Beschreibung

For over 9 years Security Ninja has helped thousands site owners like you to feel safe. Run 50+ security tests in an instant & discover issues you didn’t even know existed. Help yourself now with Ninja’s simplicity & ease of use.

NEW: Vulnerability scanner – Warns you if you have plugins with known vulnerabilities installed.

Automatically block 600+ million bad IPs with one click! Security Ninja Pro Cloud Firewall will help you stay one step ahead of bad guys by using the collective know-how of millions of attacked sites, and ban bad guys before they even open your site.

Read more about Pro features on the Security Ninja website

perform 50+ security tests with one click
Security Ninja does not make any changes – it’s your site, you have full control
check your site for security vulnerabilities, issues & holes
take preventive measures against attacks
don’t let script kiddies hack your site
prevent 0-day exploit attacks
optimize and speed-up your database
every test is explained, documented and instructions provided on how to fix problems
tests include:
- brute-force attack on user accounts to test password strength
- numerous installation parameters tests
- file permissions
- version hiding
- 0-day exploits tests
- debug and auto-update modes tests
- database configuration tests
- Apache and PHP related tests
- WP options tests
complete list of tests:
- Check if WordPress core is up to date
- Check if automatic WordPress core updates are enabled
- Check if plugins are up to date
- Check if there are deactivated plugins
- Check if active plugins have been updated in the last 12 months
- Check if active plugins are compatible with your version of WP
- Check if themes are up to date
- Check if there are any deactivated themes
- Check if full WordPress version info is revealed in page’s meta data
- Check if readme.html file is accessible via HTTP on the default location
- Check if license.txt file is accessible via HTTP on the default location
- Check if REST API links are displayed in page’s meta data
- Check the PHP version
- Check the MySQL version
- Check if server response headers contain detailed PHP version info
- Check if expose_php PHP directive is turned off
- Check if user with username „admin“ and administrator privileges exists
- Check if „anyone can register“ option is enabled
- Check user’s password strength with a brute-force attack
- Check for display of unnecessary information on failed login attempts
- Check if database table prefix is the default one
- Check if security keys and salts have proper values
- Check the age of security keys and salts
- Test the strength of WordPress database password
- Check if general debug mode is enabled
- Check if database debug mode is enabled
- Check if JavaScript debug mode is enabled
- Check if display_errors PHP directive is turned off
- Check if WordPress installation address is the same as the site address
- Check if wp-config.php file has the right permissions (chmod) set
- Check if install.php file is accessible via HTTP on the default location
- Check if upgrade.php file is accessible via HTTP on the default location
- Check if register_globals PHP directive is turned off
- Check if PHP safe mode is disabled
- Check if allow_url_include PHP directive is turned off
- Check if plugins/themes file editor is enabled
- Check if uploads folder is browsable by browsers
- Test if user with ID “1” and administrator role exists
- Check if Windows Live Writer link is present in pages’ header data
- Check if wp-config.php is present on the default location
- Check if MySQL server is connectable from outside with the WP user
- Check if EditURI link is present in pages’ header data
- Check if TimThumb script is used in the active theme
- Check if the server is vulnerable to the Shellshock bug #6271
- Check if the server is vulnerable to the Shellshock bug #7169
- Check if admin interface is delivered via SSL
- Check if MySQL account used by WordPress has too many permissions
- Test if a list of usernames can be fetched by looping through user IDs on http://siteurl.com/?author={ID}
- Check if server response headers contain Strict-Transport-Security
- Check if server response headers contain X-XSS-Protection
- Check if server response headers contain X-Frame-Options
- Check if server response headers contain X-Content-Type-Options
- Check if server response headers contain Content-Security-Policy
- Check if server response headers contain Strict-Transport-Security
- Check for unwanted files in your root folder you should remove

Security Ninja PRO has extra features: Firewall, Block Suspicious Page Requests, Country Blocking, Core Scanner, Malware Scanner, Auto Fixer for some of the tests, Events Logger & Scheduled Scans.

An all-in-one security solution for any site. With premium support and continuous updates Security Ninja Pro is a perfect tool to keep your site safe. See what the PRO version offers

Add your suggestions to the public roadmap or vote for your favorite new feature.

What others say about the plugin

License info

jQuery Cookie Plugin, Copyright 2013 Klaus Hartl
The vulnerability scanner uses data from the National Vulnerability Database – NVD

Screenshots

Fast & easy to understand interface
Security Ninja test results are simple and easy to read
Every test has a detailed explanation and instructions on how to fix the problem
Vulnerable plugins list with details and recommendations.

Installation

Installing from WordPress

Open WordPress admin, go to Plugins, click Add New
Enter „Security Ninja“ in search and hit Enter
Plugin will show up as the first on the list, click „Install Now“
Activate & go to Tools – Security Ninja to make your site more secure

Installing Manually

Download the plugin.
Unzip it and upload to wp-content/plugin/
Open WordPress admin – Plugins and click „Activate“ next to the plugin
Activate & go to Security Ninja to make your site more secure

FAQ

Who is this plugin for?

For anyone who wants to make their site more secure and prevent downtime due to hackers

Will this plugin slow my site down?

Absolutely not. You may experience a slight slow down while tests are being run but that takes less than a minute.

Will it work on my theme?

Sure! Security Ninja works with all themes.

What changes will Security Ninja make to my site?

None! Security Ninja will just give you the test results and suggest corrective measures with precise instruction. It will not make any changes to your site.

Is this plugin safe to use?

Of course. It’s a reporting-only tool. It doesn’t make any changes to your site.

Is this plugin legal to use?

Yes. It’s your site you can do whatever you want with it. Running tests on other people’s sites is illegal but Security Ninja can only perform tests on the WordPress page it’s installed on.

It’s not working!!! Arrrrrrrrr

We did our very best to make Security Ninja compatible with all plugins and themes, but problems can still happen. Here are a few places to get help:

Plugin Documentation

Help and support

You can also check out the community support – head over to the support forum open a new thread, and we’ll help you ASAP.

Rezensionen

iejuan23 9. Januar 2020

Excelente complemento, gracias por este complemento. Lo recomiendo

lefernandezr 8. Januar 2020

Great Plugin

anthonychaussin 2. Januar 2020

Very good plugin, very efficient to avoid basic attacks. it is a minimum for the good health of your site!

simus51 29. November 2019

I've had the premium version of the plugin for over a year. It's really improved over this time, with additional tests and new features. I think it's well worth the money. I use it on all my sites. Support has also been great whenever I needed it.

Rosenstand 27. Oktober 2019

This is the plugin to make your WP safe - and then some. I have managed to limit scraping to almost zero with the super easy "Block country" function. Honestly I was a little skeptic at first due to the low price compared to the comprehensive list of functions. But look and behold: Sometimes it IS possible to get the best for less 🙂 P.S.: Outstanding and fast support!

vuk04 19. April 2019

Super useful, would recommend! 🙂

Lies alle 26 Rezensionen

Mitwirkende & Entwickler

„Security Ninja – WordPress Security Plugin“ ist Open-Source-Software. Folgende Menschen haben an diesem Plugin mitgewirkt:

„Security Ninja – WordPress Security Plugin“ wurde in 1 Sprache übersetzt. Danke an die Übersetzerinnen und Übersetzer für ihre Mitwirkung.

Übersetze „Security Ninja – WordPress Security Plugin“ in deine Sprache.

Interessiert an der Entwicklung?

Durchstöbere den Code, sieh dir das SVN Repository an oder abonniere das Entwicklungsprotokoll per RSS.

Änderungsprotokoll

5.83

2020/01/28
Fixed wording in the two tests for the Shellshock bug. Thank you Ivan.
New email template for issues with Outlook email rendering.
124,228 downloads

5.82

2020/01/23
Vulnerability list now also checks WordPress version and shows known vulnerabilities.
Vulnerability scanner: Improved recommendations and visuals.
122,400 downloads

5.81

2020/01/20
Improved Vulnerabilities module.
120,713 downloads

5.80

2020/01/15
Introducing Vulnerabilities checking for all users. This module keeps an eye on known vulnerable plugins on your site and warns you if there is a potential problem.
Update dependencies, Monolog 1.25.1 -> 1.25.3 and psr 1.1.0 -> 1.1.2
118,744 downloads

5.79

2020/01/05
Fix – Activation bug. Errors could occur and these would be logged to the database. This would fail if it happens before the tables were actually created. Thank you Cuong.
Fix – Whitelabel feature created a double plugin listing. Thank you Cuong and Jay.
116,049 downloads

5.78

2020/01/02
Improvements to feature „dangerous files in your root folder“ – Easier overview – added checks for more unwanted files
Better details on privacy and data sharing when you activate plugin.
Enriched opt-in and license activation forms.
Updated license and account system Freemius SDK to version 2.3.2
114,586 downloads

5.77

2019/12/25
Fix: Fixes for identifying license.txt and readme.html
Fix: Identifying correct installed MySQL version when using MariaDB.
112,555 downloads

5.76

Fix: Security recommendation from X-Content-Type-Options nosniff had wrong code, thank you Yasaf.
Fix: Whitelabel – Removing the plugin from list of active plugins if name was changed in whitelabel settings.

5.75

Fix: Core Scanner – Problem with localized versions of WordPress file detection – Thank you Cuong.
Fix: Whitelabel – The plugin name showed up in a message if core scans have not been run for a while. Thank you Jay.
Fix: Whitelabel – Remove plugin name from list of active plugins on „Debug“ page. Thank you Jay.

5.74

Fixes problem with malware definitions that were picked up as false positives by other security software.
Cleaning up old unused files that created warnings on some servers.
Minor styling changes to admin interface.

5.73.1

Fix bug with „ghost plugin“ when the Whitelabel is enabled. Thank you Cuong.
Updated Firewall bad query list.
Firewall – Fixed responsiveness in „Latest Firewall Events“.
Fix malware results list – missing whitelist and delete buttons. Thank you Chris

5.72

WordPress 5.3 compatibility
Security Tests – Added more checks for unwanted files.
Responsive view on mobile devices look much better. Thank you Cuong.
Fixed up Debug page – removed never-ending spinner and tweaked output to remove directory sizes. Thank you Cuong.
Reworked security tests overview to look better and more WordPress-like.
Fix: Malware Scanner – Error in JS code prevented tests to be completed on some systems. Thank you Cuong and everyone else reporting this bug.

5.71

FIX: Removed extra styling some plugin authors just load on all pages, which then messed up this plugin styling.
FIX: Scheduled Scans failed with Core Scanning enabled, due to recent structure change. Thank you Cuong.
FIX: The security test for incompatible plugins was not working properly. Thank you Cuong.
FIX: Debug page not working correctly with Whitelabel enabled – Thank you Cuong.
Fixed small visual issues – CSS styling.
Multiple email recipients for reports/alerts – Suggestion by Jose.
Minor language changes + internationalization work for translators.

5.70

2019/11/07
NEW: Security test: Check for files often found in root of website. Such as SQL database dump files, phpinfo.php, *.bak files etc.
FIX: Malware Scanner download latest definitions.
99,638 downloads

5.69

2019/11/05
New: Added Debug page.
Security Tests: Removed Wordfence warning – No longer needed.
Core Scanner: Fixed problem with local WP versions not being found – Thank you Yodana 🙂
Updated language files.
Fix: „Your IP address is“ in admin showed wrong IP.
98,226 downloads

5.68

2019/11/01
Fix: Visual bug on some tabs.
Fix: The Firewall and Cloudflare did not play well together. Thanks Chandra, Atley and Yasaf 🙂
New: Firewall – Automatically whitelists any new IP from where an admin is logged in.
Fix: Events IP were sometimes not logged properly, now uses same code as Firewall module.
97,382 downloads

5.67

2019/10/31
Rearranged interface, made more space for new features coming up 😉
NEW: Firewall – Turn cloud firewall on/off
Fix: Core Scanner – Fixed unknown error popup and improved error messages for easier debugging.
Fix: Core Scanner – Fix error where checksums for a particular locale was not available by WordPress.
Fix: Firewall – Fixed too agressive blocking – IP blocking routines.
Fix: Firewall – Better visitor logging. Some visits were not registered in the log.
Cleaned up JS code.
96,366 downloads

5.66

2019/10/29
Fix: Removed debug output in JavaScript console.
Fix: Minor language and CSS styling changes.
Fix: Pro – Malware scan sometimes got stuck.
94,923 downloads

5.65

2019/10/26
New: Check for Content Security Policy header. It can be tricky to configure this one, read instructions carefully.
Improved suggestions for some of the security headers.
Minor adjustment to interface, preparing for upcoming WordPress 5.3 admin style changes.
New: Firewall – You can now manually blacklist IPs!
New: Firewall – Country name alt tag when hovering over a flag.
New: Firewall – Added Latest visitors log.
New: Firewall – Blocked requests and whitelisted visitors are easily visible in the visitor log.
New: Firewall – Made all stat sections collapsible on firewall page = less crowded interface.
New: Whitelabel – Change Plugin name, description, the author name and URL as well as the the menu icon.
Fix: Hides Whitelabel tab when Whitelabel enabled.
Minor improvements to whitelabel options.
Minor improvements to API integration.
93,450 downloads

5.64

2019/10/20
Fix: Not automatically updating all databases and files when updating.
Fix: PHP notices – Undefined index – Thank you Ivar 🙂
Fix: Removed debug error_log() notices in code.
Fix: Suspicious request details were not added to the log.
Whitelabel tab added.
91,578 downloads

5.63

2019/10/15
WordPress Multisite compatible.
Tested WP 5.2.4 compatible.
NEW: Checks for Strict Transport Security (HSTS) security header.
NEW: Checks for security header „X-XSS-Protection“.
NEW: Checks for security header „X-Frame-Options“.
NEW: Checks for security header „X-Content-Type-Options“.
Fix problem with .htaccess code for blocking username enumeration. Thank you David 🙂
Fix problem clicking arrow in results list opened and then closed the result details. Thank you Thomas 🙂
Added more inline help on Core Scanner page.
Updated 3rd party library – Freemius SDK to 2.3.1
More details shown for blocked suspicious requests.
89,418 downloads

5.62

2019/10/03
Security Tests – Added check for if license.txt exists.
Fixed minor bugs in JavaScript code.
Auto Fix – Remove license.txt if exists.
Firewall – Added direct link to VirusTotal details lookup for IPs. Thank you Jose.
Event Log – Rotating syslog can now be set to 7 or 30 days. Thank you Jose.
86,242 downloads

5.61

2019/09/27
Security Tests – Reworked the way the scan works – See which tests are being made.
Security Tests – Added timer showing the progress.
Security Tests – Added error notices in case a test causes problems with the scans.
Event Logger – Improved syslog integration, get detailed event logging for use with Splunk or other Security information and event management (SIEM) systems.
Whitelabel still in beta – Improvements – hiding plugin from list – Thanks Jay.
Scheduled Scanner – Fixes „Unknown Error“ and e-mails now include details about what changed – Thank you Thomas 🙂
84,143 downloads

5.60

2019/09/23
BUGFIX: Getting country ISO code could end up in PHP Error „Call to undefined function“ – Thank you Thomas 🙂
Beta: Event logging to rotating 7-day syslog files in wp-content/uploads/security-ninja/logs/ – Thank you Jose 🙂
81,876 downloads

5.59

2019/09/21
This update introduces a couple of improvements to the security tests and a couple of minor fixes.
Thank you all for bug reports and suggestions! Check out the public roadmap here: https://trello.com/b/6qxtAlzY/wp-security-ninja-public-roadmap
FIX: Security Testing – Fixed bug in detecting EditURI XML-RPC is disabled. Thank you Thomas 🙂
FIX: Security Testing – Autofixer now properly blocks EditURI and also access to
FIX: Core Scanner: Fix false positive with renamed install.php and upgrade.php
Security Testing – Changed suggestion for readme.html, install.php and upgrade.php
Improvement: Security Testing – Auto Fixer – Delete install.php and upgrade.php instead of renaming.
Updated browser detection routines – Thanks Jay 🙂
Malware Scanner – Improved the core WP checksum scanning.
Whitelabel feature now in beta testing 🙂
80,553 downloads

5.58

2019/09/15
Warning if running Security Scans with less than PHP 7
Fixed some options not getting deleted when deleting plugin.
78,396 downloads

5.57

2019/09/12
Added warning for potential conflict with Anti-Spam by CleanTalk. Thank you Courtney for the report.
Bugfix – Tests not always loading properly with different user capacities.
Readme update – added video and more tests.
76,958 downloads

5.56

2019/09/10
Bugfix – Security tests not working properly in some environments.
Added instructions for fixing „Check if the REST API links are shown in code“.
75,392 downloads

5.55

2019/09/08
Minor fixes in JavaScript code.
Cleaned up plugin code.
Added more strings for translators.
73,947 downloads

5.54

2019/09/06
Fix – Security tests popups with details not working.
NEW: Added test if REST API links are visible in the header.
72,766 downloads

5.53

2019/09/05
Tested with WP 5.2.3.
Attempted a fix for loading JS code when other plugins have faulty code. Thank you Vanessa.
Removed noticed regarding Security Ninja Pro not on official wordpress.org repository. Thank you Ivar.
Removed script, jQuery.ScrollTo – not used anymore.
Cleaned up JS code.
71,672 downloads

5.52

2019/08/29
Fix – Admin notices could sometimes break internal admin pages from showing correctly.
Removed language files from plugin.
69,202 downloads

5.51

2019/08/27
Minor language updates and small bugfixes.
67,868 downloads

5.50

2019/08/23
Major rewrite and a lot of new features added.
Started making plugin translatable.
Malware Scanner – Plugin integrity checker is more accurate and reports fewer false positives.
Bumped version from 2.x to 5.50 – Aligning free and pro version numbers.
More userfriendly for new users with tips in the admin interface.
More inline help on relevant pages.
New: Getting started tips – Notices that informs you of next steps.
Malware: Updated whitelists
Fixes problem with databases not created properly.
New cached JSON folders are removed on deactivation
NEW: Plugin Integrity check – validate installed plugins against wordpress.org API.
Moved WordFence warning to „Security Tests“ tab only.
Nicer emails in „Your secret access link“
Improved: Emails sent by Scheduled Scanner are much nicer looking and more informative.
Better logging blocked login attempts.
Firewall – New: Top countries. See which countries are bringing the most traffic.
Fix for database tables not always being created when updating from Free to Pro.
Firewall – fixed empty results showing up.
More details on why a visitor is blocked in the log.
New: Malware Scanner – View whitelisted files.
New: Core Scanner – Detects unknown files in core folders.
New: Core Scanner – Find leftover files from older WordPress installations.
New: Core Scanner – Delete unwanted files individually or all unknown files.
New: Firewall – Country blocking, useful if you get a lot of bad traffic from specific countries.
New: Firewall – Top visitors log kept for the last 30 days. Discover top visitors and use to decide on which IPs or countries to block.
New: Firewall – Logging individual visits per IP
New: Firewall – Suspicious requests are blocked – based on the great BBQ: Block Bad Queries by Jeff Starr.
New: Firewall – Redirect blocked visitors – You can show a message or redirect blocked visitors to another website.
Design overhaul to get closer to WP look and feel.
Updated 3rd party libraries, Select2
66,070 downloads

2.50

2019/02/25
fix: deactivated themes test
56,100 downloads

2.46

2018/10/17
fix: MySQL version test
47,700 downloads

2.45

2018/06/11
new test: usernames lookup via user ID
41,000 downloads

2.40

2018/04/10
we hit 10k installs on March 14th
bug fixes
introduced the Cloud Firewall
discount for old users

2.35

2017/12/25
added Malware Scanner with hidden results

2.30

2017/12/08
bug fixes
added Database Optimizer tab

2.25

2017/10/10
bug fixes

2.20

2017/05/19
fixed 3 tests
bug fixes
lower PRO price

2.15

2016/12/08
5 new tests
tests tab removed – details are now available in a lightbox from the main tab
bug fixes

2.10

2016/10/13
Security Ninja PRO is now available
minor bug fixes

2.05

2016/09/05
added action that fires on remote access change (disable/enable/reset)
added license.txt
we passed 5000 active installs

2.0

2016/08/30
initial release on wp.org
plugin transferred from CodeCanyon to WordPress.org
license changed to GPLv2

1.0

2011/09/27
initial release on CodeCanyon

WordPress.org

Deutsch

Felicitaciones

Exelent

Great !

Really gotten good

My Absolute Favorite for Security

Superb plugin