前言介紹
- 這款 WordPress 外掛「NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall」是 2013-03-29 上架。
- 目前有 100000 個安裝啟用數。
- 上一次更新是 2025-04-11,距離現在已有 22 天。
- 外掛最低要求 WordPress 4.9 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 7.1 以上。
- 有 210 人給過評分。
- 論壇上目前有 11 個提問,問題解答率 64% ,不低,算是個很有心解決問題的開發者團隊了!
外掛協作開發者
bruandet | nintechnet |
外掛標籤
virus | malware | firewall | security | protection |
內容簡介
真正的網路應用防火牆
NinjaFirewall (WP Edition)是一個真正的網路應用防火牆。雖然它可以像外掛一樣安裝和設定,但它是一個獨立的防火牆,位於 WordPress 前面。
它允許任何網誌管理員受益於非常先進和強大的安全功能,通常在 WordPress 級別上不可用,而只有在安全應用程序中才有,例如 Apache 的ModSecurity 模塊或 PHP 的Suhosin 擴展。
NinjaFirewall 需要至少 PHP 5.6、MySQLi 擴展,並且僅與類 Unix 的操作系統(Linux、BSD)兼容。它不與 Microsoft Windows 兼容。
NinjaFirewall 可以勾鈎、掃描、處理或拒絕傳送到 PHP 腳本的任何 HTTP/HTTPS 請求,進入 WordPress 或其任何外掛之前。所有位於網誌安裝目錄和子目錄中的腳本都將受到保護,包括那些不屬於 WordPress 套件的腳本。甚至編碼的 PHP 腳本、黑客 shell 腳本和後門都將被 NinjaFirewall 過濾。
功能強大的過濾引擎
NinjaFirewall 包括 WordPress 外掛中最強大的過濾引擎。其最重要的功能是能夠規範和轉換來自傳入 HTTP 請求的數據,從而能夠檢測黑客使用的網路應用防火牆規避技巧和混淆策略,以及支援和解碼大量的編碼。請參閱我們的博客獲取完整描述:NinjaFirewall 過濾引擎介紹。
針對 WordPress 的最快和最有效的暴力攻擊防護
通過在您的網誌和其任何外掛之前處理傳入的 HTTP 請求,NinjaFirewall 是唯一一個能夠保護 WordPress 受到非常大型的暴力攻擊,包括來自數千個不同 IP 的分散式攻擊的外掛。
請參閱我們的基準和壓力測試:暴力攻擊檢測外掛比較
該保護適用於 wp-login.php 腳本,但可以擴展到 xmlrpc.php 腳本。事件還可以寫入服務器的 AUTH 日誌,這對系統管理員進行監控或禁止IP位址對服务器進行封鎖(例如 Fail2ban)非常有用。
即時檢測
文件監護實時檢測是由 NinjaFirewall 提供的一個完全獨特的功能:它可以在實時中檢測最近修改或創建的 PHP 文件的任何訪問,並通知您。如果黑客上傳了 shell 腳本到您的網站(或向已存在的文件注入了後門)並試圖使用瀏覽器或腳本直接訪問該文件,NinjaFirewall 將鉤住 HTTP 請求並立即檢測到該文件最近已被修改或創建。它將向您發送所有詳細信息的警報(腳本名稱、IP、請求、日期和時間)。
文件完整性監控
文件檢測可讓您每小時、每天或每日掃描您的網站,以進行文件完整性監控。所做的任何修改都將被檢測到:文件內容、文件權限、文件所有權、時間戳記以及文件的創建和刪除。
實時監控您的網站流量
Live Log 讓您實時監控您的網站流量。它以與 Unix 命令tail -f相似的格式顯示連接。因為它直接與防火牆通信,所以他可以提防特定攻擊事件。
原文外掛簡介
A true Web Application Firewall
NinjaFirewall (WP Edition) is a true Web Application Firewall. Although it can be installed and configured just like a plugin, it is a stand-alone firewall that stands in front of WordPress.
It allows any blog administrator to benefit from very advanced and powerful security features that usually aren’t available at the WordPress level, but only in security applications such as the Apache ModSecurity module or the PHP Suhosin extension.
NinjaFirewall requires at least PHP 7.1, MySQLi extension and is only compatible with Unix-like OS (Linux, BSD). It is not compatible with Microsoft Windows.
NinjaFirewall can hook, scan, sanitise or reject any HTTP/HTTPS request sent to a PHP script before it reaches WordPress or any of its plugins. All scripts located inside the blog installation directories and sub-directories will be protected, including those that aren’t part of the WordPress package. Even encoded PHP scripts, hackers shell scripts and backdoors will be filtered by NinjaFirewall.
Powerful filtering engine
NinjaFirewall includes the most powerful filtering engine available in a WordPress plugin. Its most important feature is its ability to normalize and transform data from incoming HTTP requests which allows it to detect Web Application Firewall evasion techniques and obfuscation tactics used by hackers, as well as to support and decode a large set of encodings. See our blog for a full description: An introduction to NinjaFirewall filtering engine.
Fastest and most efficient brute-force attack protection for WordPress
By processing incoming HTTP requests before your blog and any of its plugins, NinjaFirewall is the only plugin for WordPress able to protect it against very large brute-force attacks, including distributed attacks coming from several thousands of different IPs.
See our benchmarks and stress-tests: Brute-force attack detection plugins comparison
The protection applies to the wp-login.php script but can be extended to the xmlrpc.php one. The incident can also be written to the server AUTH log, which can be useful to the system administrator for monitoring purposes or banning IPs at the server level (e.g., Fail2ban).
Real-time detection
File Guard real-time detection is a totally unique feature provided by NinjaFirewall: it can detect, in real-time, any access to a PHP file that was recently modified or created, and alert you about this. If a hacker uploaded a shell script to your site (or injected a backdoor into an already existing file) and tried to directly access that file using his browser or a script, NinjaFirewall would hook the HTTP request and immediately detect that the file was recently modified or created. It would send you an alert with all details (script name, IP, request, date and time).
File integrity monitoring
File Check lets you perform file integrity monitoring by scanning your website hourly, twicedaily or daily. Any modification made to a file will be detected: file content, file permissions, file ownership, timestamp as well as file creation and deletion.
Watch your website traffic in real time
Live Log lets you watch your website traffic in real time. It displays connections in a format similar to the one used by the tail -f Unix command. Because it communicates directly with the firewall, i.e., without loading WordPress, Live Log is fast, lightweight and it will not affect your server load, even if you set its refresh rate to the lowest value.
Event Notifications
NinjaFirewall can alert you by email on specific events triggered within your blog. Some of those alerts are enabled by default and it is highly recommended to keep them enabled. It is not unusual for a hacker, after breaking into your WordPress admin console, to install or just to upload a backdoored plugin or theme in order to take full control of your website. NinjaFirewall can also attach a PHP backtrace to important notifications.
Monitored events:
Administrator login.
Modification of any administrator account in the database.
Plugins upload, installation, (de)activation, update, deletion.
Themes upload, installation, activation, deletion.
WordPress update.
Pending security update in your plugins and themes.
Stay protected against the latest WordPress security vulnerabilities
To get the most efficient protection, NinjaFirewall can automatically update its security rules daily, twice daily or even hourly. Each time a new vulnerability is found in WordPress or one of its plugins/themes, a new set of security rules will be made available to protect your blog immediately.
Strong Privacy
Unlike a Cloud Web Application Firewall, or Cloud WAF, NinjaFirewall works and filters the traffic on your own server and infrastructure. That means that your sensitive data (contact form messages, customers credit card number, login credentials etc) remains on your server and is not routed through a third-party company’s servers, which could pose unnecessary risks (e.g., decryption of your HTTPS traffic in order to inspect it, employees accessing your data or logs in plain text, theft of private information, man-in-the-middle attack etc).
Your website can run NinjaFirewall and be compliant with the General Data Protection Regulation (GDPR). See our blog for more details.
IPv6 compatibility
IPv6 compatibility is a mandatory feature for a security plugin: if it supports only IPv4, hackers can easily bypass the plugin by using an IPv6. NinjaFirewall natively supports IPv4 and IPv6 protocols, for both public and private addresses.
Multi-site support
NinjaFirewall is multi-site compatible. It will protect all sites from your network and its configuration interface will be accessible only to the Super Admin from the network main site.
Possibility to prepend your own PHP code to the firewall
You can prepend your own PHP code to the firewall with the help of an optional distributed configuration file. It will be processed before WordPress and all its plugins are loaded. This is a very powerful feature, and there is almost no limit to what you can do: add your own security rules, manipulate HTTP requests, variables etc.
Low Footprint Firewall
NinjaFirewall is very fast, optimised, compact, and requires very low system resource.
See for yourself: download and install the Code Profiler plugin and compare NinjaFirewall’s performance with other security plugins.
Non-Intrusive User Interface
NinjaFirewall looks and feels like a built-in WordPress feature. It does not contain intrusive banners, warnings or flashy colors. It uses the WordPress simple and clean interface and is also smartphone-friendly.
Contextual Help
Each NinjaFirewall menu page has a contextual help screen with useful information about how to use and configure it.
If you need help, click on the Help menu tab located in the upper right corner of each page in your admin panel.
Need more security ?
Check out our new supercharged edition: NinjaFirewall WP+ Edition
Unix shared memory use for inter-process communication and blazing fast performances.
IP-based Access Control.
Role-based Access Control.
Country-based Access Control via geolocation.
URL-based Access Control.
Bot-based Access Control.
Centralized Logging.
Antispam for comment and user regisration forms.
Rate limiting option to block aggressive bots, crawlers, web scrapers and HTTP attacks.
Response body filter to scan the output of the HTML page right before it is sent to your visitors browser.
Better File uploads management.
Better logs management.
Syslog logging.
Learn more about the WP+ Edition unique features. Compare the WP and WP+ Editions.
Requirements
WordPress 4.9+
Admin/Superadmin with manage_options + unfiltered_html capabilities.
PHP 7.1+
MySQL or MariaDB with MySQLi extension
Apache / Nginx / LiteSpeed / Openlitespeed compatible
Unix-like operating systems only (Linux, BSD etc). NinjaFirewall is NOT compatible with Microsoft Windows.
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
4.5 | 4.6 | 4.7 | 4.5.1 | 4.5.2 | 4.5.3 | 4.5.4 | 4.5.5 | 4.5.6 | 4.5.7 | 4.5.8 | 4.5.9 | 4.6.1 | 4.7.1 | 4.7.2 | 4.7.3 | trunk | 4.5.10 | 4.5.11 |
延伸相關外掛(你可能也想知道)
Email Address Encoder 》這是一個輕量級的外掛,可以保護純文字的電子郵件地址和 mailto 鏈結免受電子郵件抓取機器人獵取,透過將它們編碼成十進位和十六進位實體。對文章、頁面、留...。
Protect uploads 》上傳目錄是 WordPress 圖書館中檔案存放的地方。不幸的是,這個目錄沒有受到保護。一個想要查看您全部圖書館的人可以立即列出它,前往:http://yourwebsite/w...。
NinjaScanner – Virus & Malware scan 》該款WordPress外掛為「NinjaScanner」,是一款輕量、快速且強大的防毒掃描軟體。此外掛內建多種功能來協助掃描網誌中的惡意軟體及病毒。, , 主要功能:, , - ...。
Protect WP Admin 》WP Protect Admin Plugin 提供了額外的安全層以保護您的 WordPress 管理區域。使用此外掛程式,您可以通過更改預設的管理員登錄 url (/ wp-admin)、用戶名稱...。
WP Content Copy Protection 》「WP Content Copy Protection」是一個簡單卻有效的外掛,使用多種強力技術來保護您的線上內容免遭盜取。該外掛禁用常見的幾種文本複製方式,如右鍵、圖像拖...。
Prevent Direct Access – Protect WordPress Files 》Prevent Direct Access (PDA) 提供了一個簡單的解決方案,可以保護您的 WordPress 檔案,防止 Google、其他搜索引擎和未經授權的用戶索引和盜取您艱難製作的...。
WP-Copyright-Protection 》這個外掛是保護你網站內容的簡單方法。對大多數瀏覽器而言,它會禁用文字、圖像複製,並阻止你的網站被置入一個 iframe 框架中。此外,這個外掛程式具備乾淨...。
ContentProtector – password protect your page, post or text 》```html, - ,
- ContentProtector是一個輕量且靈活的外掛,可讓您使用密碼保護您的WordPress內容。您可以保護整個文章或頁面,或僅保護特...。
WP Bouncer – Limit Simultaneous Logins 》WP Bouncer 可限制相同 WordPress 使用者帳戶的同時登入數量。該外掛程式的目標是防止使用者分享您網站的登入憑證,這對於付費會員、高級內容或電子學習網站...。
IP Ban 》更新1:對於管理員用戶,該外掛未啟用。, 更新2:添加了IP範圍功能,以供IP列表使用。, IP Ban是一個安全性外掛,可保護您的網站免受來自不希望的IP地址或用...。
Cartpauj Register Captcha 》Cartpauj Register Captcha 的功能非常簡單,但非常有效。它能透過 WordPress 的預設註冊表單防止垃圾郵件註冊。不需要任何配置或設置,只需要啟用插件,就能...。
WebTotem Security 》WebTotem Security是一個針對WordPress的安全外掛程式,透過特殊的內部和外部公用程式,監控網站並預防網站攻擊。, 內部公用程式:, 1) 防毒程式尋找shell、...。
WP Site Protector 》我們都知道 WordPress 是全世界最好的 CMS。現在是時候透過提供四層保護來保護您的 WordPress 網站內容了。, 1. 關閉網站頁面的「右鍵點擊」訪問, 2. 關閉網...。
Simple Trackback Validation with Topsy Blocker 》Simple Trackback Validation 外掛能夠對所有收到的 Trackback 進行簡單卻非常有效的測試,以防止追蹤back垃圾訊息,現在已擁有 topsy.com 阻擋器。, 運作方...。
Sessions 》Sessions 是 WordPress 的一個強大的會話管理器,具有多樣的會話限制器和關於登入、登出和帳戶創建的完整分析報告。它依賴於標準的 WordPress 會話管理器,並...。