Security Ninja – WordPress Security Plugin & Firewall
| 开发者 |
lkoudal
cleverplugins freemius |
|---|---|
| 更新时间 | 2026年1月28日 07:23 |
| 捐献地址: | 去捐款 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 6.9 |
| 版权: | GPLv3 |
| 版权网址: | 版权信息 |
标签
下载
5.214
5.154
5.78
5.178
5.183
5.144
5.149
5.150
5.151
5.79
5.100
5.215
5.188
5.129
5.161
5.163
5.169
5.239
5.240
5.198
5.143
5.200
2.25
2.30
2.35
2.40
2.50
5.104
5.106
5.108
5.110
5.111
5.112
5.113
5.114
5.114.1
5.50
5.51
5.52
5.53
5.54
5.55
5.56
5.57
5.192
5.148
2.05
2.20
5.141
5.60
5.77
5.62
5.63
5.64
5.65
5.66
5.67
5.69
5.71
5.72
5.75
5.76
5.80
5.81
5.82
5.84
5.85
5.86
5.87
5.88
5.89
5.90
5.91
5.92
5.93
5.95
5.96
5.97
5.98
5.99
5.70
5.83
5.94
5.116
5.118
5.119
5.176
5.179
2.10
2.15
5.160
5.263
2.46
5.115
5.117
5.120
5.121
5.122
5.123
5.124
5.58
5.59
5.195
5.159
5.199
5.152
2.0
2.45
5.101
5.102
5.103
5.125
5.136
5.138
5.139
5.61
5.140
5.134
5.135
5.142
5.145
5.133
5.146
5.258
5.147
5.173
5.153
5.157
5.156
5.157.1
5.158
5.162
5.196
5.184
5.189
5.190
5.241
5.197
5.244
5.259
5.203
5.206
5.207
5.211
5.208
5.211.1
5.212
5.213
5.221
5.219
5.220
5.222
5.236
5.237
5.225
5.229
5.230
5.235
5.242
5.243
5.261
详情介绍:
Protect your WordPress website from hackers, malware, and security vulnerabilities with Security Ninja, a trusted WordPress security plugin since 2011. This all-in-one security solution safeguards your site with 50+ security tests, malware scanning, a firewall, brute force attack protection, and real-time vulnerability detection.
Security Ninja Plugin proactively identifies security risks, ensuring your WordPress website stays secure without slowing it down. With features like automated security scans, login protection, IP blocking, and two-factor authentication (2FA), it provides comprehensive website protection against cyber threats.
Whether you're a beginner or an advanced user, Security Ninja is designed for effortless WordPress security management, keeping your site safe while you focus on growing your business. Install today and take control of your website's security!
This plugin can be downloaded for free without any paid subscription from the official WordPress repository.
Why Choose Security Ninja? – The Ultimate WordPress Security Plugin
- Comprehensive Security Testing – Run 50+ WordPress security tests to detect vulnerabilities before hackers exploit them.
- Enhanced Vulnerability Scanner – Stay ahead of emerging threats with proactive alerts for vulnerabilities.
- Core Scanner - Find and remove modified and unwanted files in your WordPress core files.
- Advanced Malware Scanner (PRO) – Identify and remove malicious code, hidden threats, and suspicious files instantly.
- Powerful Firewall Protection (PRO) – Block brute-force attacks, unauthorized logins, and suspicious IPs with real-time security.
- Secure Login & 2FA (PRO) – Strengthen your WordPress login page with Two-Factor Authentication (2FA) and login attempt limits.
- Cloud-Based Threat Intelligence (PRO) – Stay ahead of cybercriminals with real-time updates on the latest security threats.
- One-Click Security Fixes (PRO) – Fix security issues instantly with an easy-to-use, beginner-friendly dashboard.
- Automated Security Scans & Reports (PRO) – Schedule scans and get detailed reports sent to your inbox.
- Activity Log & User Tracking (PRO) – Track all user actions on your WordPress website with a detailed activity log and receive alerts for suspicious activity.
- Brute-force protection – Blocks unauthorized login attempts to prevent forced entry.
- File integrity monitoring – Detects unauthorized changes to WordPress core files, themes, and plugins.
- Database security checks – Identifies weak database permissions and potential SQL injection threats.
- User role audits – Ensures no unauthorized administrator accounts exist.
- Security misconfiguration scans – Identifies and fixes weak settings that could compromise security.
- Stay Ahead of Threats – Our vulnerability scanner proactively alerts you to known vulnerabilities, allowing you to address potential threats before they exploit your website.
- Comprehensive Protection – Security Ninja not only checks and warns for common issues but also checks for known vulnerabilities in plugins and themes.
- Peace of Mind – Knowing your site is monitored for the latest vulnerabilities means you can focus on what matters most, growing your business and creating content, worry-free.
- Full Core File Integrity Check: Every file in your core WordPress folders is scanned to ensure it hasn't been modified or compromised.
- Detection of Unknown Files: The scanner flags any extra or unknown files in your core WordPress directories, alerting you to potential threats.
- Built-in File Viewer: Review flagged files directly within your WordPress dashboard using the integrated file viewer for a clear and easy inspection.
- Restore Core Files: If a core WordPress file has been altered, you can quickly restore it with a single click, ensuring your site is running the official version.
- Easy File Management: For unknown or suspicious files, you have the option to delete them right from the interface, keeping your WordPress installation clean and secure.
- Malicious scripts and backdoors – Identifies hidden malware and harmful injections.
- Trojan and virus detection – Scans for suspicious PHP and JavaScript entries.
- One-click malware removal – Instantly quarantine and delete infected files.
- Real-time protection – Prevents malicious traffic and automated hacking attempts.
- IP & Country Blocking – Restrict access from high-risk countries and blacklisted IPs.
- Cloud-Based Threat Intelligence – Updated with the latest security threats.
- Two-Factor Authentication (2FA) – Requires additional verification for safer logins.
- Brute-force attack protection – Limits failed login attempts to block unauthorized access.
- Rename login - Getting a lot of requests to your login form? Hide it for spammers.
- Disable XML-RPC – Blocks common DDoS attacks and brute-force exploits.
- Restrict file editing – Prevents unauthorized theme and plugin modifications.
- Hide PHP error messages – Stops hackers from exploiting sensitive error details.
- Monitor failed login attempts, plugin activations, file changes, and user actions.
- Receive email alerts whenever suspicious activity is detected.
- Export security logs for audits and compliance reports.
- The plugin includes webhook functionality so you can integrate with any other 3rd party service, maybe send updates in the company Slack channel when a hack attempt was thwarted?
- Set up daily, weekly, or monthly security scans.
- Receive email alerts about vulnerabilities and malware infections.
- Analyze detailed reports to keep your website secure.
- Fake registrations and spam comments – Stops bots from even getting to your site.
- Malicious bot attacks – Blocks scripts attempting to hack your site.
- Unwanted traffic – Reduces server load by preventing unnecessary bot access.
安装:
Installing from WordPress
- Open WordPress admin, go to Plugins, click Add New
- Enter "Security Ninja" in search and hit Enter
- Plugin will show up as the first on the list, click "Install Now"
- Activate & go to Tools - Security Ninja to make your site more secure
- Download the plugin.
- Unzip it and upload to wp-content/plugin/
- Open WordPress admin - Plugins and click "Activate" next to the plugin
- Activate & go to Security Ninja to make your site more secure
屏幕截图:
常见问题:
Who is this plugin for?
Security Ninja is perfect for anyone looking to bolster their site's defenses against hackers and ensure robust security.
Will this plugin slow down my site?
No significant slowdown occurs. You might notice a brief slow down during scanning, lasting less than a minute.
Will it work with my theme?
Yes, Security Ninja is designed to be compatible with all themes, ensuring wide-ranging applicability.
What changes will Security Ninja make to my site?
Security Ninja performs diagnostics and offers recommendations without making any direct changes to your site.
How safe is this plugin?
Absolutely safe. It functions solely as a diagnostic tool, providing insights without altering your site.
Is using Security Ninja legal?
Yes, it's completely legal for your own site. It's designed to run tests on the site where it's installed, aiding in your site's security enhancement.
What if I encounter issues with the plugin?
While we strive for universal compatibility, if you face any issues, our support team is ready to assist. Visit our support forum to open a new thread, and we'll help you as soon as possible.
更新日志:
5.263
- 2026-01-
- Improved bandwidth usage getting vulnerabilities for all users.
- Improved: Vulnerability scanner now reads vulnerability feeds in a streaming, memory-efficient way to reduce peak memory usage.
- 2026-01-20
- NEW: Free users now benefit from the firewall based on the excellent 8G Firewall by Jeff Star.
- NEW: Events logger now part of free version, basic event monitoring and logging for your site. More advanced tracking in premium version available.
- NEW: Core Scanner - Added ability to ignore specific files and patterns from scan results using the securityninja_core_scanner_ignore_files filter. Ignored files are displayed in a separate section for transparency. https://wpsecurityninja.com/docs/core-scanner/how-to-ignore-files/ - Thank you Gary.
- IMPROVED: Events Logger - All modules are now included in email reports by default. Users can deselect specific modules in settings.
- FIX: Events Logger - Prevented excessive memory usage by skipping translation hooks and reducing repeated license checks during audit logging.
- NEW: Quick firewall stats in the sidebar.
- Improved: Added 'php_errorlog' to the list of allowed files to view by the file viewer.
- Improved: Added firewall events to the overview page for free users.
- FIX: Fixed CIDR notation matching in IP whitelist - CIDR ranges like 94.247.216.0/21 now correctly match IPs within the range (e.g., 94.247.221.129). Thank you Dirk.
- FIX: 2FA generation now uses your site's URL—rather than the site name—for labeling in authenticator apps, ensuring greater clarity and consistency.
- FIX: Refactor local request check in Wf_Sn_Tests class by introducing a dedicated method. Thank you Jean.
- Tested up to WP 6.9
- 2025-11-17
- Fixed: 2FA - Changed key name format from "site_url (username):email" to "site_url:username" - Thank you Davina.
- Fixed: Compatibility warning with WordPress 6.7 regarding translation loading timing
- Fixed: Server security restriction warning when checking wp-config.php file location
- Fixed: Fixed critical bug where database prefix changer added an extra underscore when updating wp-config.php, causing WordPress to look for non-existent tables with double underscores (e.g., wp_12345__posts instead of wp_12345_posts). Thank you Tchai.
- Fixed: Database prefix changer to properly update option names and meta keys when changing from custom prefixes (not just "wp_").
- IMPROVED: Database prefix changer now works with any prefix, not just the default "wp_". Can now rename tables when changing from one custom prefix to another. All plugin tables are automatically included in the renaming process.
- 2025-11-12
- NEW: Failed login email warnings - administrators receive email notifications when someone attempts to log in with their username and fails. Can be enabled in Login Form Protection settings.
- NEW: Admin IPs are automatically whitelisted on plugin activation and successful admin login to prevent administrators from being blocked. Thank you Val.
- FIX: Fixed country blocking to respect "only block backend" setting when enabled. Thank you Guru for the tip.
- IMPROVED: Secret access URL processing has been moved up in the request cycle to make sure IP whitelisting happens before any ban checks, so blocked visitors should be able to get back on the site more reliably.
- IMPROVED: wp-config.php backups are stored in encrypted format (AES-256-CBC) to ensure data security. Each backup uses a unique encryption key and initialization vector. This was introduced in a previous release, but was not added to the changelog.
- Update 3rd party libraries - Freemius SDK 2.13.0 among others.
- 2025-11-07
- IMPROVED: Made the dashboard widget visible when white label mode is enabled. Previously the widget was hidden instead. Thank you for the suggestion, Dmitry.
- IMPROVED: Added count-based limit (5000 entries) to visitor log pruning to prevent database bloat on high-traffic sites.
- IMPROVED: Removed deprecated X-XSS-Protection header from REST API - modern browsers ignore this header and Content-Security-Policy is the recommended replacement. Thank you Dmitry for the suggestions.
- IMPROVED: More information on CSP in our knowledgebase.
- FIX: Fixed typo in Permissions-Policy description (explitly → explicitly).
- FIX: Updated Permissions-Policy documentation link from Feature-Policy to Permissions-Policy URL.
- FIX: Corrected Nginx example in Content-Security-Policy test descriptions (was showing X-Frame-Options instead of CSP).
- Preparing for plugin rewrite -> improving the free version and streamlining the premium and free feature set.
- 2025-11-06
- NEW: Enhanced username enumeration protection - Now prevents username discovery via REST API /wp-json/wp/v2/users endpoint and oEmbed API, in addition to existing ?author=N scan protection. Thanks Allen.
- 2025-10-22
- Removed duplicate 2FA login requests to prevent error flashes. Thanks to Eric for spotting this.
- Added try-catch to prevent problems with corrupted IP location database, thank you Wan.
- 2025-10-09
- Fix for recommendation engine "wp-config.php not found in the wordpress root directory" - now properly checks for when the config file has been moved up on level. Thank you Eric.
- Fix - 2FA email, user reported emails were sent twice with two different codes. Thank you Eric.
- Improved 2FA setup page stability and performance across different WordPress configurations.
- 2FA - naming of the accounts are now a little more intuitive. Thank you Davina.
- NEW: Added XML-RPC protection feature. This update enhances your site's security by allowing you to easily enable or disable XML-RPC access.
- Improved: Malware signatures tweaked and improved, thank you users for suggestions.
- NEW: Add secret key display and copy functionality to 2FA module in frontend and backend. Allowing users to easier add the key to their system.
- FIX: Installation issues that pop up occasionally has been fixed.
- FIX: Timezone on Overview page was incorrect, thank you for spotting Ivar.
- FIX: Resolved JavaScript conflicts that prevented 2FA functionality from working with ARMember and other plugins
- FIX: 2FA QR code/key generation now works reliably across all site configurations, even if other scripts have errors. "Skip for now" link, "Generate new QR code" button, code input validation, and temporary secret usage during setup all function correctly.
- FIX: 2FA setup UI and logic are now robust—QR code generation.
- IMPROVED: Enhanced 2FA JavaScript with robust error handling and DOM ready protection
- IMPROVED: Added inline JavaScript handlers as fallback to ensure 2FA works even when external scripts fail
- IMPROVED: Better error messages and user feedback during 2FA setup process
- NEW: Setting up 2FA for users in admin pages
- Fix for coupon protection in WooCommerce modern block cart and checkout page - Thank you Priit.
- Fixes for REST API warnings.
- Updated internal libraries (PHP enums, WordPress SDK, and PHP_CodeSniffer tooling) to latest patch versions for improved stability, coding standards checks, and compatibility. No breaking changes.
- Fix: Removed extra whitespace in "import/export".
- Fix: Improved "Fixes" features proper loading when doing import/export.
- Remove translated messages for errors logging in, creating a loop trying to present translated messages using WP's translation engine.
- Fix: Fixed database prefix renaming to properly handle option names containing embedded prefixes. Thank you Chris!
- Enhanced: Improved custom login URL security with proper access control and error handling ...