Security Ninja – WordPress Security Plugin


In over 7 years Security Ninja has helped thousands site owners like you to feel safe. Run 50+ security tests in an instant & discover issues you didn’t even know existed. Help yourself now with Ninja’s simplicity & ease of use.

Automatically block 600 million bad IPs with one click! Security Ninja PRO Cloud Firewall will help you stay one step ahead of bad guys by using the collective know-how of millions of attacked sites, and ban bad guys before they even open your site.

Test the plugin now on Security Ninja site or give us a shout on Twitter @WebFactoryLtd.

  • perform 50+ security tests with one click
  • Security Ninja does not make any changes – it’s your site, you have full control
  • check your site for security vulnerabilities, issues & holes
  • take preventive measures against attacks
  • don’t let script kiddies hack your site
  • prevent 0-day exploit attacks
  • optimize and speed-up your database
  • every test is explained, documented and instructions provided on how to fix problems
  • tests include:
    • brute-force attack on user accounts to test password strength
    • numerous installation parameters tests
    • file permissions
    • version hiding
    • 0-day exploits tests
    • debug and auto-update modes tests
    • database configuration tests
    • Apache and PHP related tests
    • WP options tests
  • more tests are coming with every update
  • complete list of tests:
    • Check if WordPress core is up to date
    • Check if automatic WordPress core updates are enabled
    • Check if plugins are up to date
    • Check if there are deactivated plugins
    • Check if active plugins have been updated in the last 12 months
    • Check if active plugins are compatible with your version of WP
    • Check if themes are up to date
    • Check if there are any deactivated themes
    • Check if full WordPress version info is revealed in page’s meta data
    • Check if readme.html file is accessible via HTTP on the default location
    • Check the PHP version
    • Check the MySQL version
    • Check if server response headers contain detailed PHP version info
    • Check if expose_php PHP directive is turned off
    • Check if user with username „admin“ and administrator privileges exists
    • Check if „anyone can register“ option is enabled
    • Check user’s password strength with a brute-force attack
    • Check for display of unnecessary information on failed login attempts
    • Check if database table prefix is the default one
    • Check if security keys and salts have proper values
    • Check the age of security keys and salts
    • Test the strength of WordPress database password
    • Check if general debug mode is enabled
    • Check if database debug mode is enabled
    • Check if JavaScript debug mode is enabled
    • Check if display_errors PHP directive is turned off
    • Check if WordPress installation address is the same as the site address
    • Check if wp-config.php file has the right permissions (chmod) set
    • Check if install.php file is accessible via HTTP on the default location
    • Check if upgrade.php file is accessible via HTTP on the default location
    • Check if register_globals PHP directive is turned off
    • Check if PHP safe mode is disabled
    • Check if allow_url_include PHP directive is turned off
    • Check if plugins/themes file editor is enabled
    • Check if uploads folder is browsable by browsers
    • Test if user with ID “1” and administrator role exists
    • Check if Windows Live Writer link is present in pages’ header data
    • Check if wp-config.php is present on the default location
    • Check if MySQL server is connectable from outside with the WP user
    • Check if EditURI link is present in pages’ header data
    • Check if TimThumb script is used in the active theme
    • Check if the server is vulnerable to the Shellshock bug #6271
    • Check if the server is vulnerable to the Shellshock bug #7169
    • Check if admin interface is delivered via SSL
    • Check if MySQL account used by WordPress has too many permissions
    • Test if a list of usernames can be fetched by looping through user IDs on{ID}

Security Ninja PRO has seven additional modules: Cloud Firewall, Core Scanner, Malware Scanner, Auto Fixer, Database Optimizer, Events Logger & Scheduled Scanner. They provide an all-in-one security solution for any site. With premium support and continuous updates Security Ninja PRO is a perfect tool to keep your site safe. See what the PRO version offers

What others say about the plugin

License info


  • Fast & easy to understand interface
  • Security Ninja test results are simple and easy to read
  • Every test has a detailed explanation and instructions on how to fix the problem


Follow the usual routine;

  1. Open WordPress admin, go to Plugins, click Add New
  2. Enter „Security Ninja“ in search and hit Enter
  3. Plugin will show up as the first on the list, click „Install Now“
  4. Activate & go to Tools – Security Ninja to make your site more secure

Or if needed, upload manually;

  1. Download the plugin.
  2. Unzip it and upload to wp-content/plugin/
  3. Open WordPress admin – Plugins and click „Activate“ next to the plugin
  4. Activate & go to Tools – Security Ninja to make your site more secure


Who is this plugin for?

For anyone who wants to make their site more secure and prevent downtime due to hackers

Will this plugin slow my site down?

Absolutely not. You may experience a slight slow down while tests are being run but that takes less than a minute.

Will it work on my theme?

Sure! Security Ninja works with all themes.

What changes will Security Ninja make to my site?

None! Security Ninja will just give you the test results and suggest corrective measures with precise instruction. It will not make any changes to your site.

Is this plugin safe to use?

Of course. It’s a reporting-only tool. It doesn’t make any changes to your site.

Is this plugin legal to use?

Yes. It’s your site you can do whatever you want with it. Running tests on other people’s sites is illegal but Security Ninja can only perform tests on the WP it’s installed on.

It’s not working!!! Arrrrrrrrr

We did our very best to make Security Ninja compatible with all plugins and themes, but problems can still happen. No worries, head over to the support forum open a new thread, and we’ll help you ASAP.


April 15, 2019
Free version is only good for a quick security check. My professional recommendation, find a different plugin or fork over the cash.
Oktober 20, 2018
but this might be due to my rather poorly resourced current hosting (with an I/O ceiling at 1MB/s) :/ So I cannot really give any stars - but this review is mainly to encourage a look at maybe tweaking this to be able to run on such somewhat underequipped environments also? If I ever get it to run I'll be glad to revisit this rating, of course.
August 5, 2018
This plugin says that have a "malware" but don't tell where, if you wanna know where is it you have to buy a Pro version.
Lies alle 22 Rezensionen

Mitwirkende & Entwickler

„Security Ninja – WordPress Security Plugin“ ist Open-Source-Software. Folgende Menschen haben an diesem Plugin mitgewirkt:




  • 2019/02/25
  • fix: deactivated themes test


  • 2018/10/17
  • fix: MySQL version test


  • 2018/06/11
  • new test: usernames lookup via user ID


  • 2018/04/10
  • we hit 10k installs on March 14th
  • bug fixes
  • introduced the Cloud Firewall
  • discount for old users


  • 2017/12/25
  • added Malware Scanner with hidden results


  • 2017/12/08
  • bug fixes
  • added Database Optimizer tab


  • 2017/10/10
  • bug fixes


  • 2017/05/19
  • fixed 3 tests
  • bug fixes
  • lower PRO price


  • 2016/12/08
  • 5 new tests
  • tests tab removed – details are now available in a lightbox from the main tab
  • bug fixes


  • 2016/10/13
  • Security Ninja PRO is now available
  • minor bug fixes


  • 2016/09/05
  • added action that fires on remote access change (disable/enable/reset)
  • added license.txt
  • we passed 5000 active installs


  • 2016/08/30
  • initial release on
  • plugin transferred from CodeCanyon to
  • license changed to GPLv2


  • 2011/09/27
  • initial release on CodeCanyon