NinTechNet changelog.

by

NinTechNet


This is the global changelog for all our products and services. For more details, please refer to corresponding release notes (e.g., readme.txt or changelog.php).


December 15, 2017

NinjaScanner v1.0.2

  • The scanning process can be started even when DISABLE_WP_CRON is set (note that a cron job is still needed to run scheduled scans and the garbage collector).
  • Fixes a bug in the file comparison viewer that would skip some empty lines.

https://nintechnet.com/ninjascanner/


December 14, 2017

NinjaFirewall (Pro+/Pro) v3.2.13

  • On servers running PHP 5.5 or above, NinjaFirewall will no longer user SHA1 for the administrator password, but the password_hash() function with the best algorithm available (currently bcrypt). To convert your current password, simply log out and log in again after applying this update.
  • The "Uploads > Allow, but block scripts, ELF and system files" firewall policy was renamed to "Allow, but block dangerous files" and will also block dangerous SVG files. Therefore, the complete list of blocked files is now: scripts (PHP, CGI, Ruby, Python, bash/shell), C/C++ source code, binaries (MZ/PE/NE and ELF formats), system files (.htaccess, .htpasswd and PHP INI) and SVG files containing Javascript/XML events.
  • [Pro+ Edition] Updated IPv4/IPv6 GeoIP databases.
  • Minor fixes.
  • Updated security rules.

https://nintechnet.com/ninjafirewall/pro-edition/


December 11, 2017

NinjaScanner v1.0.1

  • Fixes an issue with non-en_US locale WordPress installations: the "File Integrity Checker" could wrongly report that some files (wp-config-sample.php, version.php and readme.html) were modified.
  • Increases remote connections timeout from 10 to 60 seconds.
  • Adds a warning if the report was created with an older version of NinjaScanner.

https://nintechnet.com/ninjascanner/


December 09, 2017

NinjaFirewall (WP+/WP) v3.6

  • Important: We have removed the "Anti-Malware" option from NinjaFirewall. Instead, we have now a brand new and much better antivirus plugin: NinjaScanner. You can download it from wordpress.org: https://wordpress.org/plugins/ninjascanner/
  • [WP+ Edition] Fixed a bug where IPs that were whitelisted in the "Access Control" page could not connect to the REST API if its access was disabled in the "Firewall Policies".
  • [WP+ Edition] Updated IPv4/IPv6 GeoIP databases.
  • Minor fixes.

https://nintechnet.com/ninjafirewall/wp-edition/


October 27, 2017

NinjaFirewall (WP+/WP) v3.5.4

  • [WP+ Edition] In addition to the firewall log, all events can also be redirected to the server Syslog. See our blog for more info: Syslog logging with NinjaFirewall
  • For a better readability, the "Firewall Policies" page has been split into three parts: Basic, Intermediate and Advanced Policies.
  • The "Brute-force protection by NinjaFirewall" signature can be disabled in the "Login Protection" page.
  • Fixed a caching issue with the "Login Protection" page where changes were not immediately visible after the form submission if a PHP opcode cache was installed.
  • Fixed an issue where the French translation included in the package was not always loaded.
  • [WP+ Edition] Fixed a "Cannot use object of type WP_Error" PHP error in the Antispam.
  • [WP+ Edition] By default, the "Maximum allowed file size" policy will use the same value as the PHP upload_max_filesize directive or, if not available, it will be set to 10 megabytes.
  • [WP+ Edition] Updated IPv4/IPv6 GeoIP databases.
  • Minor fixes.

https://nintechnet.com/ninjafirewall/wp-edition/

NinjaFirewall (Pro+/Pro) v3.2.12

  • In addition to the firewall log, all events can also be redirected to the server Syslog. See our blog for more info: Syslog logging with NinjaFirewall
  • By default, the "Maximum allowed file size" policy will use the same value as the PHP upload_max_filesize directive or, if not available, it will be set to 10 megabytes.
  • [Pro+ Edition] Updated IPv4/IPv6 GeoIP databases.
  • Minor fixes.
  • Updated security rules.

https://nintechnet.com/ninjafirewall/pro-edition/


September 24, 2017

NinjaFirewall (WP+/WP) v3.5.3

NinjaFirewall (Pro+/Pro) v3.2.11

  • Multidimensional arrays in the $_FILES superglobal are now fully supported.
  • It is possible to select which superglobal the "Block serialized PHP objects" policy can apply to (see "Firewall Policies > PHP > Block serialized PHP objects in the following global variables"). By default, all but COOKIE will be enabled.
  • The "Sanitise filenames" policy will not allow the use of the slash character / as a substitution character because it is the directory separator in Unix-like systems.
  • [WP+ Edition/Pro+ Edition] Updated IPv4/IPv6 GeoIP databases.
  • Updated security rules.
  • Minor fixes.

https://nintechnet.com/ninjafirewall/wp-edition/


August 08, 2017

NinjaFirewall (Pro+/Pro) v3.2.10

  • The substitution character used to sanitise filenames can be changed (see "Firewall > Policies > Uploads > Sanitise filenames > Substitution character").
  • The "X-Content-Type-Options" firewall policy will be disabled by default when installing NinjaFirewall.
  • When creating the snapshot, "File Check" will remove any whitespace character preceding or following the excluded folders name.
  • Improved uploaded script detection to prevent false positives.
  • Minor fixes (typos etc) and several small adjustments.
  • [Pro+ Edition] Updated IPv4/IPv6 GeoIP databases.
  • Updated security rules.

https://nintechnet.com/ninjafirewall/pro-edition/


August 06, 2017

NinjaFirewall (WP+/WP) v3.5.2

  • The "Anti-Malware" signatures file will be downloaded from the WordPress repo each time a scan will start (rather than being included in the NinjaFirewall installation package), to avoid some hosts to flag it as virus and delete it.
  • When importing its configuration from a file, NinjaFirewall will detect and remove any potential Unicode BOM.
  • When creating the snapshot, "File Check" will remove any whitespace character preceding or following the excluded folders name.
  • Added a missing call to session_destroy() when the firewall's bot protection closed the connection.
  • [WP+ Edition] Improved uploaded script detection to prevent false positives.
  • [WP+ Edition] Updated IPv4/IPv6 GeoIP databases.
  • Minor fixes.

https://nintechnet.com/ninjafirewall/wp-edition/


July 10, 2017

NinjaFirewall (Pro+/Pro) v3.2.9

  • Updated security rules.
  • [Pro+ Edition] Updated IPv4/IPv6 GeoIP databases.

https://nintechnet.com/ninjafirewall/pro-edition/


July 9, 2017

NinjaFirewall (WP+/WP) v3.5.1

  • Added a new "garbage collector" to better clean up NinjaFirewall's cache folder and temporary files.
  • All translatable strings used for JavaScript are now automatically escaped via the esc_js() function. Translators can use single or double quotes ('") inside their text without breaking the JS code.
  • The "WordPress XML-RPC API > Block system.multicall method" policy will be disabled by default when installing NinjaFirewall.
  • The login page "Bot protection" option will write blocked requests to the firewall log.
  • If security rules updates are disabled, a warning will be displayed in the "Overview" page.
  • Fixed HTML bug in the "Rules Editor" page.
  • [WP+ Edition] Fixed a small issue with the shared memory option: sometimes, NinjaFirewall was recreating the shared memory segment for no apparent reason.
  • [WP+ Edition] Updated IPv4/IPv6 GeoIP databases.
  • Minor fixes (typos etc) and adjustments.

https://nintechnet.com/ninjafirewall/wp-edition/


May 17, 2017

NinjaFirewall (Pro+/Pro) v3.2.8

  • Updated security rules.
  • [Pro+ Edition] Updated IPv4/IPv6 GeoIP databases.

https://nintechnet.com/ninjafirewall/pro-edition/


May 7, 2017

NinjaFirewall (WP+/WP) v3.5

  • The login page can also be protected with a captcha instead of the username/password combination (see "Login Protection > Type of protection").
  • A new option was added to attempt to block bots before they start a brute-force attack (see "Login Protection > Enable bot protection").
  • The substitution character used to sanitise filenames can be changed (see "Firewall Policies > Uploads > Sanitise filenames > Substitution character").
  • The "X-Content-Type-Options" firewall policy will be disabled by default when installing NinjaFirewall.
  • Fixed a bug where NinjaFirewall was not reporting the correct timezone.
  • The firewall log encoding can be disabled or changed (see http://nin.link/log_encoding/ ).
  • Updated Anti-Malware signatures.
  • [WP+ Edition] Updated IPv4/IPv6 GeoIP databases.
  • Small fixes and minor adjustments.

https://nintechnet.com/ninjafirewall/wp-edition/


April 17, 2017

NinjaFirewall (Pro+/Pro) v3.2.7

  • Updated security rules.
  • [Pro+ Edition] Updated IPv4/IPv6 GeoIP databases.

https://nintechnet.com/ninjafirewall/pro-edition/


April 3rd, 2017

NinjaFirewall (WP+/WP) v3.4.3

  • Updated Anti-Malware signatures.
  • The "Block PHP built-in wrappers" firewall policy has been extended to expect://, file:// and zip:// streams. Previously, it covered only php://, phar:// and data:// streams.
  • All <textarea> HTML elements will attempt to turn browsers spell checking off to prevent annoying highlighting.
  • When importing the configuration, if the Anti-Malware scan directory does not exist it will be set to the WordPress ABSPATH.
  • When NinjaFirewall's settings are restricted using the NFW_ALLOWED_ADMIN constant, it will no longer be visible to other admins in the "Plugins" page.
  • The "Block ASCII character 0x00" and "Block ASCII control characters" policies will no longer apply to COOKIE to prevent false positives.
  • The "Login Protection" HTTP authentication message can now be up to 1024 characters and can include HTML tags. Previously, it accepted 150 ASCII characters only.
  • When turning the "Login Protection" off, the current configuration will be kept instead of being deleted.
  • Two new constants are introduced in this version in order to debug PHP session issues (e.g., whitelisted users blocked by the firewall): NFW_SESSION_DEBUG_USER and NFW_SESSION_DEBUG_CAPS. See our blog about how to use them ( http://nin.link/dbgs/ ).
  • Added two new comparison operators to the firewall fitering engine.
  • Several small fixes and adjustments.
  • [WP+ Edition] Updated IPv4/IPv6 GeoIP databases.
  • [WP+ Edition] Added PATCH method to the "NinjaFirewall > Access Control > HTTP Methods" section.

https://nintechnet.com/ninjafirewall/wp-edition/


April 1st, 2017

NinjaFirewall (Pro+/Pro) v3.2.6

  • Updated security rules.
  • Added two new comparison operators to the firewall fitering engine.
  • The "Block PHP built-in wrappers" firewall policy has been extended to expect://, file://, phar:// and zip:// streams. Previously, it covered only php:// and data:// streams.
  • All <textarea> HTML elements will turn browsers spell checking off to prevent annoying highlighting.
  • The "Block ASCII character 0x00" and "Block ASCII control characters" policies will no longer apply to COOKIE to prevent false positives.
  • Minor fixes and adjustments.
  • [Pro+ Edition] Added "PATCH" method to the "Firewall > Access Control > HTTP Methods" section.
  • [Pro+ Edition] Updated IPv4/IPv6 GeoIP databases.

https://nintechnet.com/ninjafirewall/pro-edition/


February 11, 2017

NinjaFirewall (WP+/WP) v3.4.2

  • Updated "Anti-Malware" signatures.
  • [WP+ Edition] Improved PHP scripts detection to cover more extensions and to prevent, in some rare cases, uploaded images to be wrongly detected as PHP scripts.
  • [WP+ Edition] Updated IPv4/IPv6 GeoIP databases.
  • [WP+ Edition] The Access Control rate limiting feature will always return a "429 Too Many Requests" HTTP status code.
  • Tweaked list of suspicious bots to prevent potential false-positives.
  • Added missing multisite detection notice when running the installer in "WordPress WAF" mode.
  • Small fixes and minor adjustments.

https://nintechnet.com/ninjafirewall/wp-edition/

NinjaFirewall (Pro+/Pro) v3.2.5

  • Updated security rules.
  • Tweaked list of suspicious bots to prevent potential false-positives.
  • Improved PHP scripts detection.
  • [Pro+ Edition] Updated IPv4/IPv6 GeoIP databases.

https://nintechnet.com/ninjafirewall/pro-edition/


January 18, 2017

NinjaFirewall (Pro+/Pro) v3.2.4

  • Added an option to block serialized PHP objects found inside a GET or POST request, cookies, user agent and referrer variables (see the "Firewall > Policies > PHP" section).
  • Improved PHP scripts detection to cover more extensions and to prevent, in some rare cases, uploaded images to be wrongly detected as PHP scripts.
  • [Pro+ Edition] The "File Guard" files/folders exclusion list can contain now up to 255 characters (vs 155 previously).
  • [Pro+ Edition] The Access Control rate limiting feature will always return a "429 Too Many Requests" HTTP status code.
  • [Pro+ Edition] Updated IPv4/IPv6 GeoIP databases.
  • Updated security rules.

http://nintechnet.com/ninjafirewall/pro-edition/


January 08, 2017

NinjaFirewall (WP+/WP) v3.4

  • NinjaFirewall can now be installed in two different modes: either "Full WAF" mode (via the PHP auto_prepend_file directive, as usual) or "WordPress WAF" mode (via the wp-config.php script). See our blog for more info: http://nin.link/wafmode/
  • Added two options regarding the new WP REST API: to block any access to the API (see "Firewall Policies > WordPress REST API") or only username enumeration (see "Firewall Policies > Protect against username enumeration").
  • Added an option to block serialized PHP objects found inside a GET or POST request, cookies, user agent and referrer variables. (see the "Firewall Policies > PHP" section).
  • Added an option to send a notification to the administrator when NinjaFirewall detects and blocks a privilege escalation attempt (see the "Event Notifications > Administrator account" section).
  • The "File Guard" files/folders exclusion list can contain now up to 255 characters (vs 155 previously).
  • Updated "Anti-Malware" signatures.
  • Several small fixes and adjustments.
  • [WP+ Edition] Updated IPv4/IPv6 GeoIP databases.

http://nintechnet.com/ninjafirewall/wp-edition/


December 28, 2016

NinjaFirewall (Pro+/Pro) v3.2.3

  • Updated security rules.
  • [Pro+ Edition] Updated IPv4/IPv6 GeoIP databases.

http://nintechnet.com/ninjafirewall/pro-edition/


November 20, 2016

NinjaFirewall (WP+/WP) v3.3.3

  • Improved the filtering engine cache for better reliability and speed.
  • Added an option to block Pingbacks without having to disable the whole XML-RPC API (see "Firewall Policies > WordPress XML-RPC API > Block Pingbacks").
  • Fixed a "nfwhook_load_textdomain invalid function name" PHP error (WP Edition only).
  • Fixed "Cache-Control" header in the firewall blocked message.
  • [WP+ Edition] Updated IPv4/IPv6 GeoIP databases.
  • Improved verbose logging in case of error during the "Anti-Malware" scan.

http://nintechnet.com/ninjafirewall/wp-edition/


November 19, 2016

NinjaFirewall (Pro+/Pro) v3.2.2

  • Improved the filtering engine cache for better reliability and speed.
  • [Pro+ Edition] Updated IPv4/IPv6 GeoIP databases.
  • Updated security rules.
  • Fixed "Cache-Control" header in the firewall blocked message.
  • [Pro+ Edition] Fixed a "Undefined index: lic_exp" PHP notice.
  • Fixed a few CSS issues with Webkit-based browsers.

http://nintechnet.com/ninjafirewall/pro-edition/


October 29, 2016

NinjaFirewall (WP+/WP) v3.3.2

  • Added max_execution_time directive to "File Check" to prevent time-out.
  • Updated "Anti-Malware" signatures.
  • The security rules updates option will be enabled by default with new installations of NinjaFirewall.
  • If the administrator is whitelisted by the brute-force protection, a notice will be displayed on the WordPress login page.
  • [WP+ Edition] Updated IPv4/IPv6 GeoIP databases.
  • [WP+ Edition] The "Block scripts, ELF and system files upload" will also block Microsoft executable files (MZ header).
  • Minor fixes and adjustments.

http://nintechnet.com/ninjafirewall/wp-edition/


October 26, 2016

NinjaFirewall (Pro+/Pro) v3.2.1

  • Updated security rules.
  • Added max_execution_time directive to "File Check" to prevent time-out.
  • [Pro+ Edition] Updated IPv4/IPv6 GeoIP databases.
  • Fixed a bug in the "Summary > Statistics" page where the "Average time per request" field could report a wrong value.
  • Fixed a few CSS issues with Webkit-based browsers (Opera, Chrome/Chromium, Safari).
  • The "Block scripts, ELF and system files upload" will also block Microsoft executable files (MZ header).
  • Minor fixes and adjustments.

http://nintechnet.com/ninjafirewall/pro-edition/


October 01, 2016

NinjaFirewall (WP+/WP) v3.3.1

  • [WP+ Edition] Added a new feature: "Centralized Logging". It allows you to remotely access the firewall log of all your NinjaFirewall protected websites from one single installation, without having to log in to individual servers to analyse your log data (see our blog for more info about that: http://nin.link/centlog/ ).
  • Added a new Content-Security-Policy option that can be set up separately for the frontend and backend of the site (see "Firewall Policies > HTTP response headers > Content-Security-Policy").
  • On French language installations running WordPress 4.6 or above, NinjaFirewall will force WordPress to use the fr_FR translation file that is fully translated and included with this release, instead of the partially translated one from wordpress.org.
  • [WP+ Edition] Added PUT and DELETE methods to the "NinjaFirewall > Access Control > HTTP Methods" section.
  • [WP+ Edition] Updated IPv4/IPv6 GeoIP databases.
  • [WP+ Edition] Fixed a bug in the firewall log: blocked threats were not hex-decoded before exporting the log.
  • [WP+ Edition] Fixed a bug in the shared memory feature where, in some cases, deactivating NinjaFirewall from the "Plugins" page would not disable the firewall because the shared memory segment used to store its rules was not deleted upon exit.
  • The SERVER_NAME environment variable will be always appended to each firewall log line (it was previously available only on multisite installations).
  • The X-Content-Type-Options header will be enabled by default with new installations of NinjaFirewall.
  • Updated "Anti-Malware" signatures.
  • Minor fixes and adjustments.

http://nintechnet.com/ninjafirewall/wp-edition/

NinjaFirewall (Pro+/Pro) v3.2

  • Added a new Content-Security-Policy option to the "Firewall Policies > HTTP response headers" section.
  • [Pro+ Edition] Added a new feature: "Centralized Logging". It allows you to remotely access the firewall log of all your NinjaFirewall protected websites from one single installation, without having to log in to individual servers to analyse your log data (see our blog for more info about that: http://nin.link/centlog/ ).
  • [Pro+ Edition] Added PUT and DELETE methods to the "NinjaFirewall > Access Control > HTTP Methods" section.
  • [Pro+ Edition] Updated IPv4/IPv6 GeoIP databases.
  • Fixed a bug in the firewall log: blocked threats were not hex-decoded before exporting the log.
  • The X-Content-Type-Options header will be enabled by default with new installations of NinjaFirewall.
  • Updated security rules.
  • Minor fixes and adjustments.

http://nintechnet.com/ninjafirewall/pro-edition/


September 04, 2016

NinjaFirewall (WP+/WP) v3.2.5

  • Updated Anti-Malware signatures.
  • [WP+ Edition] Fixed a bug where notifications sent or displayed by NinjaFirewall were showing the load balancer IP when an alternate address was defined in the Access Control > Source IP section.
  • Blocked threats written to the firewall log will be hexencoded, to lower false positives from antivirus scanners.
  • Improved privilege escalation protection.
  • The Anti-Malware operations and errors will be written to the /wp-content/nfwlog/cache/malscan.log log.
  • Minor fixes and adjustments.

http://nintechnet.com/ninjafirewall/wp-edition/


September 03, 2016

NinjaFirewall (Pro+/Pro) v3.1.8

  • Updated security rules and improved XSS evasion techniques detection.
  • [Pro+ Edition] Fixed a bug where notifications sent or displayed by NinjaFirewall were showing the load balancer IP when an alternate address was defined in the Access Control > Source IP section.
  • Blocked threats written to the firewall log will be hexencoded, to lower false positives from antivirus scanners.
  • Minor fixes and adjustments.

http://nintechnet.com/ninjafirewall/pro-edition/


August 09, 2016

NinjaFirewall (Pro+/Pro) v3.1.7

  • Updated security rules.

http://nintechnet.com/ninjafirewall/pro-edition/


August 07, 2016

NinjaFirewall (WP+/WP) v3.2.4

  • Added a warning about the XMLRPC system.multicall option if the Jetpack plugin is installed.
  • Fixed a double-slash bug in filenames in the Anti-Malware results.
  • Updated Anti-Malware signatures.
  • Minor fixes and adjustments.
  • [WP+ Edition] Updated IPv4/IPv6 GeoIP databases.

http://nintechnet.com/ninjafirewall/wp-edition/


August 06, 2016

NinjaFirewall (Pro+/Pro) v3.1.6

  • Updated security rules.
  • Fixed a bug affecting the admin dashboard token.
  • Minor fixes and adjustments.
  • [Pro+ Edition] Updated IPv4/IPv6 GeoIP databases.

http://nintechnet.com/ninjafirewall/pro-edition/


July 03, 2016

NinjaFirewall (WP+/WP) v3.2.3

  • Fixed a bug that could prevent the Anti-Malware scanner to run if the ALTERNATE_WP_CRON method was enabled.
  • In a multisite environment, notifications will always be sent to the SuperAdmin by default, instead of the administrator of the site where originated the alert.
  • Fixed an issue where NinjaFirewall could wrongly flag a POST request as a BASE64 encoded injection attempt.
  • Updated Linux Malware Detect signatures.
  • [WP+ Edition] Updated IPv4/IPv6 GeoIP databases.

http://nintechnet.com/ninjafirewall/wp-edition/


July 02, 2016

NinjaFirewall (Pro+/Pro) v3.1.5

  • Updated security rules.
  • [Pro+ Edition] Updated IPv4/IPv6 GeoIP databases.

http://nintechnet.com/ninjafirewall/pro-edition/


May 22, 2016

NinjaFirewall (WP+/WP) v3.2.2

  • Fixed a bug in subdomain-based multisites: the Super Admin was not whitelisted when accessing a sub-site and could not upload files.
  • Added the last scan date to the Anti-Malware page.
  • Fixed a typo in the Anti-Malware JavaScript code.
  • Added a warning to the Anti-Malware page if the scanning process seems to have unexpectedly terminated or was killed because it reached the PHP max_execution_time value allowed by your host.
  • Renamed the signatures file from .php to .txt to prevent it from being wrongly flagged by some antivirus.
  • Minor fixes and adjustments.

http://nintechnet.com/ninjafirewall/wp-edition/


May 19, 2016

NinjaFirewall (Pro+/Pro) v3.1.4

  • Updated security rules to protect against a critical Magento vulnerability (CVE-2016-4010).
  • [Pro+ Edition] Updated IPv4/IPv6 GeoIP databases.

http://nintechnet.com/ninjafirewall/pro-edition/


May 15, 2016

NinjaFirewall (WP+/WP) v3.2

  • Added a new feature: Anti-Malware. It allows you to scan your website for malware. The scanning engine is compatible with the popular Linux Malware Detect LMD (whose anti-malware signatures are included with this release) and with some ClamAV signatures as well. You can even write your own anti-malware signatures. See our blog for more details about that: http://nin.link/maldet/
  • Fixed a JavaScript warning in the File Check page.
  • Minor fixes and adjustments.

http://nintechnet.com/ninjafirewall/wp-edition/


April 17, 2016

NinjaFirewall (WP+/WP) v3.1.3

  • Fixed a bug in the "Daily Report": on the first day of each month, the report was empty because of the monthly log rotation.
  • Fixed a bug in the "Plugins" page where NinjaFirewall "Settings" link was not accessible in a multisite environment.
  • [WP+ Edition] Updated IPv4/IPv6 GeoIP databases.
  • It is possible to import the configuration from the WP Edition to the WP+ Edition.
  • Minor fixes and adjustments.
  • NinjaFirewall's icon displayed in the admin dashboard menu was converted to grayscale.

http://nintechnet.com/ninjafirewall/wp-edition/


April 16, 2016

NinjaFirewall (Pro+/Pro) v3.1.3

  • Updated security rules.
  • Minor fixes and adjustments.
  • Added a warning in the "Overview" page if a PHP opcode cache is enabled.
  • [Pro+ Edition] Updated IPv4/IPv6 GeoIP databases.

http://nintechnet.com/ninjafirewall/pro-edition/


April 03, 2016

NinjaFirewall (WP+/WP) v3.1.2

  • It is possible to exclude multiple files/folders in the "File Guard" options page (multiple values must be comma-separated).
  • [WP+ Edition] Added an option to select the number of log lines to display (see "Firewall Log > Log Options"):

  • The "Firewall Policies" sanitise options (GET, COOKIE etc) will replace all < and > characters with their corresponding HTML entities &lt; and &gt;.
  • The "X-XSS-Protection" and "HttpOnly flag" options from the "Firewall Policies" page will be enabled by default with new installations of NinjaFirewall.
  • Minor fixes and adjustments.

http://nintechnet.com/ninjafirewall/wp-edition/


April 02, 2016

NinjaFirewall (Pro+/Pro) v3.1.2

  • Added an option to select the number of log lines to display (see "Firewall > Security Log > Log Options"):

  • The "X-XSS-Protection" and "HttpOnly flag" options from the "Firewall Policies" page will be enabled by default with new installations of NinjaFirewall.
  • The "Firewall Policies" sanitise options (GET, COOKIE etc) will replace all < and > characters with their corresponding HTML entities &lt; and &gt;.
  • Minor fixes and adjustments.
  • [Pro+ Edition] It is possible to exclude multiple files/folders in the "File Guard" options page (multiple values must be comma-separated).
  • Updated security rules.

http://nintechnet.com/ninjafirewall/pro-edition/


March 23, 2016

NinjaFirewall (Pro+/Pro) v3.1.1

  • Speed improvements. The latest set of security rules was optimized to drastically speed up the firewall engine.
  • Tweaked two anti-XSS rules to prevent attempts to bypass them using HTML events inside truncated/unclosed HTML tags. Thanks to Sven Morgenroth for reporting the issue.
  • [Pro+ Edition] The File Guard and Live Log functions were moved from the firewall main script to two separate scripts inside the /lib/ folder.
  • Updated security rules.
  • The MJ12bot user-agent was removed from the firewall blacklist. This bot DOES follow the robots.txt and hence there is no reason to blacklist it by default.

http://nintechnet.com/ninjafirewall/pro-edition/


March 13, 2016

NinjaFirewall (WP+/WP) v3.1

  • Added a new option to whitelist all logged in users in addition to the Administrator. This can be set up from the new "Firewall Policies > Users Whitelist" option. Note that this feature was added to the free WP Edition only, as the premium WP+ Edition can whitelist users depending on their Role, IP etc.

  • [WP+ Edition] Geolocation access control can apply to the whole site or to some specific URLs only (e.g., /wp-login.php, /xmlrpc.php etc). See the "Access Control > Geolocation Access Control > Geolocation should apply to the whole site or specific URLs" option.

  • [WP+ Edition] Added an option to the "Firewall Log" page to export the log as a TSV (tab-separated values) text file.
  • [WP+ Edition] The "Delete" button from the "Firewall Log" page was moved above the textarea, beside the "Export" new button, and can be used to delete the currently viewed log.

  • Minor fixes.
  • Updated security rules.
  • We launched NinjaFirewall Referral Program. If you are interested in joining the program, please consult: http://nin.link/referral/

http://nintechnet.com/ninjafirewall/wp-edition/


March 11, 2016

NinjaFirewall (Pro+/Pro) v3.1

  • [Pro+ Edition] Geolocation access control can apply to the whole site or to some specific URLs only (e.g., /script.php etc). See the "Firewall > Access Control > Geolocation Access Control > Geolocation should apply to the whole site or specific URLs" option:

  • Added an option to the "Firewall Log" page to export the log as a TSV (tab-separated values) text file.
  • The "Delete" button from the "Firewall Log" page was moved above the textarea, beside the "Export" new button, and can be used to delete the currently viewed log.

  • Fixed a PHP warning in the firewall script.
  • Minor fixes.
  • Updated security rules.
  • We launched NinjaFirewall Referral Program. If you are interested in joining the program, please consult: http://nin.link/referral/

http://nintechnet.com/ninjafirewall/pro-edition/


February 28, 2016

NinjaFirewall (WP+/WP) v3.0.1

  • Fixed a PHP notice in the "Firewall Policies" page.
  • NinjaFirewall will always search for the wp-config.php script in the current folder or, if it cannot find it, in the parent folder (there is no need to use the .htninja configuration script for that purpose).
  • The "Protect against username enumeration > Through the author archives" policy will be disabled by default when installing NinjaFirewall.
  • The "WordPress XML-RPC API > Block only system.multicall method" policy will be enabled by default when installing NinjaFirewall.

http://nintechnet.com/ninjafirewall/wp-edition/


February 24, 2016

NinjaFirewall (Pro+/Pro) v3.0.1

  • Updated security rules.

http://nintechnet.com/ninjafirewall/pro-edition/


February 21, 2016

NinjaFirewall (WP+/WP) v3.0

  • This is a major update: NinjaFirewall has a brand new, powerful and awesome filtering engine. Please see our blog for a complete description: http://nin.link/sensei/
  • Added many new security rules.
  • Fixed a bug where NinjaFirewall was unable to retrieve the DB password from the wp-config.php file if it contained a double-quote character.
  • The Firewall Policies "Force SSL for admin", "Disable the plugin and theme editor" and "Disable plugin and theme update/installation" options will be disabled if their respective constants have been defined elsewhere (e.g., in wp-config.php).
  • Minor fixes.
  • [WP+ Edition] Updated IPv4/IPv6 GeoIP databases.

http://nintechnet.com/ninjafirewall/wp-edition/


February 20, 2016

NinjaFirewall (Pro+/Pro) v3.0

  • This is a major update: NinjaFirewall has a brand new, powerful and awesome filtering engine. Please see our blog for a complete description: An introduction to NinjaFirewall 3.0 filtering engine
  • Added many new security rules.
  • Minor fixes.
  • [Pro+ Edition] Updated IPv4/IPv6 GeoIP databases.

http://nintechnet.com/ninjafirewall/pro-edition/




NinjaMonitoring

Website Monitoring
for just $4.99 per month.



NinjaFirewall

Web Application Firewall
for PHP and WordPress.



NinjaRecovery

Malware removal
and hacking recovery.

Table of contents