NinjaFirewall – A True Web Application Firewall for WordPress

If you purchase through a link on our site, we may earn a commission. Learn more.

If you seriously want to protect your blog against hackers and any kind of potential threat, you may want to consider trying NinjaFirewall. It differs from all other security plugins because it is a true Web Application Firewall: it works before WordPress is loaded. It offers some totally unique and very powerful security features, and because it blocks attacks before they hit the blog, it saves precious bandwidth and reduces the server load.
Table of Contents
WP Engine High Performance Hosting
BionicWP Hosting

If you seriously want to protect your blog against hackers and any kind of potential threat, you may want to consider trying NinjaFirewall. It differs from all other security plugins because it is a true Web Application Firewall: it works before WordPress is loaded. It offers some totally unique and very powerful security features, and because it blocks attacks before they hit the blog, it saves precious bandwidth and reduces the server load.
firewall_options_big

Web Application Firewall

NinjaFirewall can hook, scan and sanitise HTTP requests sent to a PHP script. One of its most interesting features is that it protects all PHP scripts, including those that aren’t part of the WordPress package. Even third-party applications, encoded scripts and hackers backdoors are filtered as well.

It can protect against remote and local file inclusion, cross-site scripting, code execution, SQL injection. It can hook, modify and secure HTTP headers as well as cookies, detect and decode Base64-encoded injection attempts, block file uploads and many other threats.

statistics_big

Fastest and most efficient brute-force attack protection for WordPress

By processing incoming HTTP requests before your blog and its plugins are loaded, NinjaFirewall is able to protect WordPress against very large brute-force attacks, including distributed attacks coming from several thousands of different IPs. The protection can be extended to the XML-RPC API and details of the attack can be written to the server AUTH log.

Large set of security rules and firewall policies

NinjaFirewall uses policies and rules to block harmful requests. Firewall policies are fully configurable and they include a large set of options, from basic to the most advanced ones. Security rules, which can be individually enabled or disabled, are written to handle generic and WordPress specific threats.

To get the most efficient protection, NinjaFirewall can automatically update its security rules so that your blog remains protected against the latest WordPress security vulnerabilities. If you need custom rules, you can even add your own PHP code to the firewall.

firewall_policies_small

Many other features

NinjaFirewall has many other features such as file integrity monitoring, real-time detection, events notification, an option to watch your website traffic in real time, an activity log with statistics and benchmarks.
It is compatible with IPv6 and can be installed on a WordPress multisite network.

Requirements

WordPress 3.3+
PHP 5.3+ (5.4 or higher recommended) or HHVM 3.4+
MySQLi extension
Unix-like OS (Linux, BSD) only. NinjaFirewall is NOT compatible with Windows.

Alyona Galea

Alyona is a WordPress enthusiast, focused on sharing interesting things she comes across during her work with this great CMS. She loves exploring new destinations and maintains a travel blog at www.alyonatravels.com

Discover more from our , archives ↓

Popular articles ↓

8 Responses

  1. This looks really interesting and I will try it out.

    Does it require settings tweaked according to the host or does it generally work out of the box?

    Are there situations we should be aware of where external services legitimately sending scripts to the site would be interrupted?

    1. Nine times out of ten, it will work out of the box and the installer will select the proper configuration for you. If you have any issue, you can use the support forum at WordPress.org.
      External services (e.g., payment gateway, management console etc) should not be blocked but when you run NinjaFirewall for the first time, we always recommend to enable its “Debugging Mode” for at least 24 hours so that you don’t wrongly block your visitors and can see if the current settings are fine for your site (see about the “Debugging Mode”).

  2. I already got OSSEC,fail2ban (with wordpress integration) and a configured iptables on my webserver. Do I need Ninjafirewall as well and does it play well together with the rest of my server security setup?

    1. They will work well together. NinjaFirewall’s brute-force protection has an option to write offending IPs to the server AUTH log so that they can be banned by Fail2ban.

  3. In most cases there should not be any conflict because NinjaFirewall does its job before other plugins are loaded. Also, it is quite different from them, thus other security plugins could rather complement it.

    It uses a few WordPress API hooks though, and if another plugin used the same one, they could slightly conflict. You can see an example here :

  4. Thank you for your review.
    Can you tell us how this plugin can “play” together with other security plugins such as All in one WP Security & Firewall, Wordfence, iThemes Security, etc.?
    In another words: is this plugin compatible with other (above mentioned) security plugins or there is no need to install NinjaFirewall plugin if we have installed other plugins, not to slow down the site or similar.

Share Your Thoughts

Your email address will not be published. Required fields are marked *

Claim Your Free Website Tip 👇

Leave your name, email and website URL below to receive one actionable improvement tip tailored for your website within the next 24 hours.

"They identified areas for improvement that we had not previously considered." - Elliot

By providing your information, you'll also be subscribing to our weekly newsletter packed with exclusive content and insights. You can unsubscribe at any time with just one click.