Get started with Security Ninja for WordPress
On this page, we want to give you a quick introduction to using the plugin.
Once you have installed the plugin, you can start testing your website for security issues.
Click the big button, "Analyze Site," to start the security testing.
On most websites, the testing should take less than a minute. If your site is busy or is big, it can take a little longer.
Note: If you have problems and the test gets stuck or does not start, please check out the knowledge page about how to identify and fix JavaScript errors that could cause problems for the tests to run.
Once the results are in, you will see a simple overview of the tests and each result.
Do not worry about trying to reach 100% - it is rarely possible for practical reasons, but the closer you can get the better 🙂
Each test result uses a simple labeling system with colors, Passed, Warning, or Fail.
Each test has a title and the result of the check next to it.
If you need help to correct or fix an issue, you can click the Details & Tips button next to each test.
Clicking the Details & Tips opens up a window with more details about the test, the significance, and what you can do to fix the issue.
Do your best to fix security issues or potential problems to ensure your website security.
Although these suggestions cover years of best practices working with WordPress security, getting all test green does not guarantee your site will not get hacked. Likewise, having them all red does not mean you will get hacked.
Warnings are for less severe issues
Warnings can be, for example, the default readme.html still being available vs. using an old PHP version, which is a more severe problem, and that would be marked as Failed.
Tests with the Warning label do not score as highly as Failed tests.
You can pick up more help in the sidebar. You can open the help beacon that gives you a searchable knowledgebase, as well as a direct link to the documentation. You can also check out a list of what security tests are being made.
Taking it the next step with the Pro version
If you have installed the Pro version, please continue here to protect your website further from malicious code and suspicious traffic.
The pro version offers more protection for your WordPress website. First and foremost, enable the Firewall. Click the "Firewall" tab to get started.
Just by enabling the firewall, you will protect your website against a huge list of IPs that are known to act maliciously.
Once you click Enable Firewall, a dialogue box will appear, asking you for an email address to send instructions if you ever get yourself locked out of your website.
You can, of course, skip this step, but we recommend you do it - you never know 🙂
The firewall also protects against a range of suspicious or malicious requests to your website such as directory traversal attacks, executable file uploads and SQL injections.
The plugin protects you against repeated attempts to log in to your website by simply trying and trying again - repeated failed attempts are blocked automatically.
You can take it a step further by blocking specific countries. Once you have had the plugin installed for a while you can get stats over the countries you get the most traffic from.
If some country stands out you can choose to block it by adding it to the list on the "Firewall" tab.
