If you seriously want to protect your blog against hackers and any kind of potential threat, you may want to consider trying NinjaFirewall. It differs from all other security plugins because it is a true Web Application Firewall: it works before WordPress is loaded. It offers some totally unique and very powerful security features, and because it blocks attacks before they hit the blog, it saves precious bandwidth and reduces the server load.
Web Application Firewall
NinjaFirewall can hook, scan and sanitise HTTP requests sent to a PHP script. One of its most interesting features is that it protects all PHP scripts, including those that aren’t part of the WordPress package. Even third-party applications, encoded scripts and hackers backdoors are filtered as well.
It can protect against remote and local file inclusion, cross-site scripting, code execution, SQL injection. It can hook, modify and secure HTTP headers as well as cookies, detect and decode Base64-encoded injection attempts, block file uploads and many other threats.
Fastest and most efficient brute-force attack protection for WordPress
By processing incoming HTTP requests before your blog and its plugins are loaded, NinjaFirewall is able to protect WordPress against very large brute-force attacks, including distributed attacks coming from several thousands of different IPs. The protection can be extended to the XML-RPC API and details of the attack can be written to the server AUTH log.
Large set of security rules and firewall policies
NinjaFirewall uses policies and rules to block harmful requests. Firewall policies are fully configurable and they include a large set of options, from basic to the most advanced ones. Security rules, which can be individually enabled or disabled, are written to handle generic and WordPress specific threats.
To get the most efficient protection, NinjaFirewall can automatically update its security rules so that your blog remains protected against the latest WordPress security vulnerabilities. If you need custom rules, you can even add your own PHP code to the firewall.
Many other features
NinjaFirewall has many other features such as file integrity monitoring, real-time detection, events notification, an option to watch your website traffic in real time, an activity log with statistics and benchmarks.
It is compatible with IPv6 and can be installed on a WordPress multisite network.
PHP 5.3+ (5.4 or higher recommended) or HHVM 3.4+
Unix-like OS (Linux, BSD) only. NinjaFirewall is NOT compatible with Windows.