A true Web Application Firewall.
REMOTE_ADDRcontains only one IP or will remove any extra IP.
DISABLE_WP_CRONis defined (applies to "File Check" and "Updates").
HTTP_X_FORWARDED_PROTOset to 'https' (Firewall Policies > HTTP response headers).
site_url()function depending on the type of notification.
Strict-Transport-Security, to defend against cookie hijacking and Man-in-the-Middle attacks (see "Firewall Policies > HTTP response headers").
/wp-includes/folder is enabled (see "Firewall Policies" page).
auto_prepend_filedirective that may be found in the PHP INI file prior to insert its own one.
site_idvariables to prevent potential false detection alerts.
add_actionhooks was lowered in order to execute them earlier.
/plugins/directory was renamed.
wp-content/nfwlog/folder, to prevent WordPress from deleting them during an update.
shellshockbash code injection vulnerability (CVE-2014-6271).
stripslashes()to prevent WordPress from escaping quotes in the "Login Protection" password.
.htninjafile to quickly allow or block visitors. See
http://ninjafirewall.com/wordpress/htninja/for full details.
E-mail Alertsmenu to
logdirectory is not writable.
wp-config.phpfile, in the case it was moved to another directory (see
http://ninjafirewall.com/wordpress/htninja/for full details).
/wp-includes/directory because it could prevent non-admin users from using the TinyMCE WYSIWYG editor.
E-mail Alertsconfiguration page to send alerts on specific events (users login, themes/plugins installation, activation, deletion etc).
Rules Editormenu to enable/disable built-in rules individually.
stripslashes()to prevent WordPress from escaping quotes in the "Blocked user message" textarea.
Call to undefined function flatten()error message.
SAFE_MODEis enabled with PHP 5.3+.
Requires: 3.3.0 or higher
Compatible up to: 4.2
Last Updated: 2015-4-26
Active Installs: 5,000+
24 of 33 support threads in the last two months have been resolved.
Got something to say? Need help?