Login

Is the firewall on your WordPress site providing effective protection? Our new tool will tell you.

Tag Archives: NinjaFirewall

Plugin Security Scorecard Grade for NinjaFirewall

Checked on June 12, 2025
D

See issues causing the plugin to get less than A+ grade

10 Aug 2021

NinjaFirewall and Wordfence Security’s XSS Protection Still Have Publicly Known Bypass Five Years Later

As part of the development of our upcoming firewall plugin for WordPress, we are doing new tests of security plugins to see if they can prevent exploitation of vulnerabilities in WordPress plugins to help us improve on existing firewall plugins’ protections. We are also going back over the results of the similar tests we did back in 2016.

In one of those tests, involving a persistent cross-site scripting (XSS) vulnerability, we found that only two of the plugins we tested, NinjaFirewall and Wordfence Security, provided any protection. What we also found was that it was incredibly easy to bypass the protection they provided. All it took to bypass them was adding a single backslash in the right location and their protection was defeated. That wasn’t a great indication of the quality of those plugins. [Read more]

9 Aug 2021

Existing WordPress Security Plugins Fail to Provide Non-Bypassble Protection Against Easy to Stop WordPress Plugin Vulnerability

When we did testing several years back to see if WordPress security plugins could prevent the exploitation of vulnerabilities in other WordPress plugins, the results were not good. In one test, we found that only two plugins provided any protection, and that protection was easily bypassed. In another, we found only three provided any protection and only one of them had protection that couldn’t be easily bypassed. In another, we found no plugins provided protection despite one of them having supposed to have had protection and we later found that another one that was supposed to have later gained protection also didn’t provide protection.

Based on those results and later testing, what we saw was that there was a place for a firewall plugin as a piece of the security strategy for WordPress websites, but the existing options were not something we could recommend. We couldn’t recommend them not only due to the poor results, but because the developers of the plugins that provided the most protection were not being honest about what the plugins can and cannot accomplish (if you can’t trust a security company then you probably shouldn’t rely on them). That has led to us working on our own firewall plugin, which we plan on releasing soon. [Read more]