For over a decade, Security Ninja has been the guardian of thousands of websites, empowering site owners like you to navigate the digital space with confidence. Instantly run 50+ security tests to uncover hidden issues, ensuring your website’s integrity and security. Embrace Ninja’s simplicity and ease of use to fortify your site’s defenses effortlessly.
Enhanced Vulnerability Scanner
– Stay Ahead of Threats: Our vulnerability scanner proactively alerts you to known vulnerabilities, allowing you to address potential threats before they exploit your website.
– Comprehensive Protection: Security Ninja not only checks and warns for common issues but also checks for known vulnerabilities in plugins and themes.
– Peace of Mind: Knowing your site is monitored for the latest vulnerabilities means you can focus on what matters most—growing your business and creating content, worry-free.
Join thousands of satisfied users who trust Security Ninja to keep their websites safe. Start protecting your online presence today and help yourself to peace of mind.
Extensions
MainWP – The MainWP Dashboard allows administrators to manage many WordPress websites from a central location.
Immediate Vulnerability Alerts: Get instant notifications about vulnerabilities to keep your website safe and secure.
Comprehensive One-click Security Audit: With just one click, perform over 50+ detailed security checks that scrutinize every corner of your site for security vulnerabilities and performance issues.
You’re in Command: Security Ninja respects your autonomy, providing insights and recommendations without making unsolicited changes to your site.
Holistic Security Evaluation: Comprehensive checks on everything from the WordPress core, plugins, and themes to ensure they are up-to-date and secure.
Proactive Defense Strategies: Equip yourself with the tools and knowledge to prevent attacks before they happen, safeguarding your site from potential threats.
Optimization Beyond Security: Improve your site’s performance with database optimization tips, ensuring a seamless experience for your users.
Knowledge Empowerment: Each test comes with an easy-to-understand explanation, documentation, and actionable steps to fix identified issues.
Customized Security Insights: Tailored security assessments to check critical updates and configurations specific to your WordPress setup for a personalized protection strategy.
Future-Proof Your Site: Stay ahead with tests that include the latest WordPress features and best practices for site security.
Prevent Unauthorized Access: Strengthen your defenses with checks designed to prevent weak passwords and unauthorized file access.
Secure Configuration Checks: Ensure your website is configured according to security best practices, from file permissions to security headers, for comprehensive protection against threats.
Enhance your website’s security, performance, and user experience with Security Ninja – your trusted partner in WordPress protection.
Security Ninja Pro has extra features: Firewall, Block Suspicious Page Requests, Country Blocking, Core Scanner, Malware Scanner, Auto Fixer for some of the tests, Events Logger & Scheduled Scans.
An all-in-one security solution for any site. With premium support and continuous updates Security Ninja Pro is a perfect tool to keep your site safe. See what the PRO version offers
Automatically block 600+ million bad IPs with one click! Security Ninja Pro Firewall will help you stay one step ahead of bad guys by using the collective know-how of millions of attacked sites, and ban bad guys before they even open your site.
Security Ninja is perfect for anyone looking to bolster their site’s defenses against hackers and ensure robust security.
Will this plugin slow down my site?
No significant slowdown occurs. You might notice a brief slow down during scanning, lasting less than a minute.
Will it work with my theme?
Yes, Security Ninja is designed to be compatible with all themes, ensuring wide-ranging applicability.
What changes will Security Ninja make to my site?
Security Ninja performs diagnostics and offers recommendations without making any direct changes to your site.
How safe is this plugin?
Absolutely safe. It functions solely as a diagnostic tool, providing insights without altering your site.
Is using Security Ninja legal?
Yes, it’s completely legal for your own site. It’s designed to run tests on the site where it’s installed, aiding in your site’s security enhancement.
What if I encounter issues with the plugin?
While we strive for universal compatibility, if you face any issues, our support team is ready to assist. Visit our support forum to open a new thread, and we’ll help you as soon as possible.
Fix for a PHP warning in the vulnerability module if no vulnerabilites were found, thank you Stéphane.
Fix for country selection “No results found”.
Updated 3rd party libraries
5.175
Fix for where vulnerable theme version numbers would incorrectly match, eg. ‘6.4’ would not be considered the same as ‘6.4.0’ – Thank you @tischtennis
Added “Select All” and “Select None” for the country selection. Thank you comoweb.
Fix: Duplicate define() definitions in wp-config.php, Thank you Stéphane.
5.174
Fix: Problem saving the “Email report” setting in the Scheduled Scanner. Thank you Pawel.
Improved the Content Security Policy recommended header settings. Thank you Jeff for the suggestion.
Fix: Country blocking would not properly identify some IPs. Thank you DJ for reporting.
5.173
Streamlined performance by eliminating unused dependencies such as the phpuseragentparser library.
Boosted loading speed through the optimization of redundant timing functions.
Verified compatibility with WordPress 6.5.
Introducing: A new filter ‘securityninja_ignored_file_extensions’ for enhanced customization.
Improved Scheduled Scanner interface and functionality.
Bug Fix: Resolved an issue with the Scheduled Scanner interface, special thanks to Pawel for reporting.
Bug Fix: Addressed a concern where Webhooks continued to send data despite being disabled. Once enabled, the system would persist in sending data.
Bug Fix: Users can now access posts even when “disable username enumeration” restricts frontend access while allowing backend accessibility.
Bug Fix: Scheduled Scanner settings not saving properly. Thank you Pawel.
Pro: Updated firewall rules to ensure enhanced protection.
Pro: Rectified a warning message within the rename login module. Thank you Dorel.
Updated to Freemius 2.7.0
5.172
Fix error showing up on some installations after removing the X-XSS-Protection header. Thank you Franz.
5.171
Optimized by removing redundant code, enhancing overall plugin performance.
Streamlined database interactions, significantly reducing the number of calls for faster operations.
Discontinued the use of the “X-XSS-Protection” header. Modern browsers have deprecated this feature due to advanced built-in XSS protections, eliminating false security assumptions and potential compatibility issues. Special thanks to Ivan for the recommendation.
Enhanced Webhook Features: Fixed PHP warnings related to the recent webhook integration, ensuring smoother operation.
Improved webhook logic for more efficient logging and faster webhook processing.
Export Functionality Bugfix: Addressed and corrected an issue where some users experienced errors during data export.
Security Enhancement: Introduced two new actions for improved security logging, specifically targeting attempts to access renamed login URLs: ‘attempted_access_to_wp_admin_url’ and ‘attempted_access_to_wplogin_php’.
5.170
Update 3rd party libraries
Language files updated.
New: Introducing Webhook functionality (Pro users). Send selected events to a webhook URL. Works great with Zapier.
Fix for reactivating plugin with empty firewall settings. This could cause a PHP Fatal Error warning.
Improvement to the Events logger settings page.
5.169
Fixed: Resolved an issue where the installation date display error occurred if the initial date saving process was unsuccessful. Special thanks to Alberto for highlighting this.
5.168
Enhancement: Now meticulously tracking each user’s last login moment without depending on previously stored session data. Thank you Kittipot.
Improvement: Streamlined events log by retaining only IP addresses and User Agent details for logged-in users.
Fix: Sometimes not saving firewall settings properly. Thank you Ben.
Fix: Removed – Some unnecessary JavaScript was loaded outside of the plugin admin pages. Thank you Lars.
Update Freemius SDK to 2.6.2
Added IP in sidebar for firewall events.
5.167
Fix for the “Check if REST API is enabled”. Thank you Dorel.
5.166
Improved MainWP integration for MainWP users.
Improved integration with SN Vulnerability API server – GZ compression.
Improved “Remove unwanted files” fix to look for and delete even more files.
Fix for exporting – Thank you Dorel.
Fix for “Username enumeration” test – Thank you Dorel.
Added 10+ knowledgebase articles on https://wpsecurityninja.com/docs/
Updated 3rd party libraries.
5.165
Update the events log pruning routines.
Code cleanup
5.164
FIX: Clicking “Details” button in the events log. Now you can see all details properly. Thank you Tom.
5.163
Fix for ‘undefined array’ – related to the newly introduced feature where you can change the login error message. Thank you Tom.
Fix for emails sent out by vulnerability module even if you had no vulnerabilites.
5.162
Fix for compatibility with “Stop Spammers Security | Block Spam Users, Comments, Forms” – Thank you @bobf000.
5.161
Fix – Vulnerability folder creation bug on some installations. Result was that some users could not download vulnerabilities first time the function ran.
New: Change the message shown to users when they fail to log in. Default “Something went wrong”
5.160
Major Update with many improvements
New Feature: Users page – Show last time a user logged in. Help identify inactive users. Go to “Users” and check the added column “Last Login”.
New: Added inline HelpScout beacon help for free users.
Improvement: Better email warnings with more details for any detected vulnerabilites.
Improvement: The plugin longer stores vulnerabilites in database, saves to a local file instead. This lowers the memory usage and overall speed.
Improvement: The events log now loads after pageload, and makes searching the log much easier and faster.
FIX: Upgrade from free to premium error – Fatal error “Cannot redeclare”
Improvement: Added details in sidebar for firewall activities.
WordPress 6.3.2 compatibility.
Improvement: Trimming backup folder /sn-backups/ monthly to keep only latest 15 backups.
Fix: Some autofixes not working correctly.
Fix: Missing help beacon for some users. Also, we just added over 100+ articles to the inline help.
Updated 3rd party libraries.
5.159
Fix: “Check if Application Passwords are enabled” gave warning eventhough function was disabled. Thank you @tischtennis
5.158
More details for debugging API connection issues.
Visitor log visual updates.
Updated Freemius SDK to 2.5.7
5.157.1
Hotfix for referencing a wrong class name after moving to PHP namespaces in 5.157
5.157
Speed: Plugin options are no longer autoloaded. Older users might notice an improvement in website speed – Thank you Parag.
Fix: When deleting an unwanted file via Core Scanner, the message reported an error even when file was successfully deleted.
Fix: Malware scan could fail due to unexpected output in JavaScript.
Improved visual layout problem in Events Logger.
Improved visual layout in the visitor log
General code improvements and cleaning.
Worked on PHP 8.2 compatibility – almost complete.
5.156
Checked WP 6.2 compatibility
Updated Freemius SDK to 2.5.6
5.155
NEW: Added details about blocked visitors on dashboard widget.
FIX: Notice that detected low memory incorrectly on systems with no limit memory setting (-1)
FIX: Warning notices regarding undefined array keys in the event logger. Thank you Jean-Claude 🙂
5.154
FIX: PHP warning the first time the settings in the vulnerabilites module was updated.
Updated the “Application Passwords” test to include info on how to disable the feature. Thank you @lsbk 🙂
New: More details in email report, user IP and improved layout. Thank you Kevin for the suggestion.
New: You can now email events log reports to more than one recipient. Thank you Kevin.
5.153
FIX: The two Shellshock tests would fail on some servers. Thank you Jeroen and Oliver.
FIX: A bug in the visitor log details when there is a lot of info to display.
FIX: The “Enable background plugin updates” notice was shown everywhere. Thank you Ian for pointing out.
Enable background plugin updates notice is now hidden forever when dismissed.
Change default time to store visitors to 7 days (much better for big sites with a lot of traffic)
Fix bug with unexpected results for tests to show up.
FIX: Remove unused code for plugins not updated for a while. Thank you.
“Outdated plugins” module completely removed for now to be reworked.
FIX: Scheduled Scanner tests with Core Scanner sometimes failed. Error found and fixed.
Updated language files for translators, thank you 🙂
5.152
Fix for not cleaning up old files when downloading vulnerable plugin list. Thank you @michaing.
Fix for visitor log not working properly on some installations. Thank you Jean-Claude.
Fix for bug in events logger related to comments. Thank you Thomas.
Fix for descriptions not showing properly for some vulnerabilites.