A true Web Application Firewall to protect and secure WordPress.
NinjaFirewall sits between the attacker and WordPress. It can filter requests before they reach your blog and any of its plugins. This is how it works :
Attacker > HTTP server > PHP > NinjaFirewall > WordPress
And this is how all WordPress plugins work :
Attacker > HTTP server > PHP > WordPress > Plugins
Unlike other security plugins, it will protect all PHP scripts, including those that aren't part of the WordPress package.
NinjaFirewall includes a very powerful filtering engine which can detect Web Application Firewall evasion techniques and obfuscation tactics used by hackers, as well as support and decode a large set of encodings. See our blog for a full description: An introduction to NinjaFirewall 3.0 filtering engine.
NinjaFirewall does not require any root privilege and is fully compatible with shared hosting accounts. You can install it from your WordPress admin console, just like a regular plugin.
NinjaFirewall works with Nginx and others Unix-based HTTP servers (Apache, LiteSpeed etc). Its installer will detect it.
You do not need to make any modifications to your scripts. NinjaFirewall hooks all requests before they reach your scripts. It will even work with encoded scripts (ionCube, ZendGuard, SourceGuardian etc).
NinjaFirewall will look for the wp-config.php script in the current folder or, if it cannot find it, in the parent folder.
You can use an optional configuration file to tell NinjaFirewall which IP to use. Please follow these steps.
Your visitors will not notice any difference with or without NinjaFirewall. From WordPress administration console, you can click "NinjaFirewall > Status" menu to see the benchmarks and statistics (the fastest, slowest and average time per request). NinjaFirewall is very fast, optimised, compact, requires very low system resources and outperforms all other security plugins. By blocking dangerous requests and bots before WordPress is loaded, it will save bandwidth and reduce server load.
NinjaFirewall works on Unix-like servers only. There is no Microsoft Windows version and we do not expect to release any.
Requires: 3.3.0 or higher
Compatible up to: 4.6
Last Updated: 2 weeks ago
Active Installs: 10,000+
13 of 22 support threads in the last two months have been marked resolved.
Got something to say? Need help?