A web application firewall (WAF) is a great way to detect and filter incoming malicious requests before they can exploit website vulnerabilities and security flaws. While a WAF helps protect against threats over HTTP/HTTPS, the website can still be hacked from the inside.
One common way that websites get reinfected is through cross-site contamination, which can occur even when a website is behind a firewall.
Cross-site contamination happens when one website is infected and the malware copies itself into other directories, infecting all sites on the same server.
Source: Scuri check