NinjaFirewall logo

NinjaFirewall (Pro+ Edition)

Advanced Security Firewall for PHP.

A true Web Application Firewall

NinjaFirewall (Pro+ Edition) is a true Web Application Firewall to protect PHP sites against web attacks.

It can hook, scan, sanitise or reject any HTTP/HTTPS request sent to a PHP script before it reaches it. All scripts located inside the website root directory and sub-directories will be protected. Even encoded PHP scripts, hackers shell scripts and backdoors will be filtered by the firewall.

NinjaFirewall logo

NinjaFirewall includes a very powerful filtering engine. Its most important feature is its ability to normalize and transform data from incoming HTTP requests which allows it to detect Web Application Firewall evasion techniques and obfuscation tactics used by hackers, as well as to support and decode a large set of encodings. See our blog for a full description: An introduction to NinjaFirewall filtering engine.

Features

  Pro Edition (Free) Pro+ Edition (Premium)
Full standalone web application firewall
Sensei v1.0 advanced firewall engine (more info)
Compatible with shared hosting accounts
Unix shared memory use for inter-process communication  
Response body filter (Web Filter)  
HTTP response headers
File uploads management Basic
Possibility to prepend PHP code to the firewall (more info)
IP address & AS number Access Control  
Rate-limiting option  
Geolocation Access Control  
URL Access Control  
User Input Access Control  
Bot Access Control  
Configurable HTTP return code and message
Centralized Logging  
Activity log & Statistics Basic
Syslog Logging compatible with Fail2Ban (more info)  
Real-time detection (File Guard)
File integrity monitoring to scan your website (File Check)
Language English, French English, French
General Data Protection Regulation (GDPR) compliance
Requirements PHP 7.1+
Apache, Nginx, LiteSpeed
Unix-like OS only		 PHP 7.1+
Apache, Nginx, LiteSpeed
Unix-like OS only
Dedicated Help Desk with priority support  
 
 Download
 Order Pro
  Download Order Pro

Pricing

Plan #1

USD $79

per domain/year

  • 1 domain
  • or multisite

Plan #2

USD $63

per domain/year

  • From 2 to 5 domains
  • 20% off

Plan #3

USD $55

per domain/year

  • From 6 to 15 domains
  • 30% off

Plan #4

USD $47

per domain/year

  • 15+ domains
  • 40% off

FAQ

We accept all major credit and debit cards from Visa, Mastercard, American Express and JCB.

Note that we use 3D Secure verification (Verified by Visa, Mastercard SecureCode, AMEX SafeKey and J/Secure) to add an extra layer of security to your transaction.
We do not store your credit card information, all payment transactions are securely processed via our PCI compliant payment processor.

  1. Create an account.
  2. Log in.
  3. Select a subscription plan and add credit* to your account using a Credit Card or Debit Card.
  4. Create your license.
* After receiving your payment, we will credit your account accordingly and you will be free to use your account balance to create your NinjaFirewall license(s) whenever you want. For instance, if you only have one website but want to get a 20% off discount, select Plan #2 (2 to 5 domains), make your payment for two license and create your first license. Next year, when your license will expire, you could use your credit left to renew that license.

  1. Log in.
  2. Add funds to your account to pay the annual license fee.
  3. Renew the current license.
  4. Log in to your NinjaFirewall's dashboard, click on "Account > License" and enter the newly created license.

  • PHP 7.1 or above.
  • Apache, Nginx or LiteSpeed HTTP server.
  • Unix-like OS only.

There's no subscription, automatic renewal or recurring payment: if you have a NinjaFirewall license and don't renew it, it will be cancelled automatically when it reaches its expiry date.

If you are using WordPress, you should install the WP+ Edition because it was specifically written to secure WordPress. The Pro+ Edition should be used with non-WordPress applications such as Joomla, Magento or any other PHP website.

NinjaFirewall includes a very powerful filtering engine that can detect Web Application Firewall evasion techniques and obfuscation tactics used by hackers, as well as support and decode a large set of encodings. See our blog for a detailed description: An introduction to NinjaFirewall v3.0 filtering engine.

  1. Create a new directory in your document root and, over FTP, upload all files from this package.
  2. Go to https://your-site/NEW_DIRECTORY/install.php
  3. Follow the setup assistant.

NinjaFirewall works on Unix-like servers only. There is no Microsoft Windows version and we do not expect to release any.

Will NinjaFirewall detect the correct IP of my visitors if I am behind a CDN service like Cloudflare or Incapsula?

If you are using NinjaFirewall (Pro+ Edition), you can modify the source IP from the "Firewall > Access Control > Source IP" menu. If you are using the free NinjaFirewall (Pro Edition), you can use an optional configuration file to tell the firewall which IP to use. Please follow these steps.

Can I add/write my own security rules?

You can use the optional .htninja configuration file for that purpose.

Can I migrate my site(s) with NinjaFirewall installed?

In order to migrate your site, follow these steps:
  1. Rename the PHP INI or .htaccess file that contains the NinjaFirewall auto_prepend_file directive.
  2. Migrate your site, including NinjaFirewall.
  3. Edit your PHP INI or .htaccess file and change the auto_prepend_file path to the firewall.php script so that it matches your new website document root/directory structure.
  4. Rename your PHP INI or .htaccess file to its original name.
  5. Log in to your NinjaFirewall admin dashboard, click on "Firewall > Policies", scroll down to the bottom of the page and click the "Save Changes" button. This operation will adjust your configuration to the new website document root.
  6. Check the "Summary > Overview" page to ensure there is no error or warning message.

How can I protect Joomla! with NinjaFirewall?

See our article : Securing a Joomla! installation with NinjaFirewall (Pro+).

Failed installation

This is the most common problem experienced by some users. At the end of the installation process, it displays the following message: the firewall is not loaded. Consult this post for help: Troubleshoot NinjaFirewall installation problems.

I lost my administrator password. How can I recover it?

Download our password reset script (for NinajFirewall v1.x, for NinjaFirewall v2.x and v3.x) and follow the indicated steps.

Blocked visitors

Because each site is different, it is possible that the default configuration of NinjaFirewall may wrongly block some visitors. If it occurred, please consult this post: Testing NinjaFirewall without blocking your visitors