Everyone remembers the first time they get hacked.
For me, it was a few years back. I loaded up one of my sites to see a pirate ship and bright neon text saying, “HaCKed bY piRateZ.”
I was lucky. I had site backups and I was able to restore it to an earlier version. But for some people, getting hacked means losing everything. Imagine if you had to start your whole website from scratch!
Security Ninja is a handy plugin that helps detect any holes or weaknesses in your website.
I’ve been using the plugin to keep track of any security problems, and it’s a powerful tool. It runs a security scan in less than a minute and highlights any gaps that hackers might exploit. Best of all, it tells me how to fix them.
I’ve always built websites on WordPress, but security still worries me. After all, the huge user base and open-source technology makes it vulnerable to attack. It’s particularly vulnerable if you’re running old themes, old plugins and out-of-date software. (In fact, here is a list of hacked, dangerous & vulnerable WordPress plugins that you may want to avoid! Unless it is something pre-tuned by your host provider it is better to stay away.)
Don’t get me wrong, the WordPress team do a good job of keeping the backend tight, but it doesn’t hurt to take a few extra precautions.
For me, that extra precaution is Security Ninja. It’s been around for three years and the team constantly update it to detect new security threats.
Getting your hands on the free version of Security Ninja is as simple as downloading the plugin on WordPress.
The plugin is lightweight, so it doesn’t weigh heavily on my website load speed. In fact, it didn’t have any impact at all when I tested it, which is a big deal for me. (In case you didn’t notice, I’m obsessed with speed!)
Once it’s installed, I just hit the ‘run tests’ button, and it gets to work. The scan take about one minute, and Security Ninja tests more than 40 potential threats.
Some of the tests are simple and straightforward (have I updated all my plugins and software?) Others are much more complicated (Apache and PHP tests, for example). The system also runs a ‘brute-force’ test on my passwords to check they’re strong enough to withstand hacking.
Here’s a more comprehensive list of tests the plugin runs:
My favourite feature of Security Ninja is how it displays the results. As you can see from the screenshot, it color-codes the results and lists every potential threat in red.
Click on it, and it shows me how to fix the problem. It tells me how to clean up some sketchy code or which parts to delete entirely.
The plugin works with any WordPress theme and doesn’t get in the way of any other plugins. It’s worth pointing out that it doesn’t change anything in the code either. Even though it’s poking around and highlighting vulnerable code, it doesn’t tweak or change anything until you tell it to.
In other words, it won’t accidentally break your site!
On top of the free plugin, Security Ninja has a handful of pro features available at an extra cost.
Is it worth paying the extra? Well, it depends on how much functionality you want. The pro versions come with four extra security features:
The cheapest pro package starts at $39 and works on just one website. You get a year of updates and access to all four of the pro features listed above. You also get premium support in case anything goes wrong.
The multi-site package costs $79 and can be used on 99 websites. The top package costs $199, but it can be used on 99 sites and your client’s websites – so it’s ideal if you’re a developer or designer. With the top package you also get lifetime updates.
To ensure even safer WordPress, do make sure your hosting environment is tightly secured. Check out our preferred managed WordPress hosting for better guarded security.
Security Ninja has helped me tighten up the security of my websites, and alerted me to some holes I would never have found on my own. I’d recommend it to all website owners, especially if you don’t like to bother with the technical stuff! It’s simple, easy, and fast.
Any downsides? Well, it’s worth noting that Security Ninja doesn’t guarantee protection from attackers. It’s not a bulletproof shield. It just highlights the weaknesses in your website, and prompts you to fix them. However, the guys at Security Ninja tell me they’re working on a future version that will automatically fix any problems and keep your site safe with auto-updates and fixes.
Try the free version for yourself by downloading the plugin. Let me know if you’re using Security Ninja or if you have any questions about WordPress security in general!