynamic or shared IP was used for an attack, it will be automatically released once the period has passed.
A specialized application firewall for PrestaShop
Attacks against PrestaShop online stores are constantly increasing. SQL injections via third-party modules, brute force on admin pages, XSS in forms — these threats exploit vulnerabilities specific to the PrestaShop ecosystem that generic firewalls don't detect.
The PrestaSecure firewall is a WAF (Web Application Firewall) built exclusively for PrestaShop. It analyzes every incoming HTTP request and compares it against a specialized rule base. Unlike Cloudflare or Sucuri which apply generic rules, PrestaSecure understands PrestaShop installation structure and adapts its rules accordingly.
Thanks to its collaborative architecture, the firewall continuously improves. Every attack detected across the network enriches the threat database. The more stores protected, the stronger your protection becomes.
Block attacks before it's too late
The firewall is included in the Advance and Serenity plans.