Security Ninja Review: Easy-to-Use WordPress Security Plugin

This article was researched and written by our experts using our in-depth Analysis Methodology.
Security Ninja is a comprehensive WordPress security plugin that protects your site in different ways. Read our hands-on Security Ninja review to learn more about how it works to protect your site.
Table of Contents
WP Engine High Performance Hosting
BionicWP Hosting

Searching for the best WordPress security plugin to protect your WordPress site from malicious actors?

Because of its popularity, WordPress is a juicy target for malicious actors around the world. Because having a hacked website is pretty much every webmaster’s worst nightmare, it’s a good idea to look for a little extra protection for your site.

In our hands-on Security Ninja review, we’re going to take a look at a popular freemium security plugin that helps you implement both basic hardening tactics and proactive monitoring and protection.

We’ll start with an introduction to what the plugin does. Then, we’ll give you a hands-on look at what it’s like to use Security Ninja on your site.

Let’s dig in!

Security Ninja Review: What the Plugin Does

Security Ninja review

In a nutshell, Security Ninja aims to be a complete solution for WordPress security. That is, it offers a comprehensive approach to security, rather than only focusing on a single area.

To that end, it offers a few different types of features:

  • Basic hardening tweaks to follow general security best practices
  • Login protection to protect against brute force attacks
  • Firewall to proactively block threats
  • Security vulnerability scanning/detection to find potential issues
  • Malware scanning to find and remove malicious files
  • Visitor logging to track suspicious activity

It also includes features to help you more easily keep track of your website’s security status, such as email notifications.

Let’s go through them…

Basic Hardening Tweaks

First off, Security Ninja can help you implement a number of basic hardening tweaks and security best practices.

This is not a complete list, but here are the types of protections that I’m talking about:

  • Disable in-dashboard file editing
  • Hide WordPress version number
  • Enable security headers
  • Disable application passwords
  • Etc.

Login Protection

You also get a comprehensive set of features to protect your login page from brute force attacks:

  • Change the login page URL
  • Limit login attempts (like the security that your online banking uses)
  • Safelist/blocklist certain IP addresses
  • Hide login errors that tell people if an account exists
Login protection

Firewall to Block Threats

To block threats elsewhere on your site, Security Ninja includes its own proactive firewall, including an option to enable cloud-based protection that automatically blocks 600+ million known malicious IPs.

You can also block suspicious page requests, as well as set up geo-blocking rules to block visitors from certain countries.

Security Vulnerability Scanning/Detection

Security Ninja includes a number of different features to detect issues or vulnerabilities on your site.

First off, you can test your site’s configuration against 40+ potential issues, such as the strength of your database password, out-of-date extensions, PHP version, and more.

For many problems, you can fix the issue with the click of a button if you fail the test.

Test results

Second, Security Ninja will monitor your installed plugins for known vulnerabilities. If it detects one, it will alert you right away so that you can update the plugin (if the developer has patched the issue) or switch to a different tool.

Third, you can scan the core WordPress files for file integrity. Security Ninja will alert you if core files have been modified or any other files have been added. This is a sign that your site may have been hacked.

Beyond that, there’s also another useful type of scanning…

Malware Scanning

In case a malicious file somehow makes it onto your server, Security Ninja also includes its own malware scanning feature to detect suspicious files on your server that exist outside the core WordPress files.

If a file is genuine (false positive), you can safelist it to avoid it appearing in the future.

Visitor Logging

Security Ninja also helps you keep track of what’s happening on your site with two different tools:

  • An event logger to keep track of the actions that logged-in users take on your site, such as installing a new plugin.
  • A visitor log to show the actions of every single visitor to your site (along with an option to easily ban the IP address of malicious visitors). For example, you can find people who are trying to access your login page.

Tools to Monitor Security Status

To help you keep track of your site’s security without needing to log into the dashboard every day, you get a few different tools.

First, you can set up automatic email alerts for important issues. That way, you’ll only need to check in if you get a notification to your email address.

Second, if you’re using MainWP to manage multiple sites from one dashboard, there’s an extension for MainWP that lets you manage security for all of your sites from the unified MainWP dashboard.

How to Use Security Ninja to Protect Your Site

Now that you know what the plugin does, let’s get into what it’s like to actually use Security Ninja on your WordPress website.

Complete the Setup Wizard

When you first activate Security Ninja, it will prompt you to run its built-in security wizard, which will help you configure some important baseline settings for your site.

Setup wizard

First, you can activate firewall protection to proactively stop threats and ban malicious IP addresses:


Next, you can choose whether to activate an array of default security measures. You can always deactivate some of these later if you don’t want them.

Basic hardening

And that’s it for the basic setup wizard!

Configure More Advanced Settings

To access more advanced settings at an individual level, you can next head to Security Ninja → Fixes.

Here, you’ll see a list of all the potential security fixes that Security Ninja can make for you.

For each fix, you get a simple toggle button to enable or disable that specific fix:

Security Ninja fixes

The screenshot above doesn’t show the full list of available fixes.

You can also access some firewall-specific settings by going to Security Ninja → Firewall. For example, you can choose whether or not to use the cloud-based firewall rules or set up country-specific geo-blocks for your site:

Firewall settings

Further down the page, you get some other options for hardening, including protecting your login page. For example, you can change the login page URL, limit login attempts, safelist/blocklist certain IP addresses, and more:

Login protection

Run Security Scans

That’s mainly it for the actual settings in Security Ninja.

Most of the other features involve scanning your site.

Security Ninja gives you a few different options to scan your site:

  • Security Tests – these let you test specific aspects of your site’s configuration to detect potential issues. For example, you can test whether there’s out-of-date software, if debug mode is enabled, response headers, and more.
  • Vulnerabilities – this tab automatically checks your plugins for known vulnerabilities.
  • Core Scanner – this test scans the core WordPress files to see if they’ve been modified or files have been added.
  • Malware – this lets you scan your site for malware.

Security Tests

For the Security Tests option, you can first use the checkboxes to choose which tests you want to run. For a comprehensive test, you can easily check all of the boxes.

Then, you can click Run Tests to start the test:

Running tests

After a short wait, you’ll see the results of each individual test, as well as a summary at the top.

If you click the Details option next to a test, you can see specific information about that test. For some tests, you’ll also get a one-click option to fix the problem:

Test results


The Vulnerabilities test will automatically check your WordPress plugins and themes for known vulnerabilities.

Unlike the previous test, you don’t need to manually run it – it will always alert you. You’ll see large alerts in your dashboard and you can also configure email warnings:

Vulnerability scanning

I think this is a really handy feature because plugin vulnerabilities are a common way for sites to get hacked. By getting these alerts right away, you can promptly update the affected plugin and avoid problems.

Core Scanner

For the Core Scanner test, you just need to head to that tab and click the Scan core files button.

Security Ninja will then check all of the files. If everything looks good, you’ll see a “No problems found” message:

WordPress core scanning


To run a malware scan, you’ll head to the Malware tab and click the Scan your website button.

You’ll now have a short wait – it could be anywhere from a few seconds to a few minutes depending on the size of your site:

Malware scan

When it’s finished, you should see the results of the test.

In some cases, Security Ninja might flag a file that’s legitimate. To avoid these false positives in the future, you can safelist that specific file so that it no longer shows up in the scan.

Malware scan results

How to Schedule Tests

In addition to running tests manually, you can also schedule tests to run on certain schedules and automatically send yourself an email report with the results.

You can set this up from the Scheduler tab:


View Logs

The last bit of key functionality is Security Ninja’s logging functionality, which comes in two main formats.

First, you can see a log of specific events that have happened on your site by going to the Events tab.

For example, you can see that it was already able to log a failed login attempt:


Second, you can go to Security Ninja → Visitor Log to see each individual visitor to your site, along with the actions that they’ve taken. You can also quickly ban an IP address if you detect malicious activity:

Live visitor log

And that’s pretty much it for what it’s like to use Security Ninja to protect your site!

Security Ninja Pricing

Security Ninja comes in both a free version at as well as a premium version that adds more advanced features.

In general, the free version focuses mostly on basic hardening strategies, including 50+ security tests across a range of areas.

For more comprehensive protection, you can upgrade to Security Ninja Pro. Here are some of the most notable features that you get with the Pro version:

  • Firewall, including blocking suspicious page requests, countries, and so on.
  • WordPress core scanner.
  • Malware scanner.
  • Automatic fixing for some tests (the free version requires you to manually make changes).
  • Event logging.
  • Scheduled security scanning.

If you want access to Security Ninja Pro, there are four different paid plans that are available on a monthly or annual payment basis.

All of the plans are full-featured – the only difference is the number of sites upon which you can activate the plugin:

  • Starter – one website – $39.99 per year or $6.99 per month.
  • Plus – three websites – $99.99 per year or $12.99 per month.
  • Pro – five websites – $149.99 per year or $18.99 per month.
  • Agency – ten websites – $199.99 per year or $29.99 per month.

Here are the yearly plans:

Security Ninja annual pricing

And here are the monthly plans:

Security Ninja monthly pricing

You can also test out the premium features with a 14-day free trial. You will need to enter your credit card to activate the trial, but you won’t be billed until after 14 days. The plugin will also send you a reminder before billing starts and the cancellation process is frictionless – you just need to click a few buttons.

Final Thoughts on Security Ninja

Testing security plugins is always a bit tricky because it’s hard to simulate a real security attack. That is, a malicious actor trying to infect my site with malware.

With that being said, I can make a few hands-on conclusions based on my experience.

First off, I think that the Security Ninja interface is really well done. It’s clean and easy to use while still giving you a good amount of detail.

Second, you get a good number of features to protect your site.

Third, you get tons of basic hardening rules. I would say Security Ninja makes it easy to implement pretty much all the basic stuff, such as disabling in-dashboard file editing and properly configuring response headers.

You also get more proactive protection, especially with the premium version. For example, firewalls, login protection, malware scanning, and more.

I also really liked that it was able to automatically detect known vulnerabilities in installed plugins. I think this feature can really help encourage people to apply updates quickly, rather than waiting to update their plugins.

Based on those experiences, Security Ninja seems like another quality option for WordPress security.

If you want to test it out, you have three options:

  1. You can install the free version from to access the basic features.
  2. You can use the 14-day free trial to test out all of the features in Security Ninja Pro.
  3. You can spin up a fully functioning test site with the Pro version using InstaWP (a service that we’ve reviewed). You can click this link to launch your test site.

Either way, you can use the button below to get started.

Colin Newcomer

Colin has been using WordPress for over a decade and is on a quest to test all 60,000+ plugins at He has been a Writer and Product Review Expert for WP Mayor since 2017, testing well over 150 products and services throughout that time.

Discover more from our archives ↓

Popular articles ↓

Share Your Thoughts

Your email address will not be published. Required fields are marked *

Claim Your Free Website Tip 👇

Leave your name, email and website URL below to receive one actionable improvement tip tailored for your website within the next 24 hours.

"They identified areas for improvement that we had not previously considered." - Elliot

By providing your information, you'll also be subscribing to our weekly newsletter packed with exclusive content and insights. You can unsubscribe at any time with just one click.