How to use the firewall

When you first install Security Ninja Pro the firewall is not enabled.

This is to make sure you understand the consequences and that you have saved the secret access URL in case you block your own access.

The firewall works out of the box, but depending on your particular website setup it is important to test afterwards to make sure the firewall is not blocking any legitimate access or functionality.


Enabling the firewall protection is very easy and takes just a few seconds.

Enable the firewall

Enable the firewall

Click the button to enable the firewall. This opens a window with information about getting into your website again if you are ever blocked entry by the firewall.

You can write down the URL or you can enter your email to get the direct URL sent to your inbox.

To continue, click the Close button. There is a 3 second wait time, just to make sure you read the information 🙂

Configure the firewall

By default, the firewall protects the known bad IPs from logging in to your website. If you enable this feature you will completely block entry from them. All they will be greeted with is a white screen and a text.

Message for banned IPs

Here you can tweak which message to show to users who are banned.

Auto-ban rules

If a visitor not on the list of blocked IPs attempts too many times to log in and fail, the visitor will be banned. You can configure how many chances a visitor has.

Default is a maximum of 5 failed login attempts in a 5 minute period before the IP is banned for 2 hours.

Login Notice

Leave a message to users warning them what will happen if they fail to log in too many times. This message is shown when users are trying to log in.

Country blocking

If you are getting a lot of traffic from some countries that you do not want you can block visitors with the country blocking feature.

Visitors are identified and if they match any of the countries that you choose they will not be able to visit your website.

Click the input field to start choosing which countries to ban. To remove a country from the list click the x next to the country name.

Remember to save for the changes to take effect.

Whitelist IP

If you know of particular IPs you want to make sure always can access the website, then you can add it to the list here. Even if an IP is blocked by either the cloud firewall or the country list, a whitelisted IP will still have access.

Put each IP on a new line.

Locally Banned IPs

Contains a list of the IPs that have been banned on your website for logging in too often.

Secret Access URL

The secret URL you can use to get access to your website if you are ever locked out by mistake.

Test IP

You can test an IP to verify if it is blocked or has access.

How often are the lists updated?

The list of bad IPs are updated twice a day, the process takes a few seconds and happens in the background.

The GeoLite2 database is downloaded once you enable the firewall and then updated every month as long as the plugin is active.

This site or product includes IP2Location LITE data available from

Do you want to know more? Check out the firewall feature page for more details.

Was this helpful?

Next Article

Secret Access link

Still need help?

If searching the knowledge base does not help you, please contact support.

Fast and easy to use WordPress Security

Instantly protect your website from 600+ million bad IPs

10% OFF

Subscribe to our newsletter

* We do not spam or share your email

Discount on any Security Ninja plan

and get

Hi and welcome back :-)

We won't spam you. Unsubscribe any time.

Wait! Before you go!

Get 10% discount for any WP Security Ninja plan!


Subscribe to our newsletter for new releases, discounts and general WordPress Security news. Sprinkled with other interesting stuff :-)