Security Ninja – WordPress Security & Firewall
WordPress security plugin with free basic firewall/WAF, vulnerability and core scanning, and 50+ core integrity checks.
4.6(99 reviews)
·7.0K+ active installs·Updated 1 week agoAs of April 2026, Security Ninja is a WordPress WAF plugin with 7.0K+ active installations and a 4.6/5 rating from 99 reviews. It has been downloaded 852K+ times in total. Requires WordPress 4.7+ and PHP 7.4+. Available on WordPress.org since 2016. Actively maintained — updated within the last month. Downloads are up 351% this week. Support resolution rate: 50%. Top alternative: CloudSecure WP Security.
4.6/599 reviews
7.0K+active installs
50%resolved
10 yearssince 2016
Overview
Security Ninja is a lightweight WordPress security plugin that helps protect your site from common attacks and security mistakes — without turning your dashboard into a cockpit.
Free includes a basic Web Application Firewall (WAF) (based on the 8G ruleset) to block common malicious requests, plus 50+ security checks, a full vulnerability scanner, and a core integrity scanner to spot risky settings and unexpected file changes.
Upgrade to Pro if you need deeper protection like advanced malware scanning/cleanup, stronger WAF controls (e.g. country blocking), and more automation/alerting.
This plugin can be downloaded for free without any paid subscription from the official WordPress repository.
Why Security Ninja
Included for free
– Basic Firewall (8G-based) – Blocks common malicious r…
Ratings & Reviews
4.699 reviews
5 ★
89
4 ★
1
3 ★
0
2 ★
2
1 ★
7
Recent Reviews
Amazingly user-friendly security plugin
by joshuarbeal·2 months ago
Thank you, Security Ninja! Your plugin is easy to use, provides clear reports of activity, and includes built-in tools that make security a lightweight task. I look forward to incorporating this into future websites.
Devenu payant
by nadeistos·7 months ago·1 reply
Pas le choix que de payer… et très cher pour ce que ca apporte ! tant pis, ca sera sans moi
A good plugin to check your security settings with
by josflachs·8 months ago
I like security ninja, and use it on all my sites to check security. It’s really great!
The nice thing about this plugin is that it gives you a report of all security settings that need to be improved, and (this is where it stands out) gives you a detailed explanation how to do that.
I rate it one star because of the irritating nag screens.
- This topic was modified 8 months, 1 week ago by josflachs.
- This topic was modified 8 months, 1 week ago by josflachs.
- This topic was modified 8 months, 1 week ago by josflachs.
- This topic was modified 8 months, 1 week ago by josflachs.
- This topic was modified 8 months, 1 week ago by josflachs.
- This topic was modified 8 months, 1 week ago by josflachs.
- This topic was modified 8 months, 1 week ago by josflachs.
- This topic was modified 8 months, 1 week ago by josflachs.
Force you to go through licensing for freeware update
by traqbar·10 months ago·1 reply
I have been using it for a while to occasionally check out security. But then the latest update is forcing you to bgo through a licensing system. Totally not what is expected with WordPress plugins – it is expected you have a choice to upgrade to premium through an external website. Now they interrupt the plugin updating system. It has already been annoying with the licensing system they use, but just about bearable. Now it is too far down the plughole and will be removed, it is hyper-aggressive and very uncomfortable to have around.
Free version is useless
by skylabb·1 year ago·4 replies
The only thing you can run is “Test your website security” which tells you where the vulnerabilities are. My site is hacked and want to find where the malware is,
Download Trends
Today: 113Yesterday: 118This week: 3KPeriod total: 98K
Compatibility
| WordPress | 4.7+ requiredTested up to 6.9.4 |
| PHP | 7.4+ required |
Version Adoption
Other
43.4%
v5.235
24.5%
v5.276
13.8%
v5.244
11.0%
v5.261
7.4%
Top Alternatives to Security Ninja – WordPress Security &…
Frequently Asked Questions
Changelog
5.276
- 2026-03-27
- Maintenance release – Minor improvements and stability.
- FIX: Security Fixes — Saving the Fixes screen now applies wp-config changes only when toggles are ON: disable file editor, disable WP_DEBUG, and secure session cookies. Previously, always-present form keys made the “on” paths run even when options were OFF, which could append duplicate
define()lines and trigger PHP notices (thanks Masahiro Kasahara for the report).update_definealso skips appending a constant that is already defined (e.g. set from an included file). - Setup wizard – Fixed errors in the wizard and made a few small improvements.
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.