NinjaFirewall (Pro+ Edition)

Advanced firewall software for all your PHP applications.


NinjaFirewall (Pro+ Edition) is a powerful Web Application Firewall designed to protect all PHP softwares, from custom scripts to popular shopping cart softwares and CMS applications.


Some of its features are:

  • Powerful filtering engine.

  • Stand alone Web Application Firewall.

  • Protects against remote & local file inclusions, code execution, uploads, SQL injections, bots and scanners, XSS and many other threats.

  • Hooks and sanitises all HTTP requests before they reach your website, as well as the response body.

  • Real-time detection (File Guard).

  • Response body filter (Web Filter).

  • Powerful access control and firewall policies.

  • Easy to setup; your PHP scripts do not require modifications.

  • Works with any PHP applications, even those encoded with ionCube and ZendGuard.

  • Management administration console.

  • One-click updates.

  • Centralized logging.

  • And many more...


We offer two versions:

  • Pro Edition: A free open-source version.

  • Pro+ Edition: A supercharged edition packed with many more options and new exciting features.

Comparison Pro Edition Pro+ Edition
Full standalone web application firewall
Compatible with shared hosting accounts
Supports multiple encoding, detects obfuscation tactics and WAF evasion techniques (more info)
WordPress-specific security rules
Protects against RFI/LFI, XSS, code execution, SQL injections, brute-force scanners, shell scripts, backdoors and many other threats
Scans and sanitises GET/POST requests, HTTP/HTTPS traffic, cookies & server variables/names
Advanced filtering options (ASCII control characters, PHP wrappers, base64 decoder)
Hooks and secures HTTP reponse headers to prevent XSS, phishing and clickjacking attempts
Response body filter (Web Filter) to scan the output of the HTML page right before it is sent to your visitors browser
File uploads management Block / Allow uploads.
Reject system files, ELF and scripts.
Sanitise file name.
Limit file size.
Block / Allow uploads.
Reject system files, ELF and scripts.
Sanitise file name.
Limit file size.
Hides PHP error and notice messages
Possibility to prepend your own PHP code to the firewall (.htninja)
IP banning
IP-based Access Control
Rate limiting option to block aggressive bots, crawlers, web scrapers and HTTP attacks
Country-based Access Control (Geolocation)
URL Access Control
Bot Access Control
Full IPv4 / IPv6 compatibility
Configurable HTTP return code and message
Centralized Logging to remotely access the firewall log of all your NinjaFirewall protected websites from one single installation.
Activity log & Statistics View, select, delete, export, filter, enable and disable log.
Auto rotation.
Live Log.
View, select, delete, export, filter, enable and disable log.
Auto rotation.
Live Log.
Syslog Logging
Rules editor
Works with any PHP scripts including ZendGuard, SourceGuardian and ionCube encoded scripts
Real-time detection (File Guard)
On-demand file integrity monitoring (File check)
Debugging mode
Language French, English French, English
One-click updates from the administration console
Requirements (test your website compatibility: download and run our PHP test script to check whether your server meets the requirements) PHP 5.3+ or HHVM 3.4+.
Apache, Nginx, LiteSpeed.
Unix-like OS only
PHP 5.3+ or HHVM 3.4+.
Apache, Nginx, LiteSpeed.
Unix-like OS only
Online support Dedicated Help Desk with Priority Support.