Auto Fixer Module
No time to manually fix every issue the security test identified?
In the Pro version you can fix over 30 issues with just one click.
- Quickly make your site secure without spending hours modifying PHP code
- Auto-backup in case something goes wrong
- Perfect for beginners
- Detailed explanation of all fixes
- Easy-to-use GUI
Please note that due to their complexity, not all tests can be auto-fixed.
Auto-fix security issues
Security Ninja free can detect over 50 different security issues. In the pro version, you can use the Auto Fix feature to automatically protect you with these security issues.
Disable Anyone can register
The fix will disable the "Anyone can register" option
Change WordPress installation address
WordPress installation address will be changed, so it's not the same as the site address. Please log in again after the fix is applied
Fix weak user passwords
This fix can change the password for users that have a weak one.
Hide unnecessary information on failed login attempts
A universal "wrong username or password" message without any details will be displayed on all failed login attempts.
Update wp-config.php permissions
wp-config.php file permissions will be changed to an optimal value (0440).
Move wp-config.php
Move the wp-config.php file one level up in the folder structure. This makes it more difficult for scripts to read values from. This file is critical to your website and your security as it holds database passwords and other relevant information.
Enable automatic WordPress core updates
The fix will enable automatic WordPress core updates.
Update WordPress Database Password
Update the WordPress database password to a stronger one.
Change database table prefix
Knowing the names of your database tables can help an attacker dump the table's data and get to sensitive information like password hashes.
Since WP table names are predefined, the only way you can change table names is by using a unique prefix.
You should choose something that is different from "wp_" or any similar variation such as "wordpress_".
Delete inactive plugins
Fix will delete inactive plugins. There is NO undo.
Delete unused themes
Fix will delete unused themes. There is NO undo.
Enable automatic WordPress core updates
The fix will disable the general debug mode.
Disable plugins/themes file editor
Fix will disable the plugins- and themes file-editor.
Change user ID 1
This fix will change the ID of the user with the ID "1" to the next available ID in the users' table. You will need to log in again after this fix is applied.
Rename install.php
Rename install.php, so it is not accessible on the default location.
Update Outdated Plugins
Update all plugins to the latest version.
Remove readme.html file
the readme.html file will be renamed so it is not available on the default location.
Disable XMLRPC
If you are not using any Really Simple Discovery services such as pingbacks, there is no need to advertise that endpoint (link) in the header.
Please note that for most sites this is not a security issue because they "want to be discovered," but if you want to hide the fact that you are using WordPress, this fix will help.
Regenerate WordPress Security keys
This fix will regenerate all WordPress security/hash keys. After the fix is applied, you will be asked to log in again.
Update Outdated Themes
Fix will update all themes to the latest version.
Rename upgrade.php
Rename upgrade.php, so it is not accessible on the default location.
Make uploads folder non-browsable
The fix will modify the uploads folder, so it is not browsable, this prevents attackers from finding more details about your website and to find any files that they could target for an attack.
Change admin username
This fix will change the admin username to something else - the "admin" username is way too common and often used for attacks.
Once the fix is applied, you will need to log in again with the new username. Password will not be changed.
Prevent usernames discovery via user IDs
Modify your .htaccess file by adding rules to prevent redirections from your site.com/?author={id} to yoursite.com/author/username
Update Wordpress
Fix will update WordPress to the latest version.
Windows Live Writer Link
Remove Windows Live Writer link from the header.