前言介紹
- 這款 WordPress 外掛「Security Ninja – Secure Firewall & Secure Malware Scanner」是 2016-08-29 上架。
- 目前有 10000 個安裝啟用數。
- 上一次更新是 2025-03-29,距離現在已有 35 天。
- 外掛最低要求 WordPress 4.7 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 7.4 以上。
- 有 95 人給過評分。
- 論壇上目前有 3 個提問,問題解答率 100% ,不低,算是個很有心解決問題的開發者團隊了!
外掛協作開發者
lkoudal | freemius | cleverplugins |
外掛標籤
login | virus | malware | firewall | security |
內容簡介
在過去10年中,Security Ninja 已幫助上千名網站擁有者感到安全。您可以在瞬間內運行50多個安全測試,並發現您即使不知道存在的問題。使用 Ninja 的簡潔易用性現在就自救。
新功能:弱點掃描器-警告您是否有已知的網站弱點。
在幾分鐘內開始:
只需點擊一下即可自動封鎖超過6億個差劣 IP!Security Ninja Pro Cloud Firewall 使用攻擊了數百萬個網站的千萬級別的集體知識,可以在不打開您的網站之前就禁止壞人,讓您比壞人更先一步。
在 Security Ninja 網站上閱讀更多有關專業功能的資訊
擴充功能
MainWP- MainWP 儀表板允許管理員從一個中央位置管理許多 WordPress 網站。
安裝免費的 Security Ninja for MainWP Extension,以獲取您已在 Security Ninja 上安裝的所有網站的概述!
Security Ninja For MainWP
網站的安全測試
弱點掃描器-警告您的網站是否存在已知的弱點!
只需點擊一下即可運行50多個安全測試
Security Ninja 不會進行任何更改-這是您的網站,您有完全控制權
檢查您的網站的安全漏洞、問題和洞穴
採取預防措施,防範攻擊
不要讓腳本小子破壞您的網站
預防 0-day 漏洞攻擊
優化和加速您的數據庫
每個測試都有解釋、說明和如何解決問題的說明
測試包括:
對用戶帳戶的暴力攻擊,以測試密碼強度
許多安裝參數的測試
文件權限
版本隱藏
0-day 漏洞的測試
調試和自動更新模式的測試
數據庫配置測試
Apache 和 PHP 相關測試
WP 選項測試
完整的測試列表:
檢查應用程式密碼功能是否已啟用(WP 5.6 的新功能)
檢查 WordPress 核心版本是否最新
檢查是否已啟用自動 WordPress 核心更新
檢查插件是否最新
檢查是否有停用的插件
檢查活動插件是否在過去12個月內已更新
檢查活動插件是否與您的 WP 版本兼容
檢查佈景主題是否最新
檢查是否有停用的佈景主題
檢查頁面的元數據中是否顯示完整的 WordPress 版本資訊
檢查 readme.html 文件是否可以在默認位置通過 HTTP 訪問
檢查 license.txt 文件是否可以在默認位置通過 HTTP 訪問
檢查是否在頁面的元數據中顯示 REST API 鏈接
檢查 PHP 版本是否最新
檢查 MySQL 版本
檢查服務器響應標頭中是否包含詳細的 PHP 版本資訊
檢查 expose_php PHP 指令是否已關閉
原文外掛簡介
Protect your WordPress website from hackers, malware, and security vulnerabilities with Security Ninja, a trusted WordPress security plugin since 2011. This all-in-one security solution safeguards your site with 50+ security tests, malware scanning, a firewall, brute force attack protection, and real-time vulnerability detection.
Security Ninja Plugin proactively identifies security risks, ensuring your WordPress website stays secure without slowing it down. With features like automated security scans, login protection, IP blocking, and two-factor authentication (2FA), it provides comprehensive website protection against cyber threats.
Whether you’re a beginner or an advanced user, Security Ninja is designed for effortless WordPress security management, keeping your site safe while you focus on growing your business. Install today and take control of your website’s security!
This plugin can be downloaded for free without any paid subscription from the official WordPress repository.
Security Ninja Installation and Setup Video Tutorial
Why Choose Security Ninja? – The Ultimate WordPress Security Plugin
Comprehensive Security Testing – Run 50+ WordPress security tests to detect vulnerabilities before hackers exploit them.
Enhanced Vulnerability Scanner – Stay ahead of emerging threats with proactive alerts for vulnerabilities.
Core Scanner – Find and remove modified and unwanted files in your WordPress core files.
Advanced Malware Scanner (PRO) – Identify and remove malicious code, hidden threats, and suspicious files instantly.
Powerful Firewall Protection (PRO) – Block brute-force attacks, unauthorized logins, and suspicious IPs with real-time security.
Secure Login & 2FA (PRO) – Strengthen your WordPress login page with Two-Factor Authentication (2FA) and login attempt limits.
Cloud-Based Threat Intelligence (PRO) – Stay ahead of cybercriminals with real-time updates on the latest security threats.
One-Click Security Fixes (PRO) – Fix security issues instantly with an easy-to-use, beginner-friendly dashboard.
Automated Security Scans & Reports (PRO) – Schedule scans and get detailed reports sent to your inbox.
Activity Log & User Tracking (PRO) – Track all user actions on your WordPress website with a detailed activity log and receive alerts for suspicious activity.
Key Features of Security Ninja – The Ultimate WordPress Security Plugin
Security Ninja is a powerful WordPress security plugin designed to protect your website from hackers, malware, brute-force attacks, and security vulnerabilities. With 50+ security tests, real-time malware scanning, a firewall, and login protection, Security Ninja keeps your WordPress site secure without slowing it down.
Comprehensive WordPress Security Testing
Security Ninja performs 50+ advanced security tests to identify vulnerabilities before hackers exploit them. This includes:
Brute-force protection – Blocks unauthorized login attempts to prevent forced entry.
File integrity monitoring – Detects unauthorized changes to WordPress core files, themes, and plugins.
Database security checks – Identifies weak database permissions and potential SQL injection threats.
User role audits – Ensures no unauthorized administrator accounts exist.
Security misconfiguration scans – Identifies and fixes weak settings that could compromise security.
Enhanced Vulnerability Scanner
Stay Ahead of Threats – Our vulnerability scanner proactively alerts you to known vulnerabilities, allowing you to address potential threats before they exploit your website.
Comprehensive Protection – Security Ninja not only checks and warns for common issues but also checks for known vulnerabilities in plugins and themes.
Peace of Mind – Knowing your site is monitored for the latest vulnerabilities means you can focus on what matters most, growing your business and creating content, worry-free.
Core Scanner – Comprehensive Protection for Your WordPress Installation
The Core Scanner module adds a critical layer of security by ensuring your WordPress installation remains untampered and free of unauthorized files.
Full Core File Integrity Check: Every file in your core WordPress folders is scanned to ensure it hasn’t been modified or compromised.
Detection of Unknown Files: The scanner flags any extra or unknown files in your core WordPress directories, alerting you to potential threats.
Built-in File Viewer: Review flagged files directly within your WordPress dashboard using the integrated file viewer for a clear and easy inspection.
Restore Core Files: If a core WordPress file has been altered, you can quickly restore it with a single click, ensuring your site is running the official version.
Easy File Management: For unknown or suspicious files, you have the option to delete them right from the interface, keeping your WordPress installation clean and secure.
Advanced Malware Scanner – Detect & Remove Malware Instantly (PRO)
Security Ninja includes a high-performance malware scanner that automatically checks your WordPress core, plugins and themes for:
Malicious scripts and backdoors – Identifies hidden malware and harmful injections.
Trojan and virus detection – Scans for suspicious PHP and JavaScript entries.
One-click malware removal – Instantly quarantine and delete infected files.
WordPress Firewall & Real-Time Threat Protection (PRO)
The Web Application Firewall (WAF) blocks hacker attempts, bot attacks, and brute-force login attempts before they can damage your site.
Real-time protection – Prevents malicious traffic and automated hacking attempts.
IP & Country Blocking – Restrict access from high-risk countries and blacklisted IPs.
Cloud-Based Threat Intelligence – Updated with the latest security threats.
Login Security & Two-Factor Authentication (2FA) (PRO)
Your WordPress login page is a primary target for hackers. Security Ninja enhances login security with:
Two-Factor Authentication (2FA) – Requires additional verification for safer logins.
Brute-force attack protection – Limits failed login attempts to block unauthorized access.
Rename login – Getting a lot of requests to your login form? Hide it for spammers.
One-Click Security Fixes & WordPress Hardening (PRO)
Manually fixing security issues is time-consuming. Security Ninja provides one-click hardening to:
Disable XML-RPC – Blocks common DDoS attacks and brute-force exploits.
Restrict file editing – Prevents unauthorized theme and plugin modifications.
Hide PHP error messages – Stops hackers from exploiting sensitive error details.
And many more fixes to harden your WordPress security!
Activity Log & User Tracking (PRO)
Keep track of all actions on your WordPress website with a detailed activity log:
Monitor failed login attempts, plugin activations, file changes, and user actions.
Receive email alerts whenever suspicious activity is detected.
Export security logs for audits and compliance reports.
The plugin includes webhook functionality so you can integrate with any other 3rd party service, maybe send updates in the company Slack channel when a hack attempt was thwarted?
Automated Security Scans & Reports (PRO)
Security Ninja performs scheduled security scans and sends reports directly to your inbox.
Set up daily, weekly, or monthly security scans.
Receive email alerts about vulnerabilities and malware infections.
Analyze detailed reports to keep your website secure.
Block Spam & Malicious Bots Instantly (PRO)
Hackers and spammers use bots to exploit WordPress websites. Security Ninja prevents:
Fake registrations and spam comments – Stops bots from even getting to your site.
Malicious bot attacks – Blocks scripts attempting to hack your site.
Unwanted traffic – Reduces server load by preventing unnecessary bot access.
Join thousands of satisfied users who trust Security Ninja to keep their websites safe. Start protecting your online presence today and help yourself to peace of mind.
Why Security Ninja is Best WordPress Security Plugin
Security Ninja is the best WordPress security plugin because it provides a comprehensive, lightweight, and easy-to-use solution to protect your website from hackers, malware, and vulnerabilities. With 50+ security tests, an advanced malware scanner, a firewall, and two-factor authentication (2FA), it ensures complete website protection without slowing down performance.
Unlike bloated security plugins, Security Ninja is optimized for speed and efficiency. It offers one-click security fixes, automated scans, real-time threat detection, and login protection, making it ideal for beginners and advanced users alike. Trusted since 2011, it keeps thousands of websites secure while offering proactive protection against cyber threats.
Extensions
MainWP – The MainWP Dashboard allows administrators to manage many WordPress websites from a central location.
Install the FREE Security Ninja for MainWP Extension to get an overview of all websites you have installed Security Ninja on!
Security Tests for your website
Security Ninja – Your WordPress Guardian
Key Features
Immediate Vulnerability Alerts: Get instant notifications about vulnerabilities to keep your website safe and secure.
Comprehensive One-click Security Audit: With just one click, perform over 50+ detailed security checks that scrutinize every corner of your site for security vulnerabilities and performance issues.
You’re in Command: Security Ninja respects your autonomy, providing insights and recommendations without making unsolicited changes to your site.
Holistic Security Evaluation: Comprehensive checks on everything from the WordPress core, plugins, and themes to ensure they are up-to-date and secure.
Proactive Defense Strategies: Equip yourself with the tools and knowledge to prevent attacks before they happen, safeguarding your site from potential threats.
Optimization Beyond Security: Improve your site’s performance with database optimization tips, ensuring a seamless experience for your users.
Knowledge: Each test comes with an easy-to-understand explanation, documentation, and actionable steps to fix identified issues.
Customized Security Insights: Tailored security assessments to check critical updates and configurations specific to your WordPress setup for a personalized protection strategy.
Future-Proof Your Site: Stay ahead with tests that include the latest WordPress features and best practices for site security.
Prevent Unauthorized Access: Strengthen your defenses with checks designed to prevent weak passwords and unauthorized file access.
Secure Configuration Checks: Ensure your website is configured according to security best practices, from file permissions to security headers, for comprehensive protection against threats.
Enhance your website’s security, performance, and user experience with Security Ninja – your trusted partner in WordPress protection.
Security Ninja Pro has extra features: Firewall, Block Suspicious Page Requests, Country Blocking, Core Scanner, Malware Scanner, Auto Fixer for some of the tests, Events Logger & Scheduled Scans.
An all-in-one security solution for any site. With premium support and continuous updates Security Ninja Pro is a perfect tool to keep your site safe. See what the PRO version offers
Automatically block 600+ million bad IPs with one click! Security Ninja Pro Firewall will help you stay one step ahead of bad guys by using the collective know-how of millions of attacked sites, and ban bad guys before they even open your site.
Read more about Pro features on the Security Ninja website
What others say about the plugin
WP Mayor: “Easy-to-Use WordPress Security Plugin”
WPLift
WPExplorer
WP Loop
Bitcatcha.com
WebHostingSecretRevealed
Ravi Singh
Tutorials 7
onlinedecoded.com
Tests
* The tests include:
* brute-force attack on user accounts to test password strength
* numerous installation parameters tests
* file permissions
* version hiding
* 0-day exploits tests
* debug and auto-update modes tests
* database configuration tests
* Apache and PHP related tests
* WP options tests
Complete list of tests:
Check if Application Passwords feature is enabled (new to WP 5.6)
Check if WordPress core is up to date
Check if automatic WordPress core updates are enabled
Check if plugins are up to date
Check if there are deactivated plugins
Check if active plugins have been updated in the last 12 months
Check if active plugins are compatible with your version of WP
Check if themes are up to date
Check if there are any deactivated themes
Check if full WordPress version info is revealed in page’s meta data
Check if REST API links are displayed in page’s meta data
Check the PHP version is up to date
Check the MySQL version
Check if server response headers contain detailed PHP version info
Check if expose_php PHP directive is turned off
Check if user with username “admin” and administrator privileges exists
Check if “anyone can register” option is enabled
Check user’s password strength with a brute-force attack
Check for display of unnecessary information on failed login attempts
Check if database table prefix is the default one
Check if security keys and salts have proper values
Check the age of security keys and salts
Test the strength of WordPress database password
Check if general debug mode is enabled
Check if the debug.log file exists
Check if database debug mode is enabled
Check if JavaScript debug mode is enabled
Check if display_errors PHP directive is turned off
Check if WordPress installation address is the same as the site address
Check if wp-config.php file has the right permissions (chmod) set
Check if register_globals PHP directive is turned off
Check if PHP safe mode is disabled
Check if allow_url_include PHP directive is turned off
Check if plugins/themes file editor is enabled
Check if uploads folder is browsable by browsers
Test if user with ID 1 and administrator role exists
Check if Windows Live Writer link is present in pages’ header data
Check if wp-config.php is present on the default location
Check if MySQL server is connectable from outside with the WP user
Check if EditURI link is present in pages’ header data
Check if TimThumb script is used in the active theme
Check if the server is vulnerable to the Shellshock bug #6271
Check if the server is vulnerable to the Shellshock bug #7169
Check if admin interface is delivered via SSL
Check if MySQL account used by WordPress has too many permissions
Test if a list of usernames can be fetched by looping through user IDs on http://siteurl.com/?author={ID} (also called username enumeration)
Check if server response headers contain Strict-Transport-Security
Check if server response headers contain X-Frame-Options
Check if server response headers contain X-Content-Type-Options
Check if server response headers contain Content-Security-Policy
Check if server response headers contain Strict-Transport-Security
Check if server response headers contain Referrer-Policy
Check if server response headers contain Feature-Policy
Check for unwanted files in your root folder you should remove
License info
jQuery Cookie Plugin, Copyright 2013 Klaus Hartl
The vulnerability scanner uses data from the National Vulnerability Database – NVD
This product includes IP2Location LITE data available from https://lite.ip2location.com.
This plugin uses the Persist Admin notice Dismissals by Collins Agbonghama @collizo4sky
How can I report security bugs?
You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team help validate, triage and handle any security vulnerabilities. Report a security vulnerability.
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「Security Ninja – Secure Firewall & Secure Malware Scanner」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
5.225 | 5.229 | 5.230 | trunk |
延伸相關外掛(你可能也想知道)
Wordfence Security – Firewall, Malware Scan, and Login Security 》fective way to manage multiple WordPress sites with Wordfence installed from a single location., Monitor security status across all your sites from...。
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) 》le Plugins include Complianz GDPR, Disable Updates Manager, and Really Simple CAPTCHA., , Really Simple SSL是一個外掛,自動配置你的網站最大程度上使...。
Jetpack – WP Security, Backup, Speed, & Growth 》search engines, and grow your traffic with Jetpack. It’s the ultimate toolkit for WordPress professionals and beginners alike., , Customize and des...。
Hostinger Tools 》- Hostinger Onboarding WordPress Plugin 简化和加快了WordPress网站的设置过程。, - 提供了简便和快速的方式来建立WordPress网站。。
Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall 》Limit Login Attempts Reloaded 是一款WordPress外掛,可阻止暴力破解攻擊並透過限制常規登錄、XMLRPC、Woocommerce和自訂登錄頁面的登錄嘗試次數來優化您的...。
ManageWP Worker 》, Want to clone or migrate your WordPress website to a new host or domain? No problem! With ManageWP, you can easily clone or migrate your website ...。
Security Optimizer – The All-In-One Protection Plugin 》透過精心挑選且易於配置的功能,SiteGround Security 外掛提供了您所需的一切來保護您的網站並預防多種威脅,例如暴力破解攻擊、登錄錯誤、資料外洩等等。, ...。
Safe SVG 》Safe SVG 可以讓你安心地在 WordPress 中上傳 SVG 檔案!, 它能夠讓你允許上傳 SVG 檔案的同時,確保它們已經經過消毒以防止 SVG/XML 弱點影響你的網站。此外...。
Loginizer 》Loginizer 是一個 WordPress 外掛,可幫助您對抗暴力攻擊,當 IP 地址達到最大重試次數時,該外掛會阻止其登錄。您可以使用 Loginizer 將 IP 地址列入黑名單...。
All-In-One Security (AIOS) – Security and Firewall 》vated to your website, All-in-One Security's WAF will detect and block hacking attempts, adding an extra layer of security to your WordPress site. ...。
Solid Security – Password, Two Factor Authentication, and Brute Force Protection 》ing iThemes Security Plugin can benefit you:, 保護您的 WordPress 網站的最佳外掛程式, 平均每天有 30,000 個網站遭受駭客攻擊,在網路上每 39 秒就會有一...。
User Role Editor 》「User Role Editor」WordPress 外掛讓您輕鬆更改使用者角色和權限。, 只需打開您希望新增到所選角色的能力核取方塊,然後按「更新」按鈕以保存您的更改。完...。
Sucuri Security – Auditing, Malware Scanner and Security Hardening 》Sucuri Inc. 是全球公認的網站安全權威,專門為 WordPress 安全提供專業知識。, Sucuri Security WordPress 擴充套件對所有 WordPress 使用者免費提供。它是...。
MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites 》這是一個針對「MainWP Dashboard」的子外掛程式,可將您的 WordPress 網站連接至 MainWP Dashboard。, MainWP是一個完整的 WordPress 管理解決方案,是自助...。
SiteGuard WP Plugin 》版本: 1.6.7, , 您可以在日文網頁和英文網頁上找到文件、常見問題和更詳細的資訊。 , 安裝SiteGuard WP Plugin後,WordPress安全性會得到提高。, 本外掛是一...。