NinjaFirewall (WP+ Edition)

A true Web Application Firewall for WordPress.

NinjaFirewall (WP+ Edition) is a true Web Application Firewall. Although it can be installed and configured just like a plugin, it is a stand-alone firewall that sits in front of WordPress.
It allows any blog administrator to benefit from very advanced and powerful security features that usually aren't available at the WordPress level, but only in security applications such as the Apache ModSecurity module or the PHP Suhosin extension.

Some of its features are:

  • Powerful filtering engine.

  • Stand alone Web Application Firewall.

  • Protects against remote & local file inclusions, code execution, uploads, SQL injections, bots and scanners, XSS, PHP objection injection, privilege escalation and many other threats.

  • Fastest and most efficient brute-force attack protection for WordPress.

  • Hooks and sanitises all HTTP requests before they reach WordPress, as well as the response body.

  • Multi-site support.

  • Powerful access control (User Role, IP, Geolocation, URL, Bot/User-Agent, rate-limiting).

  • Event notifications.

  • Centralized logging.

  • Syslog Logging.

  • GDPR (General Data Protection Regulation) compliance.

  • And many more...

We offer two versions:

  • WP Edition: A free open-source version.

  • WP+ Edition: A supercharged edition that adds many new exciting features and blazing fast performances to make it the fastest and most advanced security plugin for WordPress.

Comparison WP Edition WP+ Edition
Full standalone web application firewall
Compatible with shared hosting accounts
Supports multiple encoding, detects obfuscation tactics and WAF evasion techniques (more info)
Fastest and most efficient brute-force attack protection (see our benchmarks: 2015 benchmarks)
Unix shared memory use for inter-process communication (IPC) and blazing fast performances. Check your server compatibility
Multi-site support
WordPress-specific security rules
Protects against RFI/LFI, XSS, code execution, SQL injections, brute-force scanners, shell scripts, backdoors and many other threats
Scans and sanitises GET/POST requests, HTTP/HTTPS traffic, cookies & server variables/names
Advanced filtering options (ASCII control characters, PHP wrappers, base64 decoder)
Hooks and secures HTTP reponse headers to prevent XSS, phishing and clickjacking attempts
Response body filter (Web Filter) to scan the output of the HTML page right before it is sent to your visitors browser
Blocks username enumeration scanners
File uploads management Block / Allow uploads.
Sanitise file names.
Block / Allow uploads.
Sanitise file names.
Block dangerous files.
Limit file size.
Hides PHP error and notice messages
Blocks direct access to PHP scripts located inside specific directories
Possibility to prepend your own PHP code to the firewall (.htninja)
Role-based Access Control Admin only Admin, Editor, Author, Contributor and Subscriber
IP-based Access Control
Rate limiting option to block aggressive bots, crawlers, web scrapers and HTTP attacks
Country-based Access Control (Geolocation)
URL Access Control
Bot Access Control
Full IPv4 / IPv6 compatibility
Configurable HTTP return code and message
Centralized Logging to remotely access the firewall log of all your NinjaFirewall protected websites from one single installation.
Activity log & Statistics View log.
Widget Stats.
Live Log.
View, select, export, delete, filter, enable and disable log.
Auto rotation.
Widget Stats.
Live Log.
Syslog Logging
Rules editor
Works with any PHP scripts including ZendGuard, SourceGuardian and ionCube encoded scripts
Antispam for comment and user regisration forms
Real-time detection (File Guard)
File integrity monitoring (File Check) to scan your website hourly, twicedaily or daily
Event notifications
Language French, English French, English
Automatically update security rules Hourly, Twicedaily, Daily Hourly, Twicedaily, Daily
GDPR (General Data Protection Regulation) compliance
Requirements WordPress 3.3+.
PHP 5.3+ or HHVM 3.4+.
Apache, Nginx, LiteSpeed.
Unix-like OS only
WordPress 3.3+.
PHP 5.3+ or HHVM 3.4+.
Apache, Nginx, LiteSpeed.
Unix-like OS only
Online support WordPress Forum only. Dedicated Help Desk with Priority Support.