Below is a complete features list of Conformance Portal Firewall Security Features.

System Check 

   Base Portal Security    
    checks whether you are using the latest version    
    Default admin: checks whether the default "admin" user is in use and if the username and password offer a good level of security against brute-force attacks.    
    Database password: checks whether the database password offer a good level of security against brute-force attacks.    
    FTP password: if you store your FTP password in the Global Configuration you leave your FTP exposed. Anyone who can access the Global Configuration will be able to retrieve your password and access your FTP account.    
    SEF: checking if you have Search Engine Friendly URLs enabled and by enabling SEF    
    configuration.php integrity: checks the integrity of your configuration.php file to be correct.    
    Admin users passwords: checks your other website admins to have a proper password which offer a good level of security against brute-force attacks.    
    Session lifetime: if you setup your session lifetime too high, you will be vulnerable to prying eyes. It's recommended to keep a lower session lifetime so it will expire early in case you leave your computer.    
    Checking for .htaccess: a preconfigured htaccess file. This contains instructions to avoid common exploits and SEF implements.    
    Session Handler: if this is set to 'Database' it will be issuing a warning.    
    Checking if website is blacklisted: the check is performed against Google Safe Browsing lists

  Server Configuration
    allow_url_include: this option allows the use of URL-aware fopen wrappers with the following functions: include(), include_once(), require(), require_once(), thus enabling an attacker to include his own PHP scripts.    
    open_basedir: restricts access to specified directories only.    
    disable_functions: disables certain PHP functions. It is recommended to disable: system, shell_exec, passthru, exec, popen, proc_open.    
    expose_php: this could allow attackers to retrieve information about your PHP version and we recommend setting this Off.

  File Integrity
    This scans the integrity of your portal files while also scanning your files for common malware.    
    Checking if CP core files have been altered in any way. It compares the actual file with a pre-calculated hash of the original core file. The files that have been modified are displayed individually along with the path to that particular file. The File Integrity check is not only a detection tool, but also offers a mechanism that tries to repair the detected problem.    
    CPFirewall also allows you to view the differences in modified core portal files. When performing a System Check, the differences will be displayed after pressing the "View differences" button within the Details section of Scan Results.    
    The original file can be automatically downloaded by clicking on the "Download original" button associated with your modified file within the Details section of Scan Results.    
    File permissions: all files with permissions higher than 644 will be highlighted;    
    Malware patterns: checks for shell patterns inside files and check for a list of known malware files. Malware, short for malicious software, is software designed to infiltrate or damage a system without the owner's consent

  System Logs
    The System Logs feature offers a logging utility to the CPFirewall component, thus empowering the user to keep track of the site security issues.    
    Essentially it logs all security important events that take place on your Joomla! installation. The System Logs tool enables the owner to add various filters and sorting like: alert level, date, IP, userID, username and page. Upon pressing on the IP a "Who is" service checks the specified IP address, thus displaying further information.    
    Each log entry provides a Description section for more details on the event that occurred. Depending on the event itself, further debug information is provided by clicking on the "Show" button on the entry row, while IP addresses can be also directly blacklisted or whitelisted on-demand from the System Logs.

   Active Scanner    
    Enable / Disable Active Scanner    
     Log all blocked attempts: Set to Yes in order to log all blocked attempts. Use this option to identify false alerts on your website.    
    Remove the generator meta tag    
    Convert email addresses from plain text to images    
    Check core Conformance Portal file integrity    
    Monitor the configured list of files for changes    
    Grab IP from Proxy Headers: some servers are behind a proxy or firewall and will not provide the correct IP. If this is your case, contact the proxy provider and ask them through what header are they sending the real IP.

  PHP, Javascript & SQL Protections    
    Local file inclusion - disallows directory traversal techniques that might allow an attacker to read sensitive files by exploiting coded extensions.    
    Remote file inclusion - disallows attackers to download an run malicious scripts by exploiting poorly coded extensions    
    Enable protections for - Form data (POST) enables filtering for information submitted through forms (eg. article editing, user registration etc). While URL data (GET) enables filtering for variables that are located in the URL.    
    Enable protections for - Form data (POST) enables filtering for information submitted through forms (eg. article editing, user registration etc). While URL data (GET) enables filtering for variables that are located in the URL.    
    Filter Javascript - by setting this to Yes, the Javascript will be filtered instead of the connection being dropped.    
    Enable protections for - Form data (POST) enables filtering for information submitted through forms (eg. article editing, user registration etc). While URL data (GET) enables filtering for variables that are located in the URL    
  DoS Attacks, Automatic Blacklisting, & Uploads    
    Protect against DoS(Denial of Service) attacks for User Agents (perl, cURL, Java or empty User Agents)    
    Protect forms from abusive IPs - checks if IPs of form submitters exist in the Spamhaus XBL and SBL lists.    
    Deny access to the following referers - Referers are visitors coming from another website(domain). You can block multiple domains by specifying them each on a new line. You can also use wildcards, such as * which will block any request coming from all subdomains of, etc.).    
    Automatic blacklisting: if repeated threats are detected with the same IP address, this will automatically be added to the Blacklist area    
    Automatic blacklisting for /administrator login: with this option enabled, failed backend logins will lead to an automatic ban.    
    # of attempts: this is the minimum number of attempts before the attacker will be added to the blacklist and banned from your portal.    
    Capture backend login attempts or/and store the password attempts    
    Filter uploads by deleting the file(s) instead of the connection being dropped.    
    Verify if uploaded files have multiple extensions    
    Verify uploaded files for known malware patterns    
    Don't upload files with the configured list of banned extensions

  Logging Utility    
    Logs any events that trigger CP Firewall so that you can review them. The logging utility also offers the possibility to send out an email if a security event is recorded that has a security level higher then a preconfigured value (low, medium, high, critical).    
    To keep the database fresh and prevent if from overloading, a days to keep log history option was added, log entries older then the number of days you set, will be automatically deleted.    
    To limit the potential high number of emails (each event / attempt) can potentially generate an email, a maximum number limit of sent emails per hour option has been added. If the limit is reached, no more emails will be generated.    
    You can also set how many CP Firewall related events to show in the System Overview by adding a number in the events to show field.    
    You can set the preferred WhoIs service for both IPv4 and IPv6. Up until this point, was used by default. You can use the {ip} placeholder to transmit the IP directly though the URL.