WP-Safety

Security Ninja – WordPress Security Plugin & Firewall Security & Risk Analysis

wordpress.org/plugins/security-ninja

WordPress security plugin with free basic firewall/WAF, vulnerability scanning, and 50+ core integrity checks.

7K active installs v5.272 PHP 7.4+ WP 4.7+ Updated Mar 4, 2026
firewallmalwaresecurityvulnerabilitywaf
99
A · Safe
CVEs total1
Unpatched0
Last CVEJul 23, 2025
Plugin page Download
Safety Verdict

Is Security Ninja – WordPress Security Plugin & Firewall Safe to Use in 2026?

Generally Safe

Score 99/100

Security Ninja – WordPress Security Plugin & Firewall has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 23, 2025Updated 1mo ago
Risk Assessment

The Security Ninja plugin exhibits a mixed security posture. While it demonstrates several good security practices, such as a high percentage of prepared SQL statements and properly escaped output, significant concerns remain. The presence of two AJAX handlers without authentication checks represents a direct attack vector that could be exploited by unauthenticated users. The use of the `proc_open` function, a potentially dangerous function, warrants careful scrutiny to ensure it is not being used in a way that could lead to code execution vulnerabilities. The plugin's vulnerability history, while currently showing no unpatched CVEs, does indicate a past medium-severity vulnerability related to Absolute Path Traversal, suggesting that robust path handling and sanitization remain important areas of focus. Overall, the plugin has strengths in code sanitization but needs to address its unprotected entry points and the responsible use of dangerous functions.

Key Concerns

  • Unprotected AJAX handlers
  • Use of dangerous function 'proc_open'
  • Medium severity vulnerability in history
Vulnerabilities
1

Security Ninja – WordPress Security Plugin & Firewall Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-8009medium · 4.9Absolute Path Traversal

Security Ninja – Secure Firewall & Secure Malware Scanner - 5.201 - 5.242 - Authenticated (Administrator+) Arbitrary File Read

Jul 23, 2025 Patched in 5.243 (1d)
Code Analysis
Analyzed Mar 16, 2026

Security Ninja – WordPress Security Plugin & Firewall Code Analysis

Dangerous Functions
2
Raw SQL Queries
13
44 prepared
Unescaped Output
116
801 escaped
Nonce Checks
29
Capability Checks
29
File Operations
11
External Requests
22
Bundled Libraries
3

Dangerous Functions Found

proc_open$process = @proc_open( 'bash -c "echo Test"', $desc, $pipes, null, $env );class-wf-sn-tests.php:2659
proc_open$process = @proc_open( "rm -f echo; env 'x=() { (a)=>\' bash -c \"echo date +%Y\"; cat echo", $desc,class-wf-sn-tests.php:2713

Bundled Libraries

Select2DataTablesFreemius1.0

SQL Query Safety

77% prepared57 total queries

Output Escaping

87% escaped917 total outputs
Data Flows
All sanitized

Data Flow Analysis

10 flows
<cloud-firewall> (modules\cloud-firewall\cloud-firewall.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Security Ninja – WordPress Security Plugin & Firewall Attack Surface

Entry Points22
Unprotected2

AJAX Handlers 22

authwp_ajax_sn_enable_firewallmodules\cloud-firewall\cloud-firewall.php:47
authwp_ajax_sn_disable_firewallmodules\cloud-firewall\cloud-firewall.php:48
authwp_ajax_sn_test_ipmodules\cloud-firewall\cloud-firewall.php:49
authwp_ajax_sn_clear_blacklistmodules\cloud-firewall\cloud-firewall.php:50
authwp_ajax_sn_send_unblock_emailmodules\cloud-firewall\cloud-firewall.php:51
authwp_ajax_sn_core_get_file_sourcemodules\core-scanner\core-scanner.php:66
authwp_ajax_sn_core_delete_file_domodules\core-scanner\core-scanner.php:67
authwp_ajax_sn_core_restore_file_domodules\core-scanner\core-scanner.php:68
authwp_ajax_sn_core_run_scanmodules\core-scanner\core-scanner.php:69
authwp_ajax_sn_core_get_cached_resultsmodules\core-scanner\core-scanner.php:70
authwp_ajax_sn_core_delete_all_unknownsmodules\core-scanner\core-scanner.php:71
authwp_ajax_get_events_datamodules\events-logger\events-logger.php:30
authwp_ajax_get_events_actionsmodules\events-logger\events-logger.php:31
authwp_ajax_sn_el_truncate_logmodules\events-logger\events-logger.php:46
authwp_ajax_secnin_manual_vuln_scanmodules\vulnerabilities\class-wf-sn-vu.php:42
noprivwp_ajax_secnin_manual_vuln_scanmodules\vulnerabilities\class-wf-sn-vu.php:43
authwp_ajax_secnin_download_all_vuln_filesmodules\vulnerabilities\class-wf-sn-vu.php:212
authwp_ajax_sn_run_single_testsecurity-ninja.php:235
authwp_ajax_sn_get_single_test_detailssecurity-ninja.php:236
authwp_ajax_sn_run_testssecurity-ninja.php:237
authwp_ajax_sn_reset_secret_urlsecurity-ninja.php:238
authwp_ajax_wf_sn_dismiss_reviewsecurity-ninja.php:240
WordPress Hooks 80
actionadmin_noticesincludes\class-wf-sn-utils.php:309
actionwoocommerce_geoip_updatermodules\cloud-firewall\class-sn-geolocation.php:86
actiontemplate_redirectmodules\cloud-firewall\cloud-firewall.php:29
actionlogin_headmodules\cloud-firewall\cloud-firewall.php:30
actioninitmodules\cloud-firewall\cloud-firewall.php:32
actionwp_loginmodules\cloud-firewall\cloud-firewall.php:34
actionwp_login_failedmodules\cloud-firewall\cloud-firewall.php:40
filtersn_tabsmodules\cloud-firewall\cloud-firewall.php:43
actionadmin_initmodules\cloud-firewall\cloud-firewall.php:45
actionadmin_enqueue_scriptsmodules\cloud-firewall\cloud-firewall.php:53
actionplugins_loadedmodules\cloud-firewall\cloud-firewall.php:3906
actionsecnin_run_core_scannermodules\core-scanner\core-scanner.php:60
actioninitmodules\core-scanner\core-scanner.php:61
actionadmin_post_sn_core_scan_reportmodules\core-scanner\core-scanner.php:62
filtersn_tabsmodules\core-scanner\core-scanner.php:64
actionadmin_enqueue_scriptsmodules\core-scanner\core-scanner.php:65
actionplugins_loadedmodules\core-scanner\core-scanner.php:1311
actionwp_dashboard_setupmodules\dashboard-widget\class-wf-sn-dashboard-widget.php:29
actionadmin_enqueue_scriptsmodules\dashboard-widget\class-wf-sn-dashboard-widget.php:30
actionupgrader_process_completemodules\dashboard-widget\class-wf-sn-dashboard-widget.php:32
actionwp_update_themesmodules\dashboard-widget\class-wf-sn-dashboard-widget.php:38
actionwp_update_pluginsmodules\dashboard-widget\class-wf-sn-dashboard-widget.php:39
actionadmin_initmodules\events-logger\events-logger.php:29
actionuser_registermodules\events-logger\events-logger.php:33
actionsecnin_check_direct_admin_creationmodules\events-logger\events-logger.php:38
filtersn_tabsmodules\events-logger\events-logger.php:44
actionadmin_enqueue_scriptsmodules\events-logger\events-logger.php:45
actionsecnin_prune_logs_cronmodules\events-logger\events-logger.php:47
actionallmodules\events-logger\events-logger.php:49
filterrest_authentication_errorsmodules\events-logger\events-logger.php:58
filterdetermine_current_usermodules\events-logger\events-logger.php:59
filterrest_pre_dispatchmodules\events-logger\events-logger.php:60
filterrest_post_dispatchmodules\events-logger\events-logger.php:66
filterwp_mail_content_typemodules\events-logger\events-logger.php:271
filterwp_mail_content_typemodules\events-logger\events-logger.php:1266
actionplugins_loadedmodules\events-logger\events-logger.php:2043
actionadmin_menumodules\file-viewer\class-secnin-file-viewer.php:47
actionadmin_post_sn_view_filemodules\file-viewer\class-secnin-file-viewer.php:48
actionadmin_headmodules\file-viewer\class-secnin-file-viewer.php:49
actionafter_setup_thememodules\file-viewer\class-secnin-file-viewer.php:50
filtershow_admin_barmodules\file-viewer\class-secnin-file-viewer.php:83
actionadmin_initmodules\vulnerabilities\class-wf-sn-vu.php:27
filtersn_tabsmodules\vulnerabilities\class-wf-sn-vu.php:28
actionadmin_noticesmodules\vulnerabilities\class-wf-sn-vu.php:29
actioninitmodules\vulnerabilities\class-wf-sn-vu.php:30
actionsecnin_update_vuln_listmodules\vulnerabilities\class-wf-sn-vu.php:31
actionsecnin_daily_vulnerability_warning_checkmodules\vulnerabilities\class-wf-sn-vu.php:32
actionupgrader_process_completemodules\vulnerabilities\class-wf-sn-vu.php:33
actiondelete_thememodules\vulnerabilities\class-wf-sn-vu.php:39
actiondelete_pluginmodules\vulnerabilities\class-wf-sn-vu.php:40
actionadmin_enqueue_scriptsmodules\vulnerabilities\class-wf-sn-vu.php:45
filterwp_mail_content_typemodules\vulnerabilities\class-wf-sn-vu.php:972
actionplugins_loadedmodules\vulnerabilities\class-wf-sn-vu.php:2606
actionadmin_initsecurity-ninja.php:184
filtermainwp_child_extra_executionsecurity-ninja.php:190
filtermainwp_site_sync_others_datasecurity-ninja.php:196
actionsecnin_run_tests_eventsecurity-ninja.php:202
filterpermission_listsecurity-ninja.php:207
filtershow_admin_noticesecurity-ninja.php:208
filtercheckout/parameterssecurity-ninja.php:214
actionadmin_initsecurity-ninja.php:215
filterplugin_iconsecurity-ninja.php:216
filtersn_tabssecurity-ninja.php:218
actionadmin_menusecurity-ninja.php:224
actionactivated_pluginsecurity-ninja.php:225
actionadmin_enqueue_scriptssecurity-ninja.php:231
actionadmin_initsecurity-ninja.php:232
actionadmin_initsecurity-ninja.php:233
actionadmin_initsecurity-ninja.php:234
actionadmin_noticessecurity-ninja.php:239
actionadmin_footersecurity-ninja.php:241
actionsecnin_signup_to_newslettersecurity-ninja.php:242
filtermanage_users_columnssecurity-ninja.php:243
filtermanage_users_custom_columnsecurity-ninja.php:244
actionadmin_noticessecurity-ninja.php:354
actionadmin_print_footer_scriptssecurity-ninja.php:625
actioninitsecurity-ninja.php:1888
actioninitsecurity-ninja.php:1889
actionwpmu_new_blogsecurity-ninja.php:1892
actionwp_insert_sitesecurity-ninja.php:1893

Scheduled Events 9

secnin_run_core_scanner
secnin_check_direct_admin_creation
secnin_prune_logs_cron
secnin_daily_vulnerability_warning_check
secnin_update_vuln_list
secnin_update_vuln_list
secnin_update_vuln_list
secnin_update_vuln_list
secnin_update_vuln_list
Maintenance & Trust

Security Ninja – WordPress Security Plugin & Firewall Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 4, 2026
PHP min version7.4
Downloads846K

Community Trust

Rating92/100
Number of ratings99
Active installs7K
Alternatives

Security Ninja – WordPress Security Plugin & Firewall Alternatives

Login Security, FireWall, Malware removal by CleanTalk

Login Security, FireWall, Malware removal by CleanTalk

security-malware-firewall

A
86

Brute force, Login security & Two Factor Auth (2FA). Limit login. Malware & Vulnerabilities scan. FireWall. Enterprise ready security plugin.

30K 5 CVEs
BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security

BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security

bitfire

A
99

Real-time firewall that stops bots, malware, and hackers with real AI, file protection, and traffic analytics without slowing down your site

300 1 CVE
Atomic Edge Security

Atomic Edge Security

atomic-edge-security

A
100

Connect your WordPress site to Atomic Edge for enterprise-grade WAF protection, real-time analytics, and advanced security tools.

0 No CVEs
Wordfence Security – Firewall, Malware Scan, and Login Security

Wordfence Security – Firewall, Malware Scan, and Login Security

wordfence

A
96

Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.

5.0M 12 CVEs
All-In-One Security (AIOS) – Security and Firewall

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

A
93

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs
Developer Profile

Security Ninja – WordPress Security Plugin & Firewall Developer Profile

cleverplugins

3 plugins · 17K total installs

66
trust score
Avg Security Score
82/100
Avg Patch Time
269 days
View full developer profile
Detection Fingerprints

How We Detect Security Ninja – WordPress Security Plugin & Firewall

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/security-ninja/assets/css/animate.min.css/wp-content/plugins/security-ninja/assets/css/bootstrap-theme.min.css/wp-content/plugins/security-ninja/assets/css/bootstrap.min.css/wp-content/plugins/security-ninja/assets/css/flag-icon.min.css/wp-content/plugins/security-ninja/assets/css/font-awesome.min.css/wp-content/plugins/security-ninja/assets/css/jquery.dataTables.min.css/wp-content/plugins/security-ninja/assets/css/jquery.jscrollpane.css/wp-content/plugins/security-ninja/assets/css/jquery.mCustomScrollbar.css+19 more
Script Paths
/wp-content/plugins/security-ninja/assets/js/script.js/wp-content/plugins/security-ninja/modules/cloud-firewall/assets/js/script.js/wp-content/plugins/security-ninja/modules/overview/assets/js/script.js/wp-content/plugins/security-ninja/modules/vulnerabilities/assets/js/script.js
Version Parameters
security-ninja/style.css?ver=security-ninja/assets/css/bootstrap.min.css?ver=security-ninja/assets/css/style.css?ver=security-ninja/assets/js/bootstrap.min.js?ver=security-ninja/assets/js/script.js?ver=security-ninja/modules/cloud-firewall/assets/js/script.js?ver=security-ninja/modules/overview/assets/js/script.js?ver=security-ninja/modules/vulnerabilities/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
sn-btnsn-btn-lgsn-btn-secondarysn-btn-primarysn-tablesn-table-stripedsn-table-borderedsn-wizard-step+3 more
HTML Comments
<!-- Security Ninja settings--><!-- Security Ninja Dashboard Widget --><!-- Security Ninja Core Scanner --><!-- Security Ninja Cloud Firewall -->+1 more
Data Attributes
data-wizard-current-stepdata-tabdata-actiondata-nonce
JS Globals
security_ninja_ajax_objectsn_vars
REST Endpoints
/wp-json/security-ninja/v1/scan/wp-json/security-ninja/v1/settings
FAQ

Frequently Asked Questions about Security Ninja – WordPress Security Plugin & Firewall