Safe, Simple & Secure
WordPress Security made easy
Easy to use, yet with powerful features. We believe security should be easier for everyone.
Security Ninja has been around since 2011 and has helped thousands of users around the world!
Block visitors by countries you do not want to access your website.
Protect Login Form
Block repeated attempts to log in with wrong passwords or unknown usernames. Customize settings and message.
Plugin Integrity Checker
Checks the installed plugins and verifies plugins from wordpress.org has not been modified - an early warning sign of malicious code.
Premium USA based support
We never outsource support! It's provided by people who created the plugin and use it every day.
Redirect blocked visitors
Don't want blocked visitors to even see your website? Redirect them to any URL you wish.
Block Suspicious Requests
Block requests from visitors that include malicious requests.
Import / export settings
Configuring many websites? Use the import/export tool to save a lot of time.
Available on 25+ licenses package it gives you the option control licenses remotely for client sites and completely hide license information.
Get Security Ninja Pro
$7.99 / month
1 month of updates and support.Your subscription will auto-renew until canceled.
or start 14-day free trial
$39 / year
Black Friday: $19.50
1 year of updates and support. Subscription auto-renews each year until canceled.
or start 14-day free trial
$99 / lifetime
Black Friday: $49.50
One-time payment - updates and support forever. No subscription.
or start 14-day free trial
30 Day Money Back Guarantee
You are fully protected by our 100% Money Back Guarantee. If during the next 30 days you experience an issue that makes the plugin unusable and we are unable to resolve it, we'll happily consider offering a full refund of your money.
Features you need for protecting your website
Preventing bad visitors to even access your website is the best kind of protection.
Security Ninja uses different methods of protection - preventing bad guys from even visiting your website.
- Block suspicious requests - Uploading executable files, SQL injection attacks and a lot more.
- Cloud Firewall - a dynamic, continuously changing database of bad IP addresses updated every six hours. It contains roughly 600 million IPs that are known for distributing malware, performing brute force attacks on sites and doing other "bad" activities. The database is created by analyzing log files of millions of sites.
- Login Protection - Block repeated failed login attempts, prevent brute force login attacks.
- Country Blocking - Prevent visits from any country from visiting.
- Show a message to blocked visitors or redirect them to any other URL.
Find malicious code infections on your website and identify suspicious files.
The malware scanner module searches for any malicious code on your website - a clear sign of a hack.
Automatically scan your WordPress website for malicious code.
Get email notifications if your website gets infected.
Scan your WordPress website core files for infections.
Finds unknown files and detect modifications to the official WordPress files.
- The Core Scanner compares all your core WordPress files (over 1,200) with the secure master copy maintained by WordPress.org.
- With one click you will know if even a byte was changed in any file. If so, you can immediately recover the original version.
- This helps you find infected files that should be removed.
Keep an activity log of important events on your website.
Track suspicious activity in your administration and determine who did what.
- The Events Logger monitors, tracks and reports every change on your WordPress site, both in the admin and on the frontend.
- Simple audit logging - Keep an activity log of what happens on your website and help troubleshoot bugs.
- Know what happened on the site at any time, in the admin and on the frontend.
- Easily filter through events.
- Know exactly when and how an action happened, and who did it.
- Receive email alerts for selected groups of events.
- More than 50 events are instantly tracked with all details.
Security tests are the core of Security Ninja and the tests combine years of know-how in WordPress security and provide a comprehensive overview of everything you need to know about your site.
Your website will be checked for over 50 different security issues, ranging from minor to major.
The security testing and suggestions are also part of the free version. In the pro version however you can automatically fix some of the problems. (Not all issues can be automatically fixed).
No time to manually fix every issue the security test identified?
You can fix over 30 issues with just one click.
- Change database table prefix.
- Update WordPress Database Password.
- Enable automatic WordPress core updates.
- Move wp-config.php one level up in the folder structure.
- wp-config.php file permissions will be changed to an optimal value (0440).
- Hide unnecessary information on failed login attempts.
- Fix weak user passwords.
- Change the WordPress installation address.
- Disable Anyone can register.
- Update Outdated Plugins.
- Delete the license.txt file.
- Delete install.php so it is not accessible on the default location.
- This fix will change the ID of the user with the ID "1" to the next available ID.
- The fix will disable the plugins and themes file editor.
- Enable automatic WordPress core updates.
- Delete unused themes.
- Delete inactive plugins.
- Hide WP version info.
- Remove Windows Live Writer Link from the WordPress page header.
- Update WordPress to the latest version.
- Prevent usernames discovery via user IDs.
- Change admin username.
- readme.html file will be deleted.
- Make uploads folder non-browsable
- Delete upgrade.php
- Update Outdated Themes.
- Disable script debug mode.
- Regenerate WordPress Security keys.
- Disable XML-RPC.
|Block known bad IPs|
|Security Testing (weak spots)||-|
|Installed Plugin Integrity checks||-||-|
|Security Reports (email)|
|Login Form Protection|
|Easy fix issues (Autofix)||some||some||-|
|Log events to syslog files||-||-||-||-||-|
|Malware scanning||Sucuri Sitecheck|
Awesome! Definite detection of issues. Very simple and easy to understand.
Thank you NINJA Team!
Easy to use Efficient, highly recommended to anybody looking for a security plugin.
I will highly recommend WP Security Ninja to all the WordPress blogger, whether you are new or experienced blogger.
It Hardens the WP Security The security ninja plugin has several options which will harden the security even further. It scans through several features, I loved it, it can be easily recommendable.
The security check contains a lot of hardening and permission checks, many that I never thought of. Many may be ignored or cannot be easily fixed at a running WordPress instance, but it’s good to read about those possibilities for the last bit of security, to apply for new WordPress instances right from the start.
Fantastic & Great support Excellent plugin, and also fantastic support.
So fast 50+ security tests with one click – great!
It all started with a pre-sale support chat and the team behind WP Security Ninja won me over with quick and on point answers to my queries. Feature wise this is a robust plugin with nice firewall defaults, security tests and scheduled scanner. For me, this plugin is the first one getting activated as we all know how quick the bot's can find a virgin site ready to be exploited. Bottom line, save the headaches and frustration. This is a must have plugin for sure!
Great support Great support – they quickly replied and solved all my doubts. Great job!
Frequently Asked Questions
Normally licenses are for one year. However, under this special offer, your license is valid forever.
The 3-site license can be used on up to 3 sites at a time. The "unlimited" license can be used on an unlimited number of sites.
No, you cannot resell or rent your license. You can only use it for your sites or the clients you manage.
No renting or sharing your license to other agencies, this will result in the license being revoked.
Yes, you can hide your license key for your customers. Use the dashboard page to administer all your sites. You can hide your license key and also disable individual sites.
If you are not 100% satisfied with our plugin, let us know within 30 days of your order and we’ll issue a full refund. After 30 days, refunds are considered on a case-by-case basis.
Yes, Security Ninja works with WordPress Multisite. Each site uses a different license. You can either administer centrally all licenses as a global administrator or you can delegate to each site administrator.
Localhost, staging and development environments won’t get counted toward the license’s maximum allowed sites if its domain name is clearly a dev or staging site.
TLDs that are considered as dev or staging:
.dev, .dev.cc, .test, .local, .staging, .example, .invalid, .myftpupload.com (GoDaddy), .cloudwaysapps.com (Cloudways), .wpsandbox.pro (WPSandbox), .ngrok.io (tunneling)
We have online documentation that we are regularly improving on.
We also offer documentation in the form of a help beacon right inside the plugin where you can search the knowledge base and you can contact support if you get stuck.
We have a public roadmap where we add new features suggested by our customers.
Check out all the details and vote for your favorite features on our Trello board.
We are also working on new features that we will tell you all about when we are ready 😉
Protect your WordPress website
Prevent getting your website hacked. Save time with our easy to use WordPress plugin..