Fake WordPress plugin repository distributing malware.
We mentioned a few weeks ago fake WordPress websites used by hackers to distribute malware via malicious plugins installed on their victims blog. Hackers... »
Table of contents
Protecting NinjaFirewall's PHP INI file.
If your installation of NinjaFirewall requires a PHP INI file (php.ini, .user.ini, php5.ini) you may need to deny access to it,... »
Upgrading to PHP 7 with NinjaFirewall installed.
All editions of NinjaFirewall (WP, WP+, Pro and Pro+) are compatible with the latest PHP 7. However, because the firewall needs to be loaded... »
Restricting access to NinjaFirewall (WP Edition) settings.
Starting from version 1.8.1, it is possible to restrict access to NinjaFirewall (WP+/WP Edition) menu and settings. Note: Restrictions apply to... »
Fake wordpress-update.com site used to distribute malware via malicious plugins.
In recent days, we have worked on several infected WordPress websites that all had the particularity of having the same malicious plugin installed: Hackers... »
WordPress brute-force attack detection plugins comparison (2015 edition).
Following our 2013 benchmarks, we received quite a lot of requests to perform new ones and, this time, to include a category of plugins... »
Blocking WordPress XMLRPC brute-force amplification attacks with NinjaFirewall.
October 15, 2015 Update: Starting from version 1.7, NinjaFirewall WP/WP+ includes a protection against such attacks which can be enabled from the... »
Critical vulnerability in Swift Security Hide WordPress Firewall plugin leads to phishing attack.
This is a very interesting spear phishing attack case that we had to deal with this week. Spear phishing are attempts directed at a... »
How to block web vulnerability scanners with iptables.
We are often asked how to block the DFind vulnerability scanner (A.K.A. "w00tw00t.at.ISC.SANS.DFind") with NinjaFirewall, our Web Application... »
Migrating a website with NinjaFirewall installed.
In order to migrate your site with NinjaFirewall installed, it is important to follow those steps: WP/WP+ Edition 1 . Log in to your... »
Jetpack Protect: IP spoofing and improper data validation allow security feature bypass.
Since version 3.4, the popular Jetpack by WordPress.com plugin (15+ million downloads / 1+ million active installs) includes Jetpack Protect, a module "to... »
NinjaFirewall WP/WP+ introduces automatic updates for security rules.
Starting from WP v1.4 and WP+ v1.2, NinjaFirewall introduces a new feature: It offers the possibility to automatically update the firewall security... »
Testing NinjaFirewall without blocking your visitors.
NinjaFirewall is a powerful web application firewall. When implemented in a production environment, it does not take more than a few hours before its... »
Troubleshoot NinjaFirewall installation problems.
Failed installation This is the most common problem experienced by some users. At the end of the installation process, it displays the Error: the... »
Installing NinjaFirewall with HHVM (HipHop Virtual Machine).
We have been testing for a while our NinjaFirewall sofware running on HHVM (HipHop Virtual Machine), an interesting alternative to PHP. Compatibility test with... »