Description

For over 9 years Security Ninja has helped thousands site owners like you to feel safe. Run 50+ security tests in an instant & discover issues you didn’t even know existed. Help yourself now with Ninja’s simplicity & ease of use.

NEW: Vulnerability scanner – Warns you if you have plugins with known vulnerabilities installed.

Automatically block 600+ million bad IPs with one click! Security Ninja Pro Cloud Firewall will help you stay one step ahead of bad guys by using the collective know-how of millions of attacked sites, and ban bad guys before they even open your site.

Read more about Pro features on the Security Ninja website

perform 50+ security tests with one click

with one click Security Ninja does not make any changes – it’s your site, you have full control

check your site for security vulnerabilities, issues & holes

take preventive measures against attacks

don’t let script kiddies hack your site

prevent 0-day exploit attacks

optimize and speed-up your database

every test is explained, documented and instructions provided on how to fix problems

tests include: brute-force attack on user accounts to test password strength numerous installation parameters tests file permissions version hiding 0-day exploits tests debug and auto-update modes tests database configuration tests Apache and PHP related tests WP options tests

complete list of tests: Check if WordPress core is up to date Check if automatic WordPress core updates are enabled Check if plugins are up to date Check if there are deactivated plugins Check if active plugins have been updated in the last 12 months Check if active plugins are compatible with your version of WP Check if themes are up to date Check if there are any deactivated themes Check if full WordPress version info is revealed in page’s meta data Check if readme.html file is accessible via HTTP on the default location Check if license.txt file is accessible via HTTP on the default location Check if REST API links are displayed in page’s meta data Check the PHP version Check the MySQL version Check if server response headers contain detailed PHP version info Check if expose_php PHP directive is turned off Check if user with username “admin” and administrator privileges exists Check if “anyone can register” option is enabled Check user’s password strength with a brute-force attack Check for display of unnecessary information on failed login attempts Check if database table prefix is the default one Check if security keys and salts have proper values Check the age of security keys and salts Test the strength of WordPress database password Check if general debug mode is enabled Check if the debug.log file exists Check if database debug mode is enabled Check if JavaScript debug mode is enabled Check if display_errors PHP directive is turned off Check if WordPress installation address is the same as the site address Check if wp-config.php file has the right permissions (chmod) set Check if install.php file is accessible via HTTP on the default location Check if upgrade.php file is accessible via HTTP on the default location Check if register_globals PHP directive is turned off Check if PHP safe mode is disabled Check if allow_url_include PHP directive is turned off Check if plugins/themes file editor is enabled Check if uploads folder is browsable by browsers Test if user with ID “1” and administrator role exists Check if Windows Live Writer link is present in pages’ header data Check if wp-config.php is present on the default location Check if MySQL server is connectable from outside with the WP user Check if EditURI link is present in pages’ header data Check if TimThumb script is used in the active theme Check if the server is vulnerable to the Shellshock bug #6271 Check if the server is vulnerable to the Shellshock bug #7169 Check if admin interface is delivered via SSL Check if MySQL account used by WordPress has too many permissions Test if a list of usernames can be fetched by looping through user IDs on http://siteurl.com/?author={ID} Check if server response headers contain Strict-Transport-Security Check if server response headers contain X-XSS-Protection Check if server response headers contain X-Frame-Options Check if server response headers contain X-Content-Type-Options Check if server response headers contain Content-Security-Policy Check if server response headers contain Strict-Transport-Security Check if server response headers contain Referrer-Policy Check if server response headers contain Feature-Policy Check for unwanted files in your root folder you should remove



Security Ninja PRO has extra features: Firewall, Block Suspicious Page Requests, Country Blocking, Core Scanner, Malware Scanner, Auto Fixer for some of the tests, Events Logger & Scheduled Scans.

An all-in-one security solution for any site. With premium support and continuous updates Security Ninja Pro is a perfect tool to keep your site safe. See what the PRO version offers

Add your suggestions to the public roadmap or vote for your favorite new feature.

What others say about the plugin

License info