WordPress Security made easy
Loved by users and hated by hackers

  • Firewall - Block dangerous and unwanted traffic

    First line of defence? Blocks dangerous and suspicious visitors automatically for you.

    Read More
  • Malware Scan

    Scans your website to check for any malicious code infecting your website.

  • Auto Fix Problems

    No time to manually fix every issue the security test identified? Fix over 30 issues with just one click.

  • Scheduled Scans

    No time to check your website all the time? Use scheduled scans to be notified if something changes on your website.

  • Country Blocking

    Block visitors by countries you do not want to access your website.

  • Protect Login Form

    Block repeated attempts to log in with wrong passwords or unknown usernames. Customize settings and message.

  • Plugin Integrity Checker

    Checks the installed plugins and verifies plugins from wordpress.org has not been modified - an early warning sign of malicious code.

  • Premium USA based support

    Get support provided by the people who created the plugin and use it every day.

  • Vulnerability scanner

    Warns you if you have vulnerable plugins installed on your website.

    Read More
  • Block 600+ million bad IPs

    A list of known bad IPs is updated twice daily - block bad bots and spammers from accessing your site.

  • Events Logger

    Monitor, track and log more than 50 events on the site in great detail. From user actions, to post edits and widget changes - Events Logger follows everything.

  • Verify WordPress Installation

    Checks your core WordPress files have not been infected or modified.

  • Redirect blocked visitors

    Don't want blocked visitors to even see your website? Redirect them to any URL you wish.

  • Block Suspicious Requests

    Block requests from visitors that include malicious requests.

  • Import / export settings

    Configuring many websites? Use the import/export tool to save a lot of time.

  • Whitelabel option

    Available on 20+ licenses package it gives you the option control licenses remotely for client sites and completely hide license information.

Protect your WordPress website

Fast and easy to use

Features you need for protecting your website

Anti virus & Security-72

Firewall protection

Preventing bad visitors to even access your website is the best kind of protection.

Security Ninja uses different methods of protection - preventing bad guys from even visiting your website.

  • Block suspicious requests - Uploading executable files, SQL injection attacks and a lot more.
  • Cloud Firewall - a dynamic, continuously changing database of bad IP addresses updated every six hours. It contains roughly 600 million IPs that are known for distributing malware, performing brute force attacks on sites and doing other "bad" activities. The database is created by analyzing log files of millions of sites.
  • Login Protection - Block repeated failed login attempts, prevent brute force login attacks.
  • Country Blocking - Prevent visits from any country from visiting.
  • Show a message to blocked visitors or redirect them to any other URL.
Easy to use firewall protection
Anti virus & Security-93

Malware Scanner

Find malicious code infections on your website and identify suspicious files.

The malware scanner module searches for any malicious code on your website - a clear sign of a hack.

Strong malware detection
Anti virus & Security-77

Scheduled Scanner

Automatically retest your WordPress website security score or changes in the core files.

Get email notifications if your website gets infected.

Scheduled Scanner
Anti virus & Security-74

Core Scanner

Scan your WordPress website core files for infections.

Finds unknown files and detect modifications to the official WordPress files.

  • The Core Scanner compares all your core WordPress files (over 1,200) with the secure master copy maintained by WordPress.org.
  • With one click you will know if even a byte was changed in any file. If so, you can immediately recover the original version.
  • This helps you find infected files that should be removed.
core-scanner
Anti virus & Security-29

Events Logger

Keep an activity log of important events on your website.

Track suspicious activity in your administration and determine who did what.

  • The Events Logger monitors, tracks and reports every change on your WordPress site, both in the admin and on the frontend.
  • Simple audit logging - Keep an activity log of what happens on your website and help troubleshoot bugs.
  • Know what happened on the site at any time, in the admin and on the frontend.
  • Easily filter through events.
  • Know exactly when and how an action happened, and who did it.
  • Receive email alerts for selected groups of events.
  • More than 50 events are instantly tracked with all details.
Eventlog - All events taking place on your website
Anti virus & Security-38

Security Testing

Security tests are the core of Security Ninja and the tests combine years of know-how in WordPress security and provide a comprehensive overview of everything you need to know about your site.

Your website will be checked for over 50 different security issues, ranging from minor to major.

The security testing and suggestions are also part of the free version. In the pro version however you can automatically fix some of the problems. (Not all issues can be automatically fixed).

Read more about what tests are done here.

Security testing results showing which tests failed and which passed
Anti virus & Security-81

Auto-Fix Problems

No time to manually fix every issue the security test identified?

You can fix over 30 issues with just one click.

  • Change database table prefix.
  • Update WordPress Database Password.
  • Enable automatic WordPress core updates.
  • Move wp-config.php one level up in the folder structure.
  • wp-config.php file permissions will be changed to an optimal value (0440).
  • Hide unnecessary information on failed login attempts.
  • Fix weak user passwords.
  • Change the WordPress installation address.
  • Disable Anyone can register.
  • Update Outdated Plugins.
  • Delete the license.txt file.
  • Delete install.php so it is not accessible on the default location.
  • This fix will change the ID of the user with the ID "1" to the next available ID.
  • The fix will disable the plugins and themes file editor.
  • Enable automatic WordPress core updates.
  • Delete unused themes.
  • Delete inactive plugins.
  • Hide WP version info.
  • Remove Windows Live Writer Link from the WordPress page header.
  • Update WordPress to the latest version.
  • Prevent usernames discovery via user IDs.
  • Change admin username.
  • readme.html file will be deleted.
  • Make uploads folder non-browsable
  • Delete upgrade.php
  • Update Outdated Themes.
  • Disable script debug mode.
  • Regenerate WordPress Security keys.
  • Disable XML-RPC.

"Surely nobody will hack my site..."

Yes, that's what we all think until the worst happens, and then, it's too late.

Anybody can get hacked.

Can I trust WordPress security?

WordPress, by itself, is pretty secure. But once you add new themes, many different kinds of plugins, and all types of server configurations, you need extra protection.

There are several free and paid WordPress security plugins that offer additional protection. The plugins help block malicious attempts to get access to your website to control it. There are many methods and ways for tightening your website access.

Why do hackers target WordPress sites?

WordPress has grown to be a dominant platform for content publishing and is adapted by small bloggers and big corporations worldwide. A flaw in a popular theme or plugin can help exploit not just a few websites, but hundreds of thousands even millions.

There is a big community that works hard to detect and prevent vulnerabilities from impacting the platform. WordPress security plugins help protect against malicious attempts and known vulnerabilities.

Why is WordPress so vulnerable?

WordPress is vulnerable to attacks due to its popularity. WordPress is pretty secure, but all websites use custom themes and many plugins, free and premium. Many people are working to secure the platform and protect against abuse.

Due to the complexity of any modern system and the need to have plugins and themes operate together easily, it is always good to have additional protection from a WordPress Security plugin.

How to secure WordPress?

There are many free and paid WordPress Security plugins available. A WordPress firewall plugin can block repeat login attempts, malicious page requests looking for vulnerabilities.

A few minutes of effort installing and configuring a security plugin can save you hours of frustration and money later on.

Do WordPress website security plugins work?

The many WordPress security plugins protect millions of websites daily. There are plenty of free and paid WordPress security plugins that protect against hackers trying to access your website.

No plugin can ever guarantee 100% protection, but your website stands a much better chance not of getting hacked with a security plugin installed.

Is WordPress secure enough out of the box?

WordPress is a pretty secure platform, but all websites need several plugins to add additional functionality, and combined with custom themes, there is always a need for any website to add additional protection.

Feature Comparison

Compare the features in Security Ninja to other major Security plugins.

Firewall
Block known bad IPs
Security Testing (weak spots) -
Installed Plugin Integrity checks - -
Security Reports (email)
Login Form Protection
Easy fix issues (Autofix) some some -
Event logging - Users -
Log events to syslog files - - - - -
Country Blocking - -
Malware scanning Sucuri Sitecheck
Import/export settings - - -
Whitelabel - - - -
Vulnerable plugins warning ? ? ? ? ?

If you spot an error or something missing, please reach out to us and we will fix asap.