A true Web Application Firewall to protect and secure WordPress.
update_corecapability that was required to access NinjaFirewall settings because if the
DISALLOW_FILE_MODSoption from the "Firewall Policies" page was enabled, the admin could no longer access NinjaFirewall.
max-ageto signal the user-agent to cease regarding the host as a known HSTS Host, while disabling the HSTS option will not return any header at all.
system.multicallmethod (see "Firewall Policies > WordPress XML-RPC API").
NFW_LOG_DIRconstant (see http://nintechnet.com/ninjafirewall/wp-edition/help/?htninja for more details).
REMOTE_ADDRcontains only one IP or will remove any extra IP.
DISABLE_WP_CRONis defined (applies to "File Check" and "Updates").
HTTP_X_FORWARDED_PROTOset to 'https' (Firewall Policies > HTTP response headers).
site_url()function depending on the type of notification.
Strict-Transport-Security, to defend against cookie hijacking and Man-in-the-Middle attacks (see "Firewall Policies > HTTP response headers").
/wp-includes/folder is enabled (see "Firewall Policies" page).
auto_prepend_filedirective that may be found in the PHP INI file prior to insert its own one.
site_idvariables to prevent potential false detection alerts.
add_actionhooks was lowered in order to execute them earlier.
/plugins/directory was renamed.
wp-content/nfwlog/folder, to prevent WordPress from deleting them during an update.
shellshockbash code injection vulnerability (CVE-2014-6271).
stripslashes()to prevent WordPress from escaping quotes in the "Login Protection" password.
.htninjafile to quickly allow or block visitors. See http://nintechnet.com/ninjafirewall/wp-edition/help/?htninja for full details.
E-mail Alertsmenu to
logdirectory is not writable.
wp-config.phpfile, in the case it was moved to another directory (see http://nintechnet.com/ninjafirewall/wp-edition/help/?htninja for full details).
/wp-includes/directory because it could prevent non-admin users from using the TinyMCE WYSIWYG editor.
E-mail Alertsconfiguration page to send alerts on specific events (users login, themes/plugins installation, activation, deletion etc).
Rules Editormenu to enable/disable built-in rules individually.
stripslashes()to prevent WordPress from escaping quotes in the "Blocked user message" textarea.
Call to undefined function flatten()error message.
SAFE_MODEis enabled with PHP 5.3+.
Requires: 3.3.0 or higher
Compatible up to: 4.4.2
Last Updated: 2 days ago
Active Installs: 9,000+
17 of 34 support threads in the last two months have been marked resolved.
Got something to say? Need help?