Table of contents

Syslog logging with NinjaFirewall.

NinjaFirewall WP+ (3.5.4), Pro and Pro+ (3.2.12) introduce a long awaited feature, Syslog logging: Syslog is a way for network... »

NinTechNet changelog.

This is the global changelog for all our products and services. For more details, please refer to corresponding release notes (e.g., readme.txt... »

NinjaFirewall PHP sessions debugging.

NinjaFirewall (WP and WP+ Edition) v3.4.3 introduces two new constants to help you debug potential PHP session issues such as whitelisted users... »

Impedance mismatch: a hacker's best friend.

A security application, such as a Web Application Firewall or an Anti-Virus, can be vulnerable to impedance mismatch attacks if it interprets traffic and... »

NinjaFirewall Full WAF vs WordPress WAF modes.

Since version 3.4, NinjaFirewall (WP and WP+) can be installed in two different modes: Full WAF or WordPress WAF. Full WAF mode In... »

Hackers targeting web hosts customer accounts.

Companies such as web hosts, registrars and CDNs have become a prime target for hackers. Because they host your DNS, hackers can alter them... »

Arbitrary file upload vulnerability in WordPress Delete-All-Comments plugin.

On November 20th, while auditing a hacked WordPress website, we identified a critical vulnerability in the Delete All Comments WordPress plugin v2.0, which... »

Latest Joomla! critical vulnerability being actively exploited in the wild.

Joomla! 3.6.4 was released on October 25. It fixed three critical vulnerabilities: CVE-2016-8869, CVE-2016-8870 and CVE-2016-9081. The third one was discovered two... »

Centralized logging with NinjaFirewall.

Users of the premium WP+ and Pro+ Edition of our web application firewall, NinjaFirewall, can remotely access the firewall log of all their NinjaFirewall... »

Blocking a WordPress XML-RPC attack with the Linux kernel firewall.Featured post

One of our customers faced a large attack against his WordPress blog xmlrpc.php script. When I connected to his server, the CPU load... »

Adding your own signatures to NinjaFirewall Anti-Malware.

Starting from version 3.2, NinjaFirewall (WP / WP+ Edition) includes a new feature: Anti-Malware. It allows you to scan your website for malware. It... »

All In One WP Security & Firewall multiple XSS vulnerabilities (<=4.0.7).

NinTechNet identified multiple XSS vulnerabilities in the All In One WP Security & Firewall v4.0.7 plugin. The affected parameter was 'tab' (all... »

How to upgrade NinjaFirewall WP/Pro to the WP+/Pro+ Edition.

This article covers the steps to follow if you want to upgrade from the free NinjaFirewall WP or Pro Edition to the WP+ or... »

Anatomy of the EICAR Antivirus Test File.

A customer using NinjaFirewall (WP+), our Web Application Firewall for WordPress, asked us to explain what was the meaning of this line, found in... »

Announcing NinjaFirewall Referral Program.

We are happy to launch today our NinjaFirewall Referral Program. You can earn up to 20% for every payment made by a user who... »

An introduction to NinjaFirewall filtering engine.Featured post

Starting from version 3.0, NinjaFirewall, our Web Application Firewall for PHP (Pro and Pro+ Edition) and WordPress (WP and WP+ Edition), includes a... »

Malicious plugins hosted in the WordPress Plugin repository.

While cleaning-up an infected server today, I came across this plugin: Breadcrumb shortcode (slug: breadcrumbs-ez). It was downloaded from the WordPress official repository but... »

Fake WordPress plugin repository distributing malware.

We mentioned a few weeks ago fake WordPress websites used by hackers to distribute malware via malicious plugins installed on their victims blog. Hackers... »

Protecting NinjaFirewall's PHP INI file.

If your installation of NinjaFirewall requires a PHP INI file (php.ini, .user.ini, php5.ini) you may need to deny access to it,... »

Upgrading to PHP 7 with NinjaFirewall installed.

All editions of NinjaFirewall (WP, WP+, Pro and Pro+) are compatible with the latest PHP 7. However, because the firewall needs to be loaded... »