NinjaFirewall (WP+ Edition)

A true Web Application Firewall for WordPress.

NinjaFirewall (WP+ Edition) is a true Web Application Firewall. Although it can be installed and configured just like a plugin, it is a stand-alone firewall that sits in front of WordPress.
It allows any blog administrator to benefit from very advanced and powerful security features that usually aren't available at the WordPress level, but only in security applications such as the Apache ModSecurity module or the PHP Suhosin extension.

Some of its features are:

  • Stand alone Web Application Firewall.

  • Protects against remote & local file inclusions, code execution, uploads, SQL injections, brute-force scanners, XSS and many other threats.

  • Fastest and most efficient brute-force attack protection for WordPress.

  • Hooks and sanitises all HTTP requests before they reach WordPress, as well as the response body.

  • Multi-site support.

  • Powerful access control (User Role, IP, Geolocation, URL, Bot/User-Agent, rate-limiting).

  • Events Notification.

  • And many more...

We offer two versions:

  • WP Edition: A free, fully functional open-source version.

  • WP+ Edition: A supercharged edition which adds many new exciting features and blazing fast performances to make it the fastest and most advanced security plugin for WordPress.

Comparison WP Edition WP+ Edition
Full standalone web application firewall
Compatible with shared hosting accounts
Fastest and most powerful brute-force attack protection (see our benchmarks: #1, #2) !!!!
Unix shared memory use for inter-process communication (IPC) and blazing fast performances. Check your server compatibility
Multi-site support
WordPress-specific security rules
Protects against RFI/LFI, XSS, code execution, SQL injections, brute-force scanners, shell scripts, backdoors and many other threats
Scans and sanitises GET/POST requests, HTTP/HTTPS traffic, cookies & server variables/names
Advanced filtering options (ASCII control characters, PHP wrappers, base64 decoder)
Hooks and secures HTTP reponse headers to prevent XSS, phishing and clickjacking attempts
Response body filter (Web Filter) to scan the output of the HTML page right before it is sent to your visitors browser
Blocks username enumeration scanners
File uploads management Block / Allow uploads.
Sanitise file names.
Block / Allow uploads.
Sanitise file name.
Reject system files, ELF and scripts.
Limit file size.
Hides PHP error and notice messages
Blocks direct access to PHP scripts located inside specific directories
Possibility to prepend your own PHP code to the firewall (.htninja)
Role-based Access Control Admin only Admin, Editor, Author, Contributor and Subscriber
IP-based Access Control
Rate limiting option to block aggressive bots, crawlers, web scrapers and HTTP attacks
Country-based Access Control (Geolocation)
URL Access Control
Bot Access Control
Full IPv4 / IPv6 compatibility
Configurable HTTP return code and message
Activity log & Statistics View log.
Widget Stats.
Live Log.
View, select, delete, filter, enable and disable log.
Auto rotation.
Widget Stats.
Live Log.
Rules editor
Works with any PHP scripts including ZendGuard, SourceGuardian & ionCube encoded scripts
Antispam for comment and user regisration forms
Real-time detection (File Guard)
File integrity monitoring (File Check) to scan your website hourly, twicedaily or daily
Events notification
Supported languages French, English French, English
Automatically update security rules Hourly, Twicedaily, Daily Hourly, Twicedaily, Daily
Requirements WordPress 3.3+.
PHP 5.3+ or HHVM 3.4+.
Apache, Nginx, LiteSpeed.
Unix-like OS only
WordPress 3.3+.
PHP 5.3+ or HHVM 3.4+.
Apache, Nginx, LiteSpeed.
Unix-like OS only
Online support WordPress Forum only. Dedicated Help Desk with Priority Support.
License Type Open Source GPL Commercial