Trying to find the finest WordPress safety plugin to guard your WordPress web site from malicious actors?
Due to its recognition, WordPress is a juicy goal for malicious actors world wide. As a result of having a hacked web site is just about each webmaster’s worst nightmare, it’s a good suggestion to search for a little bit further safety in your web site.
In our hands-on Safety Ninja assessment, we’re going to check out a preferred freemium safety plugin that helps you implement each fundamental hardening ways and proactive monitoring and safety.
We’ll begin with an introduction to what the plugin does. Then, we’ll provide you with a hands-on take a look at what it’s like to make use of Safety Ninja in your web site.
Let’s dig in!
Safety Ninja Evaluate: What the Plugin Does
In a nutshell, Safety Ninja goals to be a whole resolution for WordPress safety. That’s, it affords a complete strategy to safety, fairly than solely specializing in a single space.
To that finish, it affords a number of various kinds of options:
- Fundamental hardening tweaks to comply with normal safety finest practices
- Login safety to guard towards brute pressure assaults
- Firewall to proactively block threats
- Safety vulnerability scanning/detection to seek out potential points
- Malware scanning to seek out and take away malicious recordsdata
- Customer logging to trace suspicious exercise
It additionally consists of options that can assist you extra simply preserve monitor of your web site’s safety standing, akin to e-mail notifications.
Let’s undergo them…
Fundamental Hardening Tweaks
First off, Safety Ninja may help you implement plenty of fundamental hardening tweaks and safety finest practices.
This isn’t a whole record, however listed here are the varieties of protections that I’m speaking about:
- Disable in-dashboard file modifying
- Disguise WordPress model quantity
- Allow safety headers
- Disable utility passwords
- And many others.
Login Safety
You additionally get a complete set of options to guard your login web page from brute pressure assaults:
- Change the login web page URL
- Restrict login makes an attempt (just like the safety that your on-line banking makes use of)
- Safelist/blocklist sure IP addresses
- Disguise login errors that inform individuals if an account exists
Firewall to Block Threats
To dam threats elsewhere in your web site, Safety Ninja consists of its personal proactive firewall, together with an choice to allow cloud-based safety that routinely blocks 600+ million identified malicious IPs.
You may as well block suspicious web page requests, in addition to arrange geo-blocking guidelines to dam guests from sure international locations.
Safety Vulnerability Scanning/Detection
Safety Ninja consists of plenty of completely different options to detect points or vulnerabilities in your web site.
First off, you’ll be able to take a look at your web site’s configuration towards 40+ potential points, such because the power of your database password, out-of-date extensions, PHP model, and extra.
For a lot of issues, you’ll be able to repair the difficulty with the press of a button if you happen to fail the take a look at.
Second, Safety Ninja will monitor your put in plugins for identified vulnerabilities. If it detects one, it is going to provide you with a warning straight away so that you could replace the plugin (if the developer has patched the difficulty) or swap to a unique software.
Third, you’ll be able to scan the core WordPress recordsdata for file integrity. Safety Ninja will provide you with a warning if core recordsdata have been modified or another recordsdata have been added. It is a signal that your web site could have been hacked.
Past that, there’s additionally one other helpful sort of scanning…
Malware Scanning
In case a malicious file by some means makes it onto your server, Safety Ninja additionally consists of its personal malware scanning characteristic to detect suspicious recordsdata in your server that exist exterior the core WordPress recordsdata.
If a file is real (false optimistic), you’ll be able to safelist it to keep away from it showing sooner or later.
Customer Logging
Safety Ninja additionally helps you retain monitor of what’s occurring in your web site with two completely different instruments:
- An occasion logger to maintain monitor of the actions that logged-in customers take in your web site, akin to putting in a brand new plugin.
- A customer log to point out the actions of each single customer to your web site (together with an possibility to simply ban the IP tackle of malicious guests). For instance, you could find people who find themselves making an attempt to entry your login web page.
Instruments to Monitor Safety Standing
That will help you preserve monitor of your web site’s safety without having to log into the dashboard daily, you get a number of completely different instruments.
First, you’ll be able to arrange automated e-mail alerts for vital points. That method, you’ll solely must examine in if you happen to get a notification to your e-mail tackle.
Second, if you happen to’re utilizing MainWP to handle a number of websites from one dashboard, there’s an extension for MainWP that permits you to handle safety for all your websites from the unified MainWP dashboard.
How you can Use Safety Ninja to Defend Your Web site
Now that you recognize what the plugin does, let’s get into what it’s like to truly use Safety Ninja in your WordPress web site.
Full the Setup Wizard
Whenever you first activate Safety Ninja, it is going to immediate you to run its built-in safety wizard, which is able to enable you to configure some vital baseline settings in your web site.
First, you’ll be able to activate firewall safety to proactively cease threats and ban malicious IP addresses:
Subsequent, you’ll be able to select whether or not to activate an array of default safety measures. You’ll be able to at all times deactivate a few of these later if you happen to don’t need them.
And that’s it for the essential setup wizard!
Configure Extra Superior Settings
To entry extra superior settings at a person degree, you’ll be able to subsequent head to Safety Ninja → Fixes.
Right here, you’ll see a listing of all of the potential safety fixes that Safety Ninja could make for you.
For every repair, you get a easy toggle button to allow or disable that particular repair:
The screenshot above doesn’t present the total record of accessible fixes.
You may as well entry some firewall-specific settings by going to Safety Ninja → Firewall. For instance, you’ll be able to select whether or not or to not use the cloud-based firewall guidelines or arrange country-specific geo-blocks in your web site:
Additional down the web page, you get another choices for hardening, together with defending your login web page. For instance, you’ll be able to change the login web page URL, restrict login makes an attempt, safelist/blocklist sure IP addresses, and extra:
Run Safety Scans
That’s primarily it for the precise settings in Safety Ninja.
Many of the different options contain scanning your web site.
Safety Ninja offers you a number of completely different choices to scan your web site:
- Safety Exams – these allow you to take a look at particular elements of your web site’s configuration to detect potential points. For instance, you’ll be able to take a look at whether or not there’s out-of-date software program, if debug mode is enabled, response headers, and extra.
- Vulnerabilities – this tab routinely checks your plugins for identified vulnerabilities.
- Core Scanner – this take a look at scans the core WordPress recordsdata to see in the event that they’ve been modified or recordsdata have been added.
- Malware – this allows you to scan your web site for malware.
Safety Exams
For the Safety Exams possibility, you’ll be able to first use the checkboxes to decide on which exams you wish to run. For a complete take a look at, you’ll be able to simply examine all the containers.
Then, you’ll be able to click on Run Exams to start out the take a look at:
After a brief wait, you’ll see the outcomes of every particular person take a look at, in addition to a abstract on the high.
Should you click on the Particulars possibility subsequent to a take a look at, you’ll be able to see particular details about that take a look at. For some exams, you’ll additionally get a one-click possibility to repair the issue:
Vulnerabilities
The Vulnerabilities take a look at will routinely examine your WordPress plugins and themes for identified vulnerabilities.
In contrast to the earlier take a look at, you don’t must manually run it – it is going to at all times provide you with a warning. You’ll see giant alerts in your dashboard and you may as well configure e-mail warnings:
I feel it is a actually helpful characteristic as a result of plugin vulnerabilities are a typical method for websites to get hacked. By getting these alerts straight away, you’ll be able to promptly replace the affected plugin and keep away from issues.
Core Scanner
For the Core Scanner take a look at, you simply want to move to that tab and click on the Scan core recordsdata button.
Safety Ninja will then examine all the recordsdata. If every little thing seems good, you’ll see a “No issues discovered” message:
Malware
To run a malware scan, you’ll head to the Malware tab and click on the Scan your web site button.
You’ll now have a brief wait – it could possibly be anyplace from a number of seconds to some minutes relying on the scale of your web site:
When it’s completed, you must see the outcomes of the take a look at.
In some circumstances, Safety Ninja may flag a file that’s reputable. To keep away from these false positives sooner or later, you’ll be able to safelist that particular file in order that it not reveals up within the scan.
How you can Schedule Exams
Along with working exams manually, you may as well schedule exams to run on sure schedules and routinely ship your self an e-mail report with the outcomes.
You’ll be able to set this up from the Scheduler tab:
View Logs
The final little bit of key performance is Safety Ninja’s logging performance, which is available in two primary codecs.
First, you’ll be able to see a log of particular occasions which have occurred in your web site by going to the Occasions tab.
For instance, you’ll be able to see that it was already in a position to log a failed login try:
Second, you’ll be able to go to Safety Ninja → Customer Log to see every particular person customer to your web site, together with the actions that they’ve taken. You may as well rapidly ban an IP tackle if you happen to detect malicious exercise:
And that’s just about it for what it’s like to make use of Safety Ninja to guard your web site!
Safety Ninja Pricing
Safety Ninja is available in each a free model at WordPress.org in addition to a premium model that provides extra superior options.
On the whole, the free model focuses totally on fundamental hardening methods, together with 50+ safety exams throughout a spread of areas.
For extra complete safety, you’ll be able to improve to Safety Ninja Professional. Listed below are a few of the most notable options that you just get with the Professional model:
- Firewall, together with blocking suspicious web page requests, international locations, and so forth.
- WordPress core scanner.
- Malware scanner.
- Computerized fixing for some exams (the free model requires you to manually make modifications).
- Occasion logging.
- Scheduled safety scanning.
If you would like entry to Safety Ninja Professional, there are 4 completely different paid plans which can be out there on a month-to-month or annual fee foundation.
The entire plans are full-featured – the one distinction is the variety of websites upon which you’ll be able to activate the plugin:
- Starter – one web site – $39.99 per 12 months or $6.99 monthly.
- Plus – three web sites – $99.99 per 12 months or $12.99 monthly.
- Professional – 5 web sites – $149.99 per 12 months or $18.99 monthly.
- Company – ten web sites – $199.99 per 12 months or $29.99 monthly.
Listed below are the yearly plans:
And listed here are the month-to-month plans:
You may as well take a look at out the premium options with a 14-day free trial. You will want to enter your bank card to activate the trial, however you received’t be billed till after 14 days. The plugin can even ship you a reminder earlier than billing begins and the cancellation course of is frictionless – you simply must click on a number of buttons.
Last Ideas on Safety Ninja
Testing safety plugins is at all times a bit tough as a result of it’s exhausting to simulate an actual safety assault. That’s, a malicious actor making an attempt to contaminate my web site with malware.
With that being stated, I could make a number of hands-on conclusions primarily based on my expertise.
First off, I feel that the Safety Ninja interface is rather well achieved. It’s clear and simple to make use of whereas nonetheless supplying you with quantity of element.
Second, you get variety of options to guard your web site.
Third, you get tons of fundamental hardening guidelines. I might say Safety Ninja makes it simple to implement just about all the essential stuff, akin to disabling in-dashboard file modifying and correctly configuring response headers.
You additionally get extra proactive safety, particularly with the premium model. For instance, firewalls, login safety, malware scanning, and extra.
I additionally actually preferred that it was in a position to routinely detect identified vulnerabilities in put in plugins. I feel this characteristic can actually assist encourage individuals to use updates rapidly, fairly than ready to replace their plugins.
Primarily based on these experiences, Safety Ninja looks as if one other high quality possibility for WordPress safety.
If you wish to try it out, you may have three choices:
- You’ll be able to set up the free model from WordPress.org to entry the essential options.
- You need to use the 14-day free trial to check out all the options in Safety Ninja Professional.
- You’ll be able to spin up a totally functioning take a look at web site with the Professional model utilizing InstaWP (a service that we’ve reviewed). You’ll be able to click on this hyperlink to launch your take a look at web site.
Both method, you should use the button beneath to get began.