WordPress Security made easy

I purchased this plugin about 10 hours ago after reading many great reviews. I even canceled another firewall plugin which had been disappointing, especially due to poor customer servicein order to switch to this one.

However, the most basic step of activating it immediately triggered an error: “Invalid CSRF token.” I fully understand that this happened during the weekend and outside support hours, but such a fundamental feature should work reliably on its own. Otherwise, users like me are left with no choice but to share negative feedback.

Additionally, I noticed that on the supplier’s website, many of the linked YouTube videos display errors as well. Altogether, it gives the impression that something isn’t functioning properly here.

Im on Tier 4 (unlimited websites). Plugin works great, it replaces plugins like malware scanner, firewall and limit login attempts. All in one solution. For this part - 5 tacos.

Main problems that I can see when I want to protect my customers websites. Someone noticed the same issues like me, here, in other reviews:
1. to see websites in the WP Security Ninja Admin Dashboard (Websites tab) this website MUST have the same email address as you registered as a WPSN customer/login. If your customers (their websites) will have own email in the WP settings (which is most obvious scenario) this customer's website wont be visible here, so you can't manage (activate/deactivate) license usage on that website.
2. you have only one license code for unlimited websites, when you click in - you will see how many websites in fact uses that license code. With point #1 it may give you different results - on Websites tab you will se 10 websites (that have your email address in WP settings) and here, in license details you may see 100 sites (because your customers copied license code and used it in other owned websites without your knowledge)
3. yes, it is possible to copy license code because your customer seeing "Account" tab in their WP Dashboard and may copy license code and use it elsewhere. To avoid that situation you should go to your license, set option "This license is activated on my client site" AND use "restrict sites" to whitelabel all websites that belongs to your clients that paid for license access. Then, account tab will switch to the mode where your details (and license code) is hidden/asterisked.
Much easier would be if one license is per one website, no matter what was email address associated with that site. You just generate new license for each new website or deactivate license when customer not paying.

4. last but not least - whitelabel option is... complicated and confusing. When you install plugin on your customer website, after plugin and license activation you must go to the "Whitelabel" tab (in customer's WP Admin) and turn on this feature (and hange names, logo etc). It means that your customers must give you admin rights to its website. It means also that you must replicate this procedure with every customer. Other plugins works like this - I can personalize/whitelabel plugin details in plugin account dashboard and when I download it (or my customer downloads it) it is already whitelabeled.

And because of that complications -1 taco so total score is 4 tacos.

I wasn't sure it'd be worth the money. I use the free version of another plugin and it seemed to work well.

I decided to go all in on Security Ninja for unlimited sites, mainly to have the ability to geo block IP addresses.

I couldn't be happier. Worth every cent.

Its easy to use and HIGHLY effective. It will be added to every site from here on out.

I’ve been using WP Security Ninja with the 3-tier white label option, and I couldn’t be more impressed. As a developer managing multiple client sites, this plugin has become a non-negotiable part of my WordPress toolkit.

From installation to configuration, everything is smooth and beginner-friendly. It offers robust features like malware scanning, core file integrity checks, login protection, and real-time monitoring — all while keeping site performance intact.

But what truly sets WP Security Ninja apart is their amazing support team. Whenever I had questions about white labeling or configuration, they responded quickly, clearly, and went above and beyond to assist. It's rare to find this level of dedication, especially with a lifetime deal.

The white label feature allows me to offer a branded experience to clients, enhancing our agency's credibility while the plugin quietly protects every corner of the site.

If you value reliability, ease of use, and real human support — this plugin is a must-have. Solid investment for any freelancer, agency, or serious website owner.

So I end up purchasing quite a few accounts here. Most are just sitting on the shelf, hoping that someday they will mature enough to be worth it. Some end up sitting there forever. But not this one. There are a handful that end up in my permanent account, where I use it every day for my clients. I've loved using this and loved the updates that seem to come pretty regularly, we aren't left with software that just sits there, they have even taken 2 of my suggestions and added them. They are very responsive and the software is really great.

Troy

Hi Lars Koudal / WP Security Ninja Support Team,

Thank you for your excellent customer support. In fact, it’s better than WP Lockdown. We decided to switch to WP Security Ninja because of your prompt response and reliable service. We’ve subscribed and purchased WP Security Ninja.

Edmund Tan
LOTSHUB PTE LTD / LOTS PTE LTD
Managing Director
(Digital Marketer and IT Solution Consultant cum Cloud Server Engineer)

Amazing alternative to my past wp protection - great product and easy to use

Seems to be a well designed plugin, but it has some features that needs to be fixed. I currently use Defender free plugin for my medium size business website.

I had high hopes with this plugin, when I activate hide WP admin login page. I cannot log out. But any other security plugin I don't have this issue, I tested it and WP security ninja won't let me log out.

I checked it, and your plug in has an error with this. It sends me to a page cannot be found page, my wp dash is still there. Basically I cannot log out of my own website when I active it.

Please get this fixed, I might have to return the product.

A must-have product when it comes to the security of your sites and the sites of your customers!

As usual, installation is very simple. All security steps are explained very well, so that you get a very high security score. The whole plugin looks very simple / cheaply designed at first glance, but yes, it is simple and clear but also very high quality!

However, there is one thing that I think is not yet so well solved and that is the white label function. There are other providers who have provided the white label function centrally in the main account and if I make a change there, all pages are also updated, e.g. name of the plugin / activation and deactivation of the WL function. - That would still be a wish feature :)

Excellent price-performance ratio!

WP Security Ninja is a very full featured security plugin. Easy to setup and has an intuitive interface.
Had a minor glitch with the visitor log display and received fast and effective support to quickly solve the issue.
Better grab this before it is gone!

The tool completely crashed one of my websites. I am unhappy because I had to pay for a reinstallation. For example, XHeaders were created that were duplicated because they were already present, and much more. Yes, I have contacted support, but I am still waiting. The tool is very, very powerful, so be careful with settings and fixes.

i was upset i missed this deal the last time.. i'm so glad you came back! i got Ninja up and running quickly with nearly all security functions enabled. it has a very in depth amount of security fixes and significantly more compared to wp ghost. the good news is it pairs well with ghost! between them both, i feel very content now.
very easy to implement and passing 47 of 50 checks at 93% security score, need a few more tweaks. theres 20 something other "fixes" in addition to those. it has vuln mgmt with email notifications for CVE / patch mgmt and a malware scanner. saw a bad comment about the malware scanner so i am sure there is room for improvement. i'd be curious if that is just signature based? known CVEs? or what? is there like MITRE ATT&CK framework for wordpress?

i even managed to get some plugins that said the 8G firewall is not supported by adding the IPs identified in the visitor log onto whitelist. the only thing i'm not using is the MFA and login name changes because WP Ghost is handling them. I may be mistaken, but the one thing that Ghost seems to do that Ninja doesn't do is that in addition to change admin and login paths, it changes all the paths to hide wordpress/php/db to avoid WP detection. Although that is the bread and butter behind ghost. Fact is, Ninja does way more when it comes to hardening so they both are a must have in my book.

its worth noting i never tried wp fence so i can't compare to that at all, but i am curious on the roadmap to get more next-gen and real time protection abilities that wordfence seems to have. even if its a monthly add on cost or included in LTD long term