NinjaFirewall Pro+ Edition

A powerful Web Application Firewall to protect PHP sites against web attacks.

How secure is your website?

Give your website the highest level of protection it deserves, no less!

Blocks all major threats

Cross-Site Scripting (XSS)
Local & Remote File Inclusion (LFI, RFI)
Insecure Deserialization
SQL Injection (SQLi)
PHP object injection
Remote Code Execution (RCE)
XML External Entity (XXE)

Large set of options

50+ firewall policies
130+ security rules
Access Control
Syslog Logging/Fail2Ban
IPv4, IPv6 & AS number
And many more...

Powerful filtering engine


Speed matters

High Performance Firewall
Low CPU/RAM usage
Fast & compact
No database required

We offer two versions

» Pro Edition

A free and open-source edition.

» Pro+ Edition

A supercharged premium edition with many exciting features that make it the most advanced PHP firewall.

Features & Comparison

Features Pro Edition
Pro+ Edition
Full standalone web application firewall
"Sensei v1.0" advanced firewall engine (more info)
Compatible with shared hosting accounts
HTTP response headers
Response body filter (Web Filter) to scan the output of the HTML page right before it is sent to your visitors browser
File uploads management Block/allow uploads.
Sanitise file names.
Block / Allow uploads.
Sanitise file names.
Block dangerous files.
Scan ZIP files.
Limit file size.
Possibility to prepend your own PHP code to the firewall (.htninja)
IP address & AS number Access Control
Rate-limiting option
Country-based Access Control (Geolocation)
URL Access Control
Bot Access Control
IPv4 & IPv6 compatibility
Configurable HTTP return code and message
Centralized Logging to remotely access the firewall log of all your NinjaFirewall protected websites from one single installation
Activity log & Statistics View, select, export, delete, filter, enable and disable log.
Auto rotation.
Widget Stats.
Live Log.
View, select, export, delete, filter, enable and disable log.
Auto rotation.
Widget Stats.
Live Log.
Syslog Logging (compatible with Fail2Ban)
Works with any PHP scripts including ZendGuard, SourceGuardian and ionCube encoded scripts
Real-time detection (File Guard)
On-demand File integrity monitoring to scan your website (File Check)
Language French, English French, English
General Data Protection Regulation (GDPR) compliance
Requirements PHP 7.1+
Apache, Nginx, LiteSpeed.
Unix-like OS only ( ? )
PHP 7.1+
Apache, Nginx, LiteSpeed.
Unix-like OS only ( ? )
Online support Dedicated Help Desk with Priority Support
  Free Download


Plan #1


per domain/year
  • 1 domain

Plan #2


per domain/year
  • From 2 to 5 domains
  • 20% off

Plan #3


per domain/year
  • From 6 to 15 domains
  • 30% off

Plan #4


per domain/year
  • From 16 to 49 domains
  • 40% off

Plan #5


per domain/year
  • From 50 to 99 domains
  • 50% off

Plan #6


per domain/year
  • 100+ domains
  • 60% off

All prices are in USD, per domain and per year.

Frequently Asked Questions

NinjaFirewall includes a very powerful filtering engine that can detect Web Application Firewall evasion techniques and obfuscation tactics used by hackers, as well as support and decode a large set of encodings. See our blog for a detailed description: An introduction to NinjaFirewall v3.0 filtering engine.

The WP+ Edition is for WordPress blogs only. The Pro+ Edition can be used with non-WordPress applications such as Joomla, Magento or any other PHP website.

  1. Create an account.
  2. Log in.
  3. Select a subscription plan and add credit* to your account using a Credit Card or Debit Card.
  4. Create your license.
* After receiving your payment, we will credit your account accordingly and you will be free to use your account balance to create your NinjaFirewall license(s) whenever you want. For instance, if you only have one website but want a discount, select Plan #2 (2 to 5 domains), make your payment for two licenses and create your first license. Next year, when your license will expire, you could use your credit left to renew that license.

  1. Log in.
  2. Add funds to your account (or use your credit if you have sufficient funds in your account) to pay the annual license fee.
  3. Renew the current license.
  4. Log in to your NinjaFirewall's dashboard, click on "Account > License" and enter the newly created license.

  1. Create a new directory in your document root and, over FTP, upload all files from this package.
  2. Go to https://your-site/NEW_DIRECTORY/install.php
  3. Follow the setup assistant.

NinjaFirewall works on Unix-like servers only. There is no Microsoft Windows version and we do not expect to release any.

Will NinjaFirewall detect the correct IP of my visitors if I am behind a CDN service like Cloudflare or Incapsula?

If you are using NinjaFirewall (Pro+ Edition), you can modify the source IP from the "Firewall > Access Control > Source IP" menu. If you are using the free NinjaFirewall (Pro Edition), you can use an optional configuration file to tell the firewall which IP to use. Please follow these steps.

Can I add/write my own security rules?

You can use the optional .htninja configuration file for that purpose.

Can I migrate my site(s) with NinjaFirewall installed?

In order to migrate your site, follow these steps:
  1. Rename the PHP INI or .htaccess file that contains the NinjaFirewall auto_prepend_file directive.
  2. Migrate your site, including NinjaFirewall.
  3. Edit your PHP INI or .htaccess file and change the auto_prepend_file path to the firewall.php script so that it matches your new website document root/directory structure.
  4. Rename your PHP INI or .htaccess file to its original name.
  5. Log in to your NinjaFirewall admin dashboard, click on "Firewall > Policies", scroll down to the bottom of the page and click the "Save Changes" button. This operation will adjust your configuration to the new website document root.
  6. Check the "Summary > Overview" page to ensure there is no error or warning message.

How can I protect Joomla! with NinjaFirewall?

See our article : Securing a Joomla! installation with NinjaFirewall (Pro+).

Failed installation

This is the most common problem experienced by some users. At the end of the installation process, it displays the following message: the firewall is not loaded. Consult this post for help: Troubleshoot NinjaFirewall installation problems.

I lost my administrator password. How can I recover it?

Download our password reset script (for NinajFirewall v1.x, for NinjaFirewall v2.x and v3.x) and follow the indicated steps.

Blocked visitors

Because each site is different, it is possible that the default configuration of NinjaFirewall may wrongly block some visitors. If it occurred, please consult this post: Testing NinjaFirewall without blocking your visitors

© 2024 The Ninja Technologies Network

Twitter    Facebook     Feed