Generic filters
Automatic updates Yes
Version 5.290
Updated on
Virus Total See Report

Security Ninja Premium fortifies your WordPress site with advanced, robust features. It performs over 50 security tests, ensuring vulnerabilities are identified, and offers a firewall, malware scanner, and auto-fixer. With regular updates, detailed reports, and 24/7 support, your site remains secure, resilient, and protected against cyber threats. Elevate your site's safety with this indispensable plugin.

How to download Security Ninja Premium

Unlimited Access

Subscribe for only €10.90

Or

Get this product only with unlimited updates

Already included languages : EN

We are not affiliated with Security Ninja Premium nor its developers or owners. Please read the full disclaimer in footer.

HOW IT WORKS

Auto updates with Club WPress plugin

Check how to install and update your WordPress plugins and themes in ONE CLICK directly from your Dashboard.

ClubWordPress Updater Plugin

Core Features of Security Ninja Premium

  • Malware Scanner: Detects and removes malicious code from your website.
  • Firewall Protection: Blocks unauthorized access and protects against hacking attempts.
  • Login Protection: Secures login pages and prevents brute force attacks.
  • Core Scanner: Scans WordPress core files for changes and potential threats.
  • Scheduled Scans: Automates regular security scans to ensure ongoing protection.
  • Vulnerability Scanner: Identifies vulnerabilities in plugins and themes.
  • Security Activity Log: Tracks and logs all security-related activities on your site.
  • Automatic Updates: Keeps your security features up-to-date with the latest patches.
  • IP Blocking: Blocks suspicious IP addresses from accessing your site.
  • Detailed Reports: Provides comprehensive reports on security status and actions taken.
  • Country Blocking: Restricts access from specific countries to enhance security.
  • Database Security: Protects your WordPress database from SQL injection attacks.
  • File Change Detection: Alerts you to unauthorized changes in your files.
  • Security Recommendations: Offers expert advice on improving your site’s security posture.

List of improvements in Security Ninja Premium version 5.290

  • = 5.290 =
  • 2026-06-30 *
  • NEW: 2FA (Pro) Optional mode: enable 2FA without requiring any role; leave all required roles unchecked for opt-in only (with an admin notice when saved).
  • NEW: 2FA (Pro) Users can enable 2FA from their profile (authenticator app or email, when allowed) even if their role is not required.
  • NEW: 2FA (Pro) Admins can allow authenticator app and/or email; users choose their method at login when both are enabled (preference is remembered).
  • IMPROVED: 2FA (Pro) Required roles can be fully unchecked and stay saved (previously Administrator was forced back on).
  • IMPROVED: 2FA (Pro) Grace period “Skip for now” applies only to role-required users who have not voluntarily enrolled.
  • IMPROVED: 2FA (Pro) Grace period can be set to 0 days to enforce setup immediately
  • IMPROVED: CSS on wizard installation.
  • = 5.289 =
  • 2026-06-18
  • FIX: Cloud Firewall (Pro) Visitor log retention (“Keep visitor logs for”) is now enforced by a daily scheduled cleanup task.
  • NEW: Tools (Pro) “Clear visitor log” button to delete all firewall visitor log entries manually.
  • NEW: Setup wizard available for all; first install opens the wizard automatically.
  • IMPROVED: Cloud Firewall – The firewall master switch now consistently controls all firewall enforcement (404 Guard, WooCommerce protection, country rules, and cloud IP blocking). Login Protection (brute-force limits, rename login, 2FA, and related messages) continues to operate independently when the firewall is turned off.
  • FIX: Cloud Firewall Manual whitelist entries for localhost (127.0.0.1 / ::1) now reliably exempt requests from cloud reputation blocks; server cron and WP-CLI traffic is no longer blocked during early firewall checks. Non-public IPs are excluded from cloud blacklist matching.
  • FIX: Cloud Firewall (Pro) Country blocking now blocks the full site when “Only block these countries from login functionality” is OFF, regardless of the “Prevent Banned IPs from Accessing the Site” setting. Previously, country bans could behave like login-only blocks when that IP setting was OFF.
  • IMPROVED: Wizard single Pro overview on Welcome for free users; removed per-step upgrade buttons.
  • IMPROVED: Wizard Events Logger and Vulnerability Scanner activation steps.
  • IMPROVED: Wizard Login protection as dedicated Pro step.
  • IMPROVED: Wizard Pro badges on footer nav for Login, Fixes, and WooCommerce (hidden for licensed Pro users).
  • IMPROVED: Wizard skip wizard from intro; rerun warning only shown after wizard has been completed once.
  • IMPROVED: Wizard Dead code cleanup.
  • REMOVED: WP Pointer “thank you for installing” tour and dashboard welcome banner (replaced by wizard).
  • IMPROVED: Renamed review-notice dismiss nonce for clarity (`wf_sn_dismiss_review`).
  • NEW: Security Tests Quick Filter **Fixable*shows tests with one-click auto-fix available.
  • NEW: Malware Scanner **Whitelist all*button for currently flagged files (with confirmation).
  • FIX: Apply Fix after a fix completes, the test row refreshes automatically (spinner stops, status icon and score update, clear success message).
  • IMPROVED: Tools page unique form IDs and dedicated nonce fields/actions per form (Update Database, Reset 2FA, Legacy cleanup, Import, Secret URL reset).
  • IMPROVED: Cloud Firewall suspicious-query filtering now resolves visitor hostnames only when needed for blocked-hostname rules, with per-IP caching. Thank you Paul.
  • IMPROVED: Cloud Firewall Bundled data lists (ManageWP/UptimeRobot/Uptimia service IPs and the country list) are now stored as JSON data files so security scanners no longer flag them as false positives. Thank you Daryl.
  • REMOVED: Unused MainWP remote actions (run_malware_scan, update_vulnerabilities, force_create_tables); malware runs via run_all_tests, tables created on activation/upgrade.
  • FIX: Scheduled Scanner (Pro) Scheduled scans now self-heal. If the scheduled event goes missing (for example after a long scan times out or a cron/optimization plugin clears it), it is recreated automatically instead of requiring you to re-save settings.
  • FIX: Scheduled Scanner (Pro) Email reports now show the correct status changes. Status labels (Good / Warning / Failed) and the “improvement” vs “security concern” wording are no longer reversed.
  • IMPROVED: Security Tests When a test cannot reach your site (e.g. a connection timeout), it now reports a “Warning / could not verify” result instead of a hard failure, so temporary network hiccups no longer look like new security problems.
  • FIX: 2FA (Pro) After verifying 2FA, the post-login redirect now mirrors WordPress core’s capability handling. Users on roles that cannot access wp-admin are sent to an appropriate page instead of the dashboard (which could bounce them to the front page and appear logged out). Thank you Jason.
  • IMPROVED: Updated bundled dependencies Freemius WordPress SDK (2.13.1 → 2.13.2), phpseclib (2.0.54 → 2.0.55), and PHP Malware Scanner (1.0.30 → 1.0.31).
  • = 5.288 =
  • 2026-06-09
  • FIX: Tools “Reset 2FA” no longer fails with “The link you followed has expired.”; a success notice is shown after reset; confirmation dialog added before resetting all users. Thank you Jason.
  • = 5.287 =
  • 2026-06-02
  • FIX: Change Login URL (Pro) Works when Cloud Firewall is disabled; only “Change login URL” and the slug need to be enabled under Login Protection.
  • FIX: Change Login URL (Pro) `/your-slug/` login URLs work even when permalinks are Plain (fixes 404 when the Preview link used a path-style URL).
  • FIX: Change Login URL (Pro) Reliable path matching for subdirectory installs; fallback serves login if WordPress resolved the request as a 404.
  • FIX: Change Login URL (Pro) wp-admin blocking applies to `/wp-admin` with or without a trailing slash.
  • IMPROVED: Change Login URL (Pro) Admin Preview shows the same URL the plugin uses (`?slug` on Plain permalinks, `/slug/` otherwise).
  • = 5.286 =
  • 2026-06-01
  • NEW: MainWP integration child sites accept allowlisted Security Ninja settings updates from the Security Ninja for MainWP extension (`update_settings` remote action; changed keys only).
...
>

Join Club WPress Now !

Get access to 19595 products for only €10,90 per month.

JOIN NOW

Reviews