NinjaFirewall (WP+ Edition)

Help & FAQ


Why is NinjaFirewall different from other security plugins for WordPress?

NinjaFirewall sits between the attacker and WordPress. It can filter requests before they reach your blog and any of its plugins. This is how it works:

Attacker > HTTP server > PHP > NinjaFirewall > WordPress

And this is how regular WordPress plugins work:

Attacker > HTTP server > PHP > WordPress > Plugins

How powerful is NinjaFirewall?

NinjaFirewall includes a very powerful filtering engine that can detect Web Application Firewall evasion techniques and obfuscation tactics used by hackers, as well as support and decode a large set of encodings. See our blog for a detailed description: An introduction to NinjaFirewall v3.0 filtering engine.

Do I need root privileges to install NinjaFirewall?

NinjaFirewall does not require root privileges and is fully compatible with shared hosting accounts. You can install it from your WordPress admin console, just like a regular plugin.

Does it work with Nginx?

NinjaFirewall works with Nginx and others Unix-based HTTP servers like Apache and LiteSpeed as long as they support the auto_prepend_file PHP directive (either in PHP INI or .htaccess files).

Do I need to alter my PHP scripts?

You do not need to make any modifications to your scripts. NinjaFirewall hooks all requests before they reach your scripts. It will even work with encoded scripts (ionCube, ZendGuard, SourceGuardian etc).

Will NinjaFirewall detect the correct IP of my visitors if I am behind a CDN service like Cloudflare or Incapsula?

If you are using NinjaFirewall (WP+ Edition), you can modify the source IP from the "Access Control > Source IP" menu. If you are using NinjaFirewall (WP Edition), you can use an optional configuration file to tell NinjaFirewall which IP to use. Please follow these steps.

How can I restrict access to NinjaFirewall settings and menu?

See our blog article: Restricting access to NinjaFirewall (WP Edition) settings.

I moved my wp-config.php file to another directory. Will it work with NinjaFirewall?

Just like WordPress does, NinjaFirewall will look for the wp-config.php script in the current folder or, if it cannot find it, in the parent folder.

Will it slow down my site?

Your visitors will not notice any difference with or without NinjaFirewall. From WordPress administration console, you can click on "NinjaFirewall > Statistics" menu to see the benchmarks and statistics (the fastest, slowest and average time per request). NinjaFirewall is very fast, optimised, compact, requires very low system resources and outperforms other security plugins.
By blocking dangerous requests and bots before WordPress is loaded, it will save bandwidth and reduce server load.

Is there a Microsoft Windows version?

NinjaFirewall works on Unix-like servers only. There is no Windows version and we do not expect to release any.

Can I add/write my own security rules?

You can use the optional .htninja configuration file for that purpose.

Can I migrate my site(s) with NinjaFirewall installed?

In order to migrate your site, you must follow these steps:

  1. Export your NinjaFirewall configuration from the "Firewall Options" menu.
  2. With your FTP client, download its log and cache folder located in /wp-content/nfwlog/.
  3. Uninstall NinjaFirewall.
  4. Migrate your site.
  5. Upload its /wp-content/nfwlog/ folder to your new site (unless you already copied it during the blog migration).
  6. Install NinjaFirewall.
  7. Reimport its configuration from the "Firewall Options" menu.
Note that "File Check" configuration cannot be exported/imported.