BitFire Security – Firewall, Malware Scanner, Bot Blocker, Login Protection
BitFire protects WordPress sites from malicious bots, login attacks, malware, and unauthorized changes to files and database records. Free Protection Malware Scanner Scan WordPress core, plugin, and theme files for malware, unexpected changes, and suspicious code. Real-Time Traffic Monitoring Review every request to your site, including who visited, what they accessed, and whether the request was blocked. 30 Days of Traffic History Look back through a full month of traffic data to investigate issues, identify patterns, or better understand how your site is being used. Login Protection Browser verification stops automated login attempts, brute-force attacks, password stuffing, and other suspicious authentication activity. A+ Rated Web Application Firewall Independent third-party testing by Cloudbric rated BitFire’s WAF at 94% (A+). See how it compares: BitFire: 94% (A+) Ninja Firewall [PRO]: 67% (D) Wordfence [PRO]: 41% (D) MalCare [PRO]: 34% (F) iThemes Security: 2% (F) Shield Security [PRO]: 2% (F) SiteGround Security: 2% (F) View the full independent test results at Cloudbric Labs WP-CLI Use BitFire’s WP-CLI integration to start malware scans, review scan results, inspect blocking data, and review web requests to your site. CSV, JSON, and table output formats are supported. BitFire Pro Built for Faster AI-Driven Attacks AI-assisted exploit generation is reducing the time between vulnerability discovery and active attacks. Traditional defenses must wait for patches, signatures, or firewall rules. Runtime Application Self-Protection BitFire’s patented RASP technology monitors sensitive file, database, and network operations during every request. It can prevent: Unauthorized PHP file changes. Unexpected administrator creation. Malicious database modifications. Outbound connections to malicious servers. Redirect and JavaScript injection. Automated Malware Scans Run malware scans up to twice per day, with results emailed to you when a threat is confirmed. Threat Hunter Search traffic, files, database content, processes, and scheduled jobs for signs of compromise or reinfection. 360-Degree Coverage Load BitFire before the WordPress boot process to stop attacks that target plugin and theme files directly. Human Support This is what makes BitFire different from the big-name security plugins: when you need help, you talk to a real person. Our US-based support team is available 12 hours a day. No ticket queues that take days. No chatbots. No copy-and-paste answers. Just experienced people who will help make sure your site is secure. Whether you need help with setup, have a question about a blocked request, or want someone to examine a suspicious file, we are here. Pricing Free $0 forever. Bot blocking, malware scanning, login protection, and real-time traffic monitoring. Everything you need to stop the vast majority of automated attacks. Pro – Single Site $60/year. Full RASP protection, an A+ rated WAF, AI malware analysis, 30-day traffic logs, and priority human support. Pro – Multi-Site Volume Pricing Managing multiple sites? The more you protect, the less you pay: 2-4 sites: $50/site per year 5-9 sites: $45/site per year 10-24 sites: $35/site per year 25-49 sites: $25/site per year Volume pricing is ideal for freelancers, agencies, and anyone managing WordPress sites for clients. Contact us for volume licensing. How BitFire Compares BitFire vs Wordfence Wordfence is a solid product with a large team writing custom rules for known vulnerabilities. One important difference is how BitFire handles automated traffic: Bot blocking – WordPress cannot reliably distinguish human traffic from automated traffic on its own. BitFire is designed to identify and block malicious bots before they can exploit or infect your site. If you use Wordfence, we strongly recommend using the paid version. Read the detailed BitFire vs Wordfence comparison Why Do Other Plugins Focus So Much on Cleaning Up Malware? Good question. Have you noticed how much other security plugins charge for malware removal and how much of their marketing focuses on finding infections? BitFire focuses on keeping malware off your site so you do not need to pay someone to remove it. Privacy / Monitoring / Data Collection We take your privacy seriously. Here is exactly what BitFire does with your data: Traffic inspection. BitFire inspects web traffic to your site to identify threats. Sensitive data, such as passwords and credit card numbers, is automatically replaced with redacted in logs. You can add additional fields to filter in the settings. Error reporting. If BitFire encounters a software error, it can send a report to our development team so we can fix it in a future release. No visitor data is included in these reports. Malware hash checking. BitFire sends small numeric fingerprints, known as 64-bit hashes, of your files to our hash server to compare them against our database of known-good files. For example, a file might hash to the number 812612388126487. We never receive your actual file contents, and file hashes are not stored on our servers. Local data storage. All log data and configuration files are stored locally on your server in a hidden, randomly named directory under wp-content/uploads/. This directory is protected by an .htaccess file and is not accessible from the web.
Top keywords
- bitfire18×2.20%
- malware12×1.46%
- site12×1.46%
- traffic11×1.34%
- data8×0.98%
- file7×0.85%
- files7×0.85%
- pro7×0.85%
- sites7×0.85%
- attacks6×0.73%
- automated5×0.61%
- database5×0.61%
NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall
A true Web Application Firewall NinjaFirewall (WP Edition) is a true Web Application Firewall. Although it can be installed and configured just like a plugin, it is a stand-alone firewall that stands in front of WordPress. It allows any blog administrator to benefit from very advanced and powerful security features that usually aren’t available at the WordPress level, but only in security applications such as the Apache ModSecurity module or the PHP Suhosin extension. NinjaFirewall requires at least PHP 7.1, MySQLi extension and is only compatible with Unix-like OS (Linux, BSD). It is not compatible with Microsoft Windows. NinjaFirewall can hook, scan, sanitise or reject any HTTP/HTTPS request sent to a PHP script before it reaches WordPress or any of its plugins. All scripts located inside the blog installation directories and sub-directories will be protected, including those that aren’t part of the WordPress package. Even encoded PHP scripts, hackers shell scripts and backdoors will be filtered by NinjaFirewall. Powerful filtering engine NinjaFirewall includes the most powerful filtering engine available in a WordPress plugin. Its most important feature is its ability to normalize and transform data from incoming HTTP requests which allows it to detect Web Application Firewall evasion techniques and obfuscation tactics used by hackers, as well as to support and decode a large set of encodings. See our blog for a full description: An introduction to NinjaFirewall filtering engine. Fastest and most efficient brute-force attack protection for WordPress By processing incoming HTTP requests before your blog and any of its plugins, NinjaFirewall is the only plugin for WordPress able to protect it against very large brute-force attacks, including distributed attacks coming from several thousands of different IPs. See our benchmarks and stress-tests: Brute-force attack detection plugins comparison The protection applies to the wp-login.php script but can be extended to the xmlrpc.php one. The incident can also be written to the server AUTH log, which can be useful to the system administrator for monitoring purposes or banning IPs at the server level (e.g., Fail2ban). Real-time detection File Guard real-time detection is a totally unique feature provided by NinjaFirewall: it can detect, in real-time, any access to a PHP file that was recently modified or created, and alert you about this. If a hacker uploaded a shell script to your site (or injected a backdoor into an already existing file) and tried to directly access that file using his browser or a script, NinjaFirewall would hook the HTTP request and immediately detect that the file was recently modified or created. It would send you an alert with all details (script name, IP, request, date and time). File integrity monitoring File Check lets you perform file integrity monitoring by scanning your website hourly, twicedaily or daily. Any modification made to a file will be detected: file content, file permissions, file ownership, timestamp as well as file creation and deletion. Watch your website traffic in real time Live Log lets you watch your website traffic in real time. It displays connections in a format similar to the one used by the tail -f Unix command. Because it communicates directly with the firewall, i.e., without loading WordPress, Live Log is fast, lightweight and it will not affect your server load, even if you set its refresh rate to the lowest value. Event Notifications NinjaFirewall can alert you by email on specific events triggered within your blog. Some of those alerts are enabled by default and it is highly recommended to keep them enabled. It is not unusual for a hacker, after breaking into your WordPress admin console, to install or just to upload a backdoored plugin or theme in order to take full control of your website. NinjaFirewall can also attach a PHP backtrace to important notifications. Monitored events: Administrator login. Modification of any administrator account in the database. Plugins upload, installation, (de)activation, update, deletion. Themes upload, installation, activation, deletion. WordPress update. Pending security update in your plugins and themes. Stay protected against the latest WordPress security vulnerabilities To get the most efficient protection, NinjaFirewall can automatically update its security rules daily, twice daily or even hourly. Each time a new vulnerability is found in WordPress or one of its plugins/themes, a new set of security rules will be made available to protect your blog immediately. Strong Privacy Unlike a Cloud Web Application Firewall, or Cloud WAF, NinjaFirewall works and filters the traffic on your own server and infrastructure. That means that your sensitive data (contact form messages, customers credit card number, login credentials etc) remains on your server and is not routed through a third-party company’s servers, which could pose unnecessary risks (e.g., decryption of your HTTPS traffic in order to inspect it, employees accessing your data or logs in plain text, theft of private information, man-in-the-middle attack etc). Your website can run NinjaFirewall and be compliant with the General Data Protection Regulation (GDPR). See our blog for more details. IPv6 compatibility IPv6 compatibility is a mandatory feature for a security plugin: if it supports only IPv4, hackers can easily bypass the plugin by using an IPv6. NinjaFirewall natively supports IPv4 and IPv6 protocols, for both public and private addresses. Multi-site support NinjaFirewall is multi-site compatible. It will protect all sites from your network and its configuration interface will be accessible only to the Super Admin from the network main site. Possibility to prepend your own PHP code to the firewall You can prepend your own PHP code to the firewall with the help of an optional distributed configuration file. It will be processed before WordPress and all its plugins are loaded. This is a very powerful feature, and there is almost no limit to what you can do: add your own security rules, manipulate HTTP requests, variables etc. Low Footprint Firewall NinjaFirewall is very fast, optimised, compact, and requires very low system resource. See for yourself: download and install the Code Profiler plugin and compare NinjaFirewall’s performance with other security plugins. Non-Intrusive User Interface NinjaFirewall looks and feels like a built-in WordPress feature. It does not contain intrusive banners, warnings or flashy colors. It uses the WordPress simple and clean interface and is also smartphone-friendly. Contextual Help Each NinjaFirewall menu page has a contextual help screen with useful information about how to use and configure it. If you need help, click on the Help menu tab located in the upper right corner of each page in your admin panel. Need more security ? Check out our new supercharged edition: NinjaFirewall WP+ Edition Unix shared memory use for inter-process communication and blazing fast performances. IP-based Access Control. Role-based Access Control. Country-based Access Control via geolocation. URL-based Access Control. Bot-based Access Control. Import/Export the configuration from WP-CLI. Centralized Logging. Antispam for comment and user regisration forms. Rate limiting option to block aggressive bots, crawlers, web scrapers and HTTP attacks. Response body filter to scan the output of the HTML page right before it is sent to your visitors browser. Better File uploads management. Better logs management. Syslog logging. Learn more about the WP+ Edition unique features. Compare the WP and WP+ Editions. Requirements WordPress 4.9+ Admin/Superadmin with manage_options + unfiltered_html capabilities. PHP 7.1+ MySQL or MariaDB with MySQLi extension Apache / Nginx / LiteSpeed / Openlitespeed compatible Unix-like operating systems only (Linux, BSD etc). NinjaFirewall is NOT compatible with Microsoft Windows.