WAF storage engine
VMP Security stores its firewall data — WAF logs, blocked-IP lists, rate-limit counters, and run-time configuration — in WordPress database tables created with the standard WordPress table prefix (for example wp_vmpfence_waf_log, wp_vmpfence_blocked_ips). There is no separate file-based storage directory.
In This Article
Viewing the current storage engine
Open VMP Security → Tools and switch to the Diagnostics tab. The diagnostics report includes a row labelled “Configured WAF storage engine (VMPFENCE_WAF_STORAGE_ENGINE)” that shows the current value, or (default) if the constant is not set.
Configuring the storage engine
The storage engine is selected via a PHP constant in wp-config.php, not from a UI dropdown. Add the line below to wp-config.php, just before the /* That’s all, stop editing! */ comment:
define('VMPFENCE_WAF_STORAGE_ENGINE', 'mysqli');Reload the Diagnostics tab to confirm the new value is in effect. To revert to the default, remove the line (or comment it out).
If you do not have access to wp-config.php, leave the constant unset — the default value works correctly for the vast majority of sites and shared hosts.
Tables created by the firewall
The most relevant tables (always prefixed with your WordPress table prefix) are:
vmpfence_waf_log— per-request firewall events used to drive Live Traffic and the Firewall Detailed Summary.vmpfence_blocked_ips— current and historical IP blocks (rate limit, brute force, manual, sync).vmpfence_blocked_countries— country block list and counters.vmpfence_audit_log— security and admin events tracked by the audit log.
You can confirm the full list and current row counts on the Tools → Diagnostics tab, in the Database Tables section.