WordPress Security made easy
Loved by users and hated by hackers
Scans your website to check for any malicious code infecting your website.
Auto Fix Problems
No time to manually fix every issue the security test identified? Fix over 30 issues with just one click.
No time to check your website all the time? Use scheduled scans to be notified if something changes on your website.
Block visitors by countries you do not want to access your website.
Protect Login Form
Block repeated attempts to log in with wrong passwords or unknown usernames. Customize settings and message.
Plugin Integrity Checker
Checks the installed plugins and verifies plugins from wordpress.org has not been modified - an early warning sign of malicious code.
Premium USA based support
Get support provided by the people who created the plugin and use it every day.
Block 600+ million bad IPs
A list of known bad IPs is updated twice daily - block bad bots and spammers from accessing your site.
Monitor, track and log more than 50 events on the site in great detail. From user actions, to post edits and widget changes - Events Logger follows everything.
Verify WordPress Installation
Checks your core WordPress files have not been infected or modified.
Redirect blocked visitors
Don't want blocked visitors to even see your website? Redirect them to any URL you wish.
Block Suspicious Requests
Block requests from visitors that include malicious requests.
Import / export settings
Configuring many websites? Use the import/export tool to save a lot of time.
Available on 20+ licenses package it gives you the option control licenses remotely for client sites and completely hide license information.
Protect your WordPress website
Fast and easy to use
Features you need for protecting your website
Preventing bad visitors to even access your website is the best kind of protection.
Security Ninja uses different methods of protection - preventing bad guys from even visiting your website.
- Block suspicious requests - Uploading executable files, SQL injection attacks and a lot more.
- Cloud Firewall - a dynamic, continuously changing database of bad IP addresses updated every six hours. It contains roughly 600 million IPs that are known for distributing malware, performing brute force attacks on sites and doing other "bad" activities. The database is created by analyzing log files of millions of sites.
- Login Protection - Block repeated failed login attempts, prevent brute force login attacks.
- Country Blocking - Prevent visits from any country from visiting.
- Show a message to blocked visitors or redirect them to any other URL.
Find malicious code infections on your website and identify suspicious files.
The malware scanner module searches for any malicious code on your website - a clear sign of a hack.
Automatically retest your WordPress website security score or changes in the core files.
Get email notifications if your website gets infected.
Scan your WordPress website core files for infections.
Finds unknown files and detect modifications to the official WordPress files.
- The Core Scanner compares all your core WordPress files (over 1,200) with the secure master copy maintained by WordPress.org.
- With one click you will know if even a byte was changed in any file. If so, you can immediately recover the original version.
- This helps you find infected files that should be removed.
Keep an activity log of important events on your website.
Track suspicious activity in your administration and determine who did what.
- The Events Logger monitors, tracks and reports every change on your WordPress site, both in the admin and on the frontend.
- Simple audit logging - Keep an activity log of what happens on your website and help troubleshoot bugs.
- Know what happened on the site at any time, in the admin and on the frontend.
- Easily filter through events.
- Know exactly when and how an action happened, and who did it.
- Receive email alerts for selected groups of events.
- More than 50 events are instantly tracked with all details.
Security tests are the core of Security Ninja and the tests combine years of know-how in WordPress security and provide a comprehensive overview of everything you need to know about your site.
Your website will be checked for over 50 different security issues, ranging from minor to major.
The security testing and suggestions are also part of the free version. In the pro version however you can automatically fix some of the problems. (Not all issues can be automatically fixed).
No time to manually fix every issue the security test identified?
You can fix over 30 issues with just one click.
- Change database table prefix.
- Update WordPress Database Password.
- Enable automatic WordPress core updates.
- Move wp-config.php one level up in the folder structure.
- wp-config.php file permissions will be changed to an optimal value (0440).
- Hide unnecessary information on failed login attempts.
- Fix weak user passwords.
- Change the WordPress installation address.
- Disable Anyone can register.
- Update Outdated Plugins.
- Delete the license.txt file.
- Delete install.php so it is not accessible on the default location.
- This fix will change the ID of the user with the ID "1" to the next available ID.
- The fix will disable the plugins and themes file editor.
- Enable automatic WordPress core updates.
- Delete unused themes.
- Delete inactive plugins.
- Hide WP version info.
- Remove Windows Live Writer Link from the WordPress page header.
- Update WordPress to the latest version.
- Prevent usernames discovery via user IDs.
- Change admin username.
- readme.html file will be deleted.
- Make uploads folder non-browsable
- Delete upgrade.php
- Update Outdated Themes.
- Disable script debug mode.
- Regenerate WordPress Security keys.
- Disable XML-RPC.
"Surely nobody will hack my site..."
Yes, that's what we all think until the worst happens, and then, it's too late.
Anybody can get hacked.
WordPress, by itself, is pretty secure. But once you add new themes, many different kinds of plugins, and all types of server configurations, you need extra protection.
There are several free and paid WordPress security plugins that offer additional protection. The plugins help block malicious attempts to get access to your website to control it. There are many methods and ways for tightening your website access.
WordPress has grown to be a dominant platform for content publishing and is adapted by small bloggers and big corporations worldwide. A flaw in a popular theme or plugin can help exploit not just a few websites, but hundreds of thousands even millions.
There is a big community that works hard to detect and prevent vulnerabilities from impacting the platform. WordPress security plugins help protect against malicious attempts and known vulnerabilities.
WordPress is vulnerable to attacks due to its popularity. WordPress is pretty secure, but all websites use custom themes and many plugins, free and premium. Many people are working to secure the platform and protect against abuse.
Due to the complexity of any modern system and the need to have plugins and themes operate together easily, it is always good to have additional protection from a WordPress Security plugin.
There are many free and paid WordPress Security plugins available. A WordPress firewall plugin can block repeat login attempts, malicious page requests looking for vulnerabilities.
A few minutes of effort installing and configuring a security plugin can save you hours of frustration and money later on.
The many WordPress security plugins protect millions of websites daily. There are plenty of free and paid WordPress security plugins that protect against hackers trying to access your website.
No plugin can ever guarantee 100% protection, but your website stands a much better chance not of getting hacked with a security plugin installed.
WordPress is a pretty secure platform, but all websites need several plugins to add additional functionality, and combined with custom themes, there is always a need for any website to add additional protection.
Compare the features in Security Ninja to other major Security plugins.
|Block known bad IPs|
|Security Testing (weak spots)||-|
|Installed Plugin Integrity checks||-||-|
|Security Reports (email)|
|Login Form Protection|
|Easy fix issues (Autofix)||some||some||-|
|Log events to syslog files||-||-||-||-||-|
|Malware scanning||Sucuri Sitecheck|
|Vulnerable plugins warning||?||?||?||?||?|