WordPress Security: Can Security Ninja Keep Your Site Safe?

There aren’t many WordPress users who don’t understand the importance of security.

However, that understanding does not always lead to action. All too often, people only take steps to boost the security of their WordPress site after they have been victims of a breach — at which point, the damage has already been done.

With that in mind, I welcome any plugin that can make the process of securing your WordPress website more straightforward. Security Ninja is one such plugin, and in this article, I want to demonstrate how you can use it to make your site far more secure than most.

Purchase Security Ninja

What WordPress Security Means For You

WordPress is a truly awesome content management system. However, its enormous popularity makes it a prime target for hackers. Any weakness they uncover in the core files can be used to potentially exploit an astonishing number of sites. This was perhaps most infamously demonstrated by the TimThumb debacle last year.

Today, you can still find plenty of WordPress sites that are vulnerable to exploit via outdated themes that still include the TimThumb security flaw. That in itself highlights one of the major reasons for security breaches on WordPress sites — outdated code.

The fact is that the WordPress development team do a great job of keeping the core code resilient. If you keep the WordPress core, themes and plugins up to date, and only use products developed by reputable developers, you will have done more than most to keep your site safe.

Furthermore, if you take what is a relatively minuscule amount of time to make your site more secure than the vast majority, you will no longer be classified as “low-hanging fruit” by hackers. After all, why should they bother hacking your site when there are so many more vulnerable victims available?

And that is where Security Ninja comes in. It highlights the most important steps you should take in securing your WordPress site, and explains exactly what you need to do. For someone looking to make their WordPress site more secure, it is the perfect solution.

Using Security Ninja

Once you have installed the plugin, you can access it via the Tools link in your sidebar:

Security Ninja

When you access the plugin for the first time, you will need to run a security test so that the plugin can analyze the strengths and weaknesses particular to your site:

Security Ninja

This process shouldn’t take any longer than a minute or so. Once the tests have been completed, you will be presented with its findings — based upon 27 different security considerations.

Here’s an example of a few test results carried out on my blog:

Security Ninja

As you can see, the status of each test is marked. The issues run from absolutely basic (keep your themes and plugins up to date), to more advanced (a check to see if the upgrade.php file is accessible via HTTP at the default location).

For each “Bad” result, you should click on the “Details, tips & help” button to the right. This will direct you to advice pertaining to the specific issue:

Security Ninja Analysis

Carrying out the changes requires limited technical knowledge — for the most part, you will only need to add code snippets to your functions.php files, edit theme files (which you should do via a child theme), or make changes via FTP. As a WordPress blogger, these are simple tasks that you should be able to complete anyway.

What I love about Security Ninja is that it doesn’t try to do too much. Its focus is on scanning for vulnerabilities and presenting solutions — it doesn’t include a bloated mess of security features. It leaves you to make the choice as to which security features you put in place. And because you do so via tiny code snippets and other similarly subtle changes, the security improvements you make are likely to have no discernible impact on your site’s load time.

In a nutshell, Security Ninja is like having a set of invaluable WordPress security tutorials, specific to your site’s unique weaknesses, at your fingertips.

What Security Ninja Can’t Do

Security NinjaThere is one important point to raise when dealing with any security plugin — Security Ninja cannot guarantee the safety of your site. It can make your site far more difficult to hack, but there is no such thing as an impregnable website. In theory, any code that is legitimately accessible from a remote location can also be hacked from a remote location. In fairness to the developers of Security Ninja, they go out of their way in making this absolutely clear in a disclaimer within the test screen.

Having said that, scanning your site with Security Ninja and actioning the recommended improvements will increase the security of your site by a huge margin. As such, the likelihood of you being victim of a malicious attack is reduced considerably.

Purchase Security Ninja
Tom Ewer
Post Author: Tom Ewer

Tom Ewer is a professional blogger, longtime WordPress enthusiast and the founder of WordCandy.

Disclosure: This page contains external affiliate links that may result in us receiving a comission if you choose to purchase said product. The opinions on this page are our own. We do not receive payment for positive reviews.
Got something to say? Join the discussion.
  1. what are your thoughts on the php snippets plugin that you suggest. I'm sure you know more about this than I do, which is why I am asking. Having eval() in the code along with storing php code in the database seems like a rather dangerous practice. Am I wrong?
    • AJ Clarke | WPExplorer says:
      AJ Clarke | WPExplorer
      We were actually linking to the wrong plugin (I just updated the post). You should have a look at Code It With WP - that plugin basically just lets you add functions just like you would to your functions.php file. I am really not sure if it would cause any more issues, haven't really seen anything about that. But if it's concerning to you, you can of course always add any functions directly to your theme or child theme so you can sleep like a baby ;)
      Admin
      • I understand what the plugin does. I was simply asking if we are taking rather dangerous steps by allowing php code to be saved in the database via that plugin. If I understand correctly, on every other form that accepts data to the database, there 'should be complete sanitization to protect the database from code inserts. Is this plugin explicitly breaking that rule? Only asking as I know you are probably much more aware of proper coding standards and security than I am.
      • Ahh nevermind. I see the plugin you are now linking to is doing it the right way. It is NOT saving the php code directly to the database like the other plugin was...
      • AJ Clarke | WPExplorer says:
        AJ Clarke | WPExplorer
        Yes, correct ;) The original link was to the wrong plugin. The new plugin we are linking to is much better! You were definitely correct about it before - thanks for bringing it to our attention Shawn!
        Admin
  2. Danny Jones says:
    Iv been a user of Bulletproof Security Pro myself and would highly recommend it to anyone.
  3. Larry Spiler says:
    Hi Tom. It's been quite some time since you wrote this article. I ran into a problem trying to click on the "Custom Snippets Plugin!" Instead of getting its home page or page on the WP Plugins Repository, it came back with a GoDaddy page indicating that the domain for the plugin is now parked. Does this mean the plugin has been retired? If so, what would you suggest as an alternative? Thanks. By the way, you've got a new convert. Your content is great! Thank you for that.
    • AJ Clarke | WPExplorer says:
      AJ Clarke | WPExplorer
      Hey Larry, It does seem the plugin might not be available any more. I tried looking for a really good alternative and couldn't find one. You can always add the snippets in your functions.php file ;)
      Admin
    • Lauren Ladra says:
      Hi Larry and Tom, I came across this article, and thought you both may be interested in checking out the McAfee SECURE plugin for WP: https://wordpress.org/plugins/mcafee-secure/. The McAfee SECURE service scans sites for malware and malicious links and makes sure a site is not Google blacklisted, a phishing site, or a compromised site. The website owner is notified of any vulnerabilities and the McAfee SECURE trustmark will not appear on the site if those vulnerabilities have not been resolved. If the site is scanned and is secure, the McAfee SECURE trustmark will display on the site, letting visitors know the site is safe to engage with. The plugin is free for WP sites and also has a Pro version with additional trust-building features.

Leave a Reply