Making your site a secure one for both you and your visitors is a must, regardless of the platform it was built on. To leave your security just on the WordPress level, for instance, is never a good idea since the security features available, there aren’t the most powerful ones. For this reason, most people resort to integrating other security applications/plugins on their site.

You could be having a hard time deciding which one to trust in protecting your site. The plugin we will be talking about today is one that will provide you with all the necessary features and increase your site’s security to the highest level. Its name is NinjaFirewall.

What is NinjaFirewall?

NinjaFirewall is a web application firewall know as one of the most powerful firewalls on the market. This firewall will stop any threats even before they reach your site or its plugins. While other security plugins operate “in the back” of your site, NinjaFirewall stands in front of your site, coming face to face with all the attacks and preventing them from getting through to your site.

NinjaFirewall is quite complex and powerful, so it’s not a surprise that some people might find it intimidating to use, especially if they are new at using security plugins. But, a good security plugin/application should be complex since security itself is a complex matter. A small learning curve, in the beginning, shouldn’t be an inconvenience but more as an investment in making your site’s security top-notch.

Although it’s packed with features, this plugin is very lightweight, and when activated, you or your visitors won’t notice a decline in your site’s load speed and performance. The speed, optimization, compactness of this plugin allows it to operate in such a subtle manner.

Besides outperforming other security plugins in speed and efficiency, it also outnumbers them in the number of security features it has, general ones, and unique ones. NinjaFirewall boasts over 300 security rules, which are updated on a daily basis and over 50 firewall policies. The combination of the rules, policies, and NinjaFirewall’s filtering engine creates such a high level of security that even the most skilled hackers will struggle greatly to compromise your site.

Each attack targeted at your site, whether it be brute force or distributed, is instantly detected. Every HTTP/HTTPS request can be hooked, scanned, sanitized, and even rejected if it is seen as malicious by NinjaFirewall’s detection system. The protection provided by NinjaFirewall spans into every directory and subdirectory regardless if it’s part of the WordPress package or not.

All activity recorded on your site will be in the firewall log, and all the error and warning messages on the dashboard.

Structure

NinjaFirewall is composed of three parts, which can communicate with each other.

1. The web application firewall. This part operates before the actual site loads; it intercepts malicious request even before it reaches the site. This is the part that utilizes the 300+ rules and 50+ policies mentioned earlier. It is also the location of the so-called “sensei” or better known as the filtering engine which transforms incoming HTTP request data, detects evasion techniques, hacker obfuscation tactics, and supports and decodes a large number of encodings.
2. Firewall on the WordPress level. This is what will alert you if someone has logged in to the admin dashboard, tried to obtain administrator privileges, and other things worth alarming for.
3. The third part is what modifies and checks the HTTP header and cookies.

Another thing that could be added as a fourth part of the structure, but it is more intended for more advanced users. It is the “.htninja” which allows you to add PHP code in it, that code will be executed before the firewall code itself. Considering this is quite a powerful thing, that is why it is not for novice users.

Features

Powerful filtering engine

We already mentioned this feature briefly in the previous paragraph. This filtering engine is what sets NinjaFirewall apart from other security plugins and what gives it such power. The filter will protect your site’s most commonly targeted vulnerabilities and block threats such as SQL injections, cross-site scripting, remote code execution, and more. It will sanitize and clean all incoming data that might be suspicious before letting the HTTP request through. The engine can also manipulate header and cookie data.

Brute force and distributed attack protection

This type of protection is achieved thanks to the fact that HTTP requests are processed before reaching your site or its plugins. The ability to protect against these types of attacks is a feature unique for NinjaFirewall.

File guard – real-time detection

Another feature unique to NinjaFirewall which detects attempts to access files with recent creation or modification dates.

File integrity monitoring

This feature is also called “file checks” and it looks for any changes in the file content, permissions, ownership, creation, and modification dates. The checks can be done hourly, twice, or once a day.

Live log

With a live log, you can monitor all your site’s traffic, seeing all the connections in real-time. To do this, the live log doesn’t load your WordPress site but communicates with the firewall, so it won’t have any effect on your site’s load times.

Event notifications

When events like admin login, admin account modification, plugin or theme modification, and WordPress update occur on your site, you can be alerted via email. Of course, you can enable or disable these alerts as you please.

Rule updates

Security rules can be updated even on an hourly basis, which is actually the recommended interval. New rules are added as soon as a new threat or fault in WordPress, or its plugins are caught.

Strong privacy

Since NinjaFirewall operates on your server, that means that all the data doesn’t leave your server to go to a third-party one. Also, when you install this plugin, your site’s GDPR compliance won’t be compromised.

IPv6 compatible

Not much needs to be said about this feature except that NinjaFirewall supports both IPv4 and IPv6 for both public and private addresses.

Multisite support

NinjaFirewall can run on a multiple of your sites, giving them an equal amount of protection. Though, only a “super admin” can view the network of sites and its configuration.

Contextual help

A repository of useful how-to-use and configuration information located in the “Help” menu tab.

For your NinjaFirewall to have an extended number of features, maybe consider purchasing the WP+ version of this plugin.

Installation and configuration

Like any other plugin, the NinjaFirewall’s file should be uploaded into the plugin directory of your site, and then activated through the “plugins” menu.

Once the plugin is activated, you should enable the “debugging mode” which won’t block anyone from the site but will alert you about potential threats in the firewall log. This is just a precautionary measure before you properly configure the plugin; it does not activate the full protection provided by the plugin. If you don’t properly configure the plugin, you could block all visitors from reaching your site.

Configuring the plugin is done by enabling and disabling desired policies which are grouped into basic, intermediate, and advanced policies. The administrator is the only user to which the policies won’t apply, and all the policies can be restored in bulk by pressing the “restore default policies” button.

Rules can be enabled or disabled through the “Rules editor” if it’s necessary.

Another thing you can customize is the message the blocked user will receive; you can even present them with a dedicated landing page.

Costs, caveats, etc.

Considering that the plugin is entirely free, if you are looking for a security solution for your WordPress site, give NinjaFirewall a try. It may take a bit to set it up properly. However, with numerous features designated to keep your website safe, it is bound to do a great job of protecting your site.