Scans for vulnerabilities, detects risky plugins, and guides you how to secure your site against hackers.
This plugin can be downloaded for free without any paid subscription from the official WordPress repository.
Get started in minutes:
For over a decade, Security Ninja has been the guardian of thousands of websites, empowering site owners like you to navigate the digital space with confidence. Instantly run 50+ security tests to uncover hidden issues, ensuring your website’s integrity and security. Embrace Ninja’s simplicity and ease of use to fortify your site’s defenses effortlessly.
Enhanced Vulnerability Scanner
– Stay Ahead of Threats: Our vulnerability scanner proactively alerts you to known vulnerabilities, allowing you to address potential threats before they exploit your website.
– Comprehensive Protection: Security Ninja not only checks and warns for common issues but also checks for known vulnerabilities in plugins and themes.
– Peace of Mind: Knowing your site is monitored for the latest vulnerabilities means you can focus on what matters most—growing your business and creating content, worry-free.
Join thousands of satisfied users who trust Security Ninja to keep their websites safe. Start protecting your online presence today and help yourself to peace of mind.
Install the FREE Security Ninja for MainWP Extension to get an overview of all websites you have installed Security Ninja on!
https://wordpress.org/plugins/security-ninja-for-mainwp/
Security Ninja – Your WordPress Guardian
Immediate Vulnerability Alerts: Get instant notifications about vulnerabilities to keep your website safe and secure.
Comprehensive One-click Security Audit: With just one click, perform over 50+ detailed security checks that scrutinize every corner of your site for security vulnerabilities and performance issues.
You’re in Command: Security Ninja respects your autonomy, providing insights and recommendations without making unsolicited changes to your site.
Holistic Security Evaluation: Comprehensive checks on everything from the WordPress core, plugins, and themes to ensure they are up-to-date and secure.
Proactive Defense Strategies: Equip yourself with the tools and knowledge to prevent attacks before they happen, safeguarding your site from potential threats.
Optimization Beyond Security: Improve your site’s performance with database optimization tips, ensuring a seamless experience for your users.
Knowledge Empowerment: Each test comes with an easy-to-understand explanation, documentation, and actionable steps to fix identified issues.
Customized Security Insights: Tailored security assessments to check critical updates and configurations specific to your WordPress setup for a personalized protection strategy.
Future-Proof Your Site: Stay ahead with tests that include the latest WordPress features and best practices for site security.
Prevent Unauthorized Access: Strengthen your defenses with checks designed to prevent weak passwords and unauthorized file access.
Secure Configuration Checks: Ensure your website is configured according to security best practices, from file permissions to security headers, for comprehensive protection against threats.
Enhance your website’s security, performance, and user experience with Security Ninja – your trusted partner in WordPress protection.
Security Ninja Pro has extra features: Firewall, Block Suspicious Page Requests, Country Blocking, Core Scanner, Malware Scanner, Auto Fixer for some of the tests, Events Logger & Scheduled Scans.
An all-in-one security solution for any site. With premium support and continuous updates Security Ninja Pro is a perfect tool to keep your site safe. See what the PRO version offers
Automatically block 600+ million bad IPs with one click! Security Ninja Pro Firewall will help you stay one step ahead of bad guys by using the collective know-how of millions of attacked sites, and ban bad guys before they even open your site.
Read more about Pro features on the Security Ninja website
What others say about the plugin
Tests
* The tests include:
* brute-force attack on user accounts to test password strength
* numerous installation parameters tests
* file permissions
* version hiding
* 0-day exploits tests
* debug and auto-update modes tests
* database configuration tests
* Apache and PHP related tests
* WP options tests
License info
The vulnerability scanner uses data from the National Vulnerability Database – NVD
This product includes IP2Location LITE data available from https://lite.ip2location.com.
This plugin uses the Persist Admin notice Dismissals by Collins Agbonghama @collizo4sky
You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team help validate, triage and handle any security vulnerabilities. Report a security vulnerability.
Security Ninja is perfect for anyone looking to bolster their site’s defenses against hackers and ensure robust security.
No significant slowdown occurs. You might notice a brief slow down during scanning, lasting less than a minute.
Yes, Security Ninja is designed to be compatible with all themes, ensuring wide-ranging applicability.
Security Ninja performs diagnostics and offers recommendations without making any direct changes to your site.
Absolutely safe. It functions solely as a diagnostic tool, providing insights without altering your site.
Yes, it’s completely legal for your own site. It’s designed to run tests on the site where it’s installed, aiding in your site’s security enhancement.
While we strive for universal compatibility, if you face any issues, our support team is ready to assist. Visit our support forum to open a new thread, and we’ll help you as soon as possible.
Content-Security-Policy
, Content-Security-Policy-Report-Only
, Strict-Transport-Security
, Referrer-Policy
, and Permissions-Policy
to support case-insensitive checks and identification of duplicate headers. Thank you Marcel.php_headers
function to check for sensitive server headers like x-powered-by
and x-debug-token
.php_headers
test to check not just for the presence of headers, but also for leaked information. Now, if the ‘Server’ header exists without detailed information, the test passes.deleteme.wp*.php
. For more details, visit: https://wpsecurityninja.com/docs/security-fixes/remove-unwanted-files/…
Entire changelog can be seen here: changelog