← ServerPilot Docs

How to Use NinjaFirewall for WordPress

HeatShield is an alternative WordPress firewall plugin that uses ModSecurity. HeatShield is developed by us, the developers of ServerPilot.

NinjaFirewall is a stand-alone web application firewall that stands between your WordPress site and everyone else. It easy to use and is installed just like a plugin.

Installing NinjaFirewall

To install NinjaFirewall, first log in to your WordPress Dashboard and select Add New from the Plugins menu.

Then, search for "NinjaFirewall".

Click Install Now.

When the plugin has finished installing, click Activate.

Configuring NinjaFirewall

Now that you've activated it, open NinjaFirewall from your WordPress Dashboard.

Pay attention to the disclaimers at the top of the screen. We've also provided them here:

  1. Do not rename, edit, or delete NinjaFirewall's files or folders, even if it is disabled from the plugins page.
  2. Do not migrate your site with NinjaFirewall installed. Export its configuration, uninstall it, migrate your site, reinstall NinjaFirewall, and reimport its configuration.
  3. Failure to follow these steps will almost always cause you to be locked out of your own site.

Once you understand those disclaimers, click Enough Chit-Chat, Let's Go! at the bottom of the screen.

On the system configuration screen, select Apache + CGI/FastCGI for your server API and .user.ini for the PHP initialization file.

Click Next Step.

Under Firewall Integration, elect to Let NinjaFirewall make the above changes.

Click Next Step.

Finally, click Test Firewall to ensure your firewall integration with your WordPress site was successful.

You can tailor NinjaFirewall to your needs by opening the new NinjaFirewall menu from your dashboard and choosing the options that work best for you.

For example, select Login Protection to enable brute force protection for your site.

Launch your first site in 5 minutes