A true Web Application Firewall.
Being one of those that will research a product for days on end before making a commitment, whether an install from the .org repo or a purchase. I can't say I found any negative reviews about Ninja FW and after viewing the benchmarks and these reviews I decided to purchase the Pro version from the start.
So far so good.
I'm using an AWS Nginx WordPress stack by Anomito, which is excellent by the way. The way they automate a WP setup creates a wp-config file slightly different to the standard file in how it defines the database connection. This conflicted with the install so I'd made a support request. Not long after I had a member of the team identifying the problem mentioned above and providing a solution.
I was up and running in 10 minutes.
So this review mainly focuses on the simple config once up and running and the excellent support received so far.
I'll add an update about the effectivness of this plugin after the website is launched and I've gathered some data.
I'll also be using Ninja FW alongside WordFence, if you are considering this it's worth reading the support requests below as well prior to install.
- false positive (not a big issue) : http://wordpress.org/support/topic/wordfence-false-positive?replies=3
- log in issue: http://wordpress.org/support/topic/ninjafirewall-seems-to-block-some-wordfence-functions?replies=3
Keep up the good work!
Although the Ninja team doesn't offer support for Windows and block the installation on it, I got it working with just some small code changes.
First of all you must have access to the auto_prepend_file PHP settings, either per php.ini or as in my case per .user.ini (on Azure Website).
I removed the tiny code that checks for Windows and blocks it (for no reason I think) in the install.php file.
The only real compatibility issue is that you must adjust line 60 in lib\firewall.php to make it able to read the wp-config.php file.
This is just done by changing all slashes (/) to backslashes (\).
Then install, activate it and go through the post-installation procedure.
After all it works well. I tested various security vulnerability scans successfully (except SQL injection, which passes through, but this can be solved with a web.config regex rewrite rule).
Now I'm wondering, why Ninja didn't implement these small fix themselves?
I read the reviews and the benchmark tests for this firewall application and decided to install it on two of my sites. The setup has been straightforward, and the walk through installation is very clear about the changes that will be made to you .htaccess and php.ini files. Since it's been up and running I have chosen to use it as my sole firewall and login protection, alongside Wordfence for regular security scans to detect changes to theme/plugin files and anything else that slips through the security net. The two plugins are working happily together without any problems. There is a firewall log that help to show the types of attacks that are being attempted, and how they are being prevented. This is both informative and reassuring. All in all, this is an excellent firewall, and the author seems committed to comprehensive support and development.
I like plugin authors who compare their own works against the works of others. Nintechnet offers a neat comparison with five of the most commonly used security plugins, two of which I use, too. They not only showed me how well this one works, but also improved my knowledge of WP security as such. Thank you very much!
Edit: The author helped me to get this plugin to run, which was very kind. If you also get stuck in the intro, read here how it got solved: http://wordpress.org/support/topic/ninja-firewall-with-bps-and-aio-wp-security?replies=11#post-5476701
It took me a little bit to configure and get it up and running, however once I did this plugin works fantastic.
Plus the plugin author provides amazing support and this plugin is 100% free!
Some times a bit tricky to get it running (depending on your server spec). But then it works like a charm.
I had a little trouble with the php.ini in my site folder being an issue, but created a user.ini and renamed the php.ini and chose it and it's working just fine.
I was using the FREE version for sometime now and enjoy how great it protect my site,after reading what the PRO-NinjaFirewall WP+ do i had to upgrade and with all the features that came with "NinjaFirewall WP+" it's your money worth i love the fact that you can block any country and the rate limiting option to block aggressive bots, crawlers, web scrapers and HTTP DoS attacks etc paying that $29 a year i must say it can't get any better then that,i had a little problem and the support team was a A+ they get the issue fixed and had me back up and running in no time,if you want to be full secure upgrade to the "NinjaFirewall WP+" and you will see what a great job it does.
It takes time to set it up but this is really an excellent security plugin. It has a lot of nice features and works well with my other plugins. A++++
This is by far the best firewall.
it works and looks great.
But pleeeeeeeease, make it multisites compatible :)