Everyone remembers the first time they get hacked.
For me, it was a few years back. I loaded up one of my sites to see a pirate ship and bright neon text saying, “HaCKed bY piRateZ.”
I was lucky. I had site backups and I was able to restore it to an earlier version. But for some people, getting hacked means losing everything. Imagine if you had to start your whole website from scratch!
Enter Security Ninja
Security Ninja is a handy plugin that helps detect any holes or weaknesses in your website.
I’ve been using the plugin to keep track of any security problems, and it’s a powerful tool. It runs a security scan in less than a minute and highlights any gaps that hackers might exploit. Best of all, it tells me how to fix them.
I’ve always built websites on WordPress, but security still worries me. After all, the huge user base and open-source technology makes it vulnerable to attack. It’s particularly vulnerable if you’re running old themes, old plugins and out-of-date software. (In fact, here is a list of hacked, dangerous & vulnerable WordPress plugins that you may want to avoid! Unless it is something pre-tuned by your host provider it is better to stay away.)
Don’t get me wrong, the WordPress team do a good job of keeping the backend tight, but it doesn’t hurt to take a few extra precautions.
For me, that extra precaution is Security Ninja. It’s been around for three years and the team constantly update it to detect new security threats.
Here’s How It Works
Getting your hands on the free version of Security Ninja is as simple as downloading the plugin on WordPress.
The plugin is lightweight, so it doesn’t weigh heavily on my website load speed. In fact, it didn’t have any impact at all when I tested it, which is a big deal for me. (In case you didn’t notice, I’m obsessed with speed!)
Once it’s installed, I just hit the ‘run tests’ button, and it gets to work. The scan take about one minute, and Security Ninja tests more than 40 potential threats.
Some of the tests are simple and straightforward (have I updated all my plugins and software?) Others are much more complicated (Apache and PHP tests, for example). The system also runs a ‘brute-force’ test on my passwords to check they’re strong enough to withstand hacking.
Here’s a more comprehensive list of tests the plugin runs:
- numerous installation parameters tests
- file permissions
- version hiding
- 0-day exploits tests
- debug and auto-update modes tests
- database configuration tests
- WP options tests
My favourite feature of Security Ninja is how it displays the results. As you can see from the screenshot, it color-codes the results and lists every potential threat in red.
Click on it, and it shows me how to fix the problem. It tells me how to clean up some sketchy code or which parts to delete entirely.
The plugin works with any WordPress theme and doesn’t get in the way of any other plugins. It’s worth pointing out that it doesn’t change anything in the code either. Even though it’s poking around and highlighting vulnerable code, it doesn’t tweak or change anything until you tell it to.
In other words, it won’t accidentally break your site!
What About the Pro Options?
On top of the free plugin, Security Ninja has a handful of pro features available at an extra cost.
Is it worth paying the extra? Well, it depends on how much functionality you want. The pro versions come with four extra security features:
- Core Scanner
The core scanner tests all the code in your core WordPress files. In other words, it goes deeper into your website’s architecture to look for signs of danger. It picks out all the files that have been modified. (Some WordPress files are supposed to be modified, but many aren’t, and could mean a hacker has tried to get access).
- Malware Scanner
The Malware Scanner specifically looks for malicious code in the core files. Security Ninja also alerts me to code that could use a cleanup, even if it’s not yet infected. Nice.
- Scheduled Scanner
The Scheduled Scanner is super useful, because I can program it to run tests at regular intervals. In other words, I don’t have to remember to hit the ‘run test’ button myself. Now, the plugin automatically checks my site once a day and sends me an email update.
- Events Logger
The Events Logger tracks every event on my website. If there are any suspicious changes or events that aren’t activated by me or one of my authorized contributors, I’ll know someone else is trying to access the site. Security Ninja emails me a full report and logs the data for as long as I tell it to.
The cheapest pro package starts at $39 and works on just one website. You get a year of updates and access to all four of the pro features listed above. You also get premium support in case anything goes wrong.
The multi-site package costs $79 and can be used on 99 websites. The top package costs $199, but it can be used on 99 sites and your client’s websites – so it’s ideal if you’re a developer or designer. With the top package you also get lifetime updates.
To ensure even safer WordPress, do make sure your hosting environment is tightly secured. Check out our preferred managed WordPress hosting for better guarded security.
Security Ninja has helped me tighten up the security of my websites, and alerted me to some holes I would never have found on my own. I’d recommend it to all website owners, especially if you don’t like to bother with the technical stuff! It’s simple, easy, and fast.
Any downsides? Well, it’s worth noting that Security Ninja doesn’t guarantee protection from attackers. It’s not a bulletproof shield. It just highlights the weaknesses in your website, and prompts you to fix them. However, the guys at Security Ninja tell me they’re working on a future version that will automatically fix any problems and keep your site safe with auto-updates and fixes.
Try the free version for yourself by downloading the plugin. Let me know if you’re using Security Ninja or if you have any questions about WordPress security in general!