Q: Can you selectively enable features in WP Security Ninja?
Is it possible to install WP Security Ninja and selectively enable the elements of the plugin you want to use? For example, could I install and use it solely for Two-factor Authentication?
Great question! Yes, absolutely. You can selectively enable the features you want to use in WP Security Ninja.
When you first install the plugin, you can skip the setup wizard. After that, simply navigate to Firewall -> Login Protection in your WordPress dashboard, and you’ll find the option to enable Two-Factor Authentication (2FA) there, along with other login security features. You can then enable or disable other modules as you see fit.
Q: How to whitelist a REST API route from the local firewall?
Hello,
I'm a PRO user with 5 licenses. Your plugin blocks API requests from the AppSumo tool Videotoblog.ai. The only way it works is by completely deactivating Security Ninja.
I have confirmed the block comes from the local firewall ("Block Suspicious Requests"), NOT from the Cloud Firewall.
Videotoblog's support says I need to whitelist the API route wp-json/wp/v2/posts.
My question is: How can I add this specific route to the local firewall's exclusion list?
I can't find a URL exclusion option in the UI, IP whitelisting is not possible (they use dynamic IPs), and the Event Log does not have an "allow" feature for these blocks.
A: Thanks so much for reaching out and for being a PRO user! We're sorry to hear you're running into trouble with Videotoblog.ai, but the good news is that Security Ninja gives you the flexibility to fine-tune your firewall for exactly these situations.
Here's how you can whitelist a specific REST API route without turning off the entire firewall:
- Go to the "Events" tab in Security Ninja and locate one of the blocked requests from Videotoblog.ai. - Click the "Details" tab for that event. What we're looking for is the specific "rule" that was triggered and caused the block. - Once you know which rule is responsible, you can use a custom code snippet to allow just that traffic, while keeping all other protections in place.
We have a detailed guide and code examples here: https://wpsecurityninja.com/docs/filters-hooks/customizing-firewall-filter-rules/
In a recent update, we made it even easier by giving each rule a unique name, so you can target exactly the one you want to adjust.
If you need help setting up the snippet, just email us at support@wpsecurityninja.com with the name of the rule, and we'll be happy to help you get it working for your site.
You can also turn off the "Block Suspicious Requests" option entirely, but we recommend just disabling the specific rule that's causing issues. This way, you keep your site protected while letting Videotoblog.ai work as intended.
We have plans to make a nice interface for the firewall rules that would allow to easily customize and tweak the firewall rules, but that is scheduled for a later release.
Q: Real-Time IP Blocklist of Wordfence v/s Cloud Firewall WP Security Ninja
I was thinking to upgrade free wordfence to paid one for real time ip blocklist feature and wp security ninja offer just popped up. I have spent some time and compared all features, WP Ninja looks better in features. Whats difference between real time ip list of both plugins? Malicious IP list is generated by sites using WP Ninja only or it’s from other sources as well? e.g. If a hacker attacking wordpress site on wordfence network will be blocked automatically by malicious IP blocker of WP Ninja? Are you using any third party service like cloudflare ?
A: Great question! Both WP Security Ninja and Wordfence offer strong protection, but their approaches to real-time IP blocklists have some differences.
WP Security Ninja's firewall uses a multi-layered approach. It's built on the robust 8G firewall ruleset, and it also loads a massive, regularly updated blocklist of known malicious IPs, currently over 600 million. This list is collated from multiple sources, not just from sites running WP Security Ninja. In addition, all sites using the plugin contribute to a shared intelligence network, so if a new malicious IP is detected attacking one site, it can be quickly blocked across the entire network of sites using WP Security Ninja.
As for Wordfence, while I can't speak to their exact methods, they have a large and talented team and are well-known for their real-time threat intelligence. Their paid version also offers a real-time IP blocklist, and I'm sure they use a combination of their own data and other sources to keep their users protected.
WP Security Ninja does not rely on third-party services like Cloudflare for its core firewall or blocklist features.
Hope this helps clarify things! If you have any more questions, feel free to ask.
Q: Concern about general communication about the team and development
Hi Lars, got another one for you :)
I bought Tier 4 in April 2025 and one concern I have is there's been no communication (e.g. email newsletters) from you in terms of new updates, plans for the future, etc.
Most sellers here on AppSumo are pretty active in communicating with users once their campaign ends. They seem to take advantage of the upfront capital and traffic to boost their marketing efforts — I'm wondering why you haven't done the same?
You've put out several YouTube videos over the last month but you only have 28 subscribers and I don't see any prominent channels reviewing your plugin or creating tutorials. Is this run by a team or is it just you?
All in all, I feel you need to market your product more and better. Collaborate with YT influencers, send email newsletters, provide updates about development and your team, etc.
Thank you so much for your thoughtful feedback and for being a Tier 4 supporter! We really appreciate you taking the time to share your concerns and suggestions.
I want to clarify a few things about our communication and development efforts. We've actually been quite active on social media over the past several months, sharing updates, tips, and engaging with our community. We are on X, Facebook and LinkedIn. Regarding newsletters - In May 2025 alone, we sent out five dedicated newsletters to our subscribers, covering everything from new plugin features to our revamped support system and more. This is in addition to our regular newsletters that highlight new blog posts and security tips.
We also maintain a public roadmap at https://securityninja.productlift.dev/, where users can submit ideas, vote on features, and track our progress. Many of the suggestions from our community have already been implemented, and you can always check the latest changelog directly in the plugin by clicking the “Updates” button in the top right corner of the admin interface.
You're absolutely right about our YouTube channel - it's still in its early days! We only started focusing on video content recently, and we know there's a long way to go. We'd love for you to be subscriber #29 ;-) and help us grow that channel with your feedback and ideas for content you'd like to see.
To answer your question about the team: after our last AppSumo campaign, we were able to expand to two full-time employees, and we're hoping to grow even more with the support from this campaign. Building and marketing a product like this is a huge challenge, but we're committed to improving every step of the way.
Thanks again for your honest feedback and for being part of our journey. If you have any specific ideas or requests, please keep them coming - we're always listening and eager to improve!
Q: Haven't received the "MainWP Addon" since April 2025
Hi Lars, I read in one of your previous comments:
"You will get an email sent to you as soon as I see any Tier 3 or 4 purchase - We added this after launching, so its not part of the automated redemption process. We are here right now, but forgive us due to timezone differences if we are not sending it immediately. We usually get all MainWP licenses out within 24 hours."
I purchased Tier 4 in April 2025 but haven't received any emails from you. Can you check why and send it to me please?
Also, please automate the process already — it really shouldn't take months just to implement something as simple as this. Or even better, why not include the addon under the WP Security Ninja settings as a modular option that users can toggle off and on, just like many other plugins do whenever they offer integrations and extensions.
A: Hi there! If you’ve seen that comment, I’m guessing you’ve also seen our other replies about this issue. As we’ve mentioned before, if you haven’t received your MainWP license key, please reach out to us directly at support@wpsecurityninja.com.
Just to clarify, the MainWP license was promised after we had already locked down the redemption process, so it’s not automated. This means we have to manually check which users need a license and also keep track of cancellations to close licenses as needed.
We’re really sorry if you didn’t get your license! :-( If it’s been three months, it’s safe to assume we missed your note. Please just email us and we’ll get your license key to you ASAP (as long as you’re on Tier 3 or 4).
Q: Can you selectively enable features in WP Security Ninja?
Is it possible to install WP Security Ninja and selectively enable the elements of the plugin you want to use? For example, could I install and use it solely for Two-factor Authentication?
Lars_Koudal
Jul 12, 2025A: Hi there,
Great question! Yes, absolutely. You can selectively enable the features you want to use in WP Security Ninja.
When you first install the plugin, you can skip the setup wizard. After that, simply navigate to Firewall -> Login Protection in your WordPress dashboard, and you’ll find the option to enable Two-Factor Authentication (2FA) there, along with other login security features. You can then enable or disable other modules as you see fit.
Hope this helps!
Share WP Security Ninja
Q: How to whitelist a REST API route from the local firewall?
Hello,
I'm a PRO user with 5 licenses. Your plugin blocks API requests from the AppSumo tool Videotoblog.ai. The only way it works is by completely deactivating Security Ninja.
I have confirmed the block comes from the local firewall ("Block Suspicious Requests"), NOT from the Cloud Firewall.
Videotoblog's support says I need to whitelist the API route wp-json/wp/v2/posts.
My question is: How can I add this specific route to the local firewall's exclusion list?
I can't find a URL exclusion option in the UI, IP whitelisting is not possible (they use dynamic IPs), and the Event Log does not have an "allow" feature for these blocks.
Your help is appreciated.
Lars_Koudal
Jul 12, 2025A: Thanks so much for reaching out and for being a PRO user! We're sorry to hear you're running into trouble with Videotoblog.ai, but the good news is that Security Ninja gives you the flexibility to fine-tune your firewall for exactly these situations.
Here's how you can whitelist a specific REST API route without turning off the entire firewall:
- Go to the "Events" tab in Security Ninja and locate one of the blocked requests from Videotoblog.ai.
- Click the "Details" tab for that event. What we're looking for is the specific "rule" that was triggered and caused the block.
- Once you know which rule is responsible, you can use a custom code snippet to allow just that traffic, while keeping all other protections in place.
We have a detailed guide and code examples here: https://wpsecurityninja.com/docs/filters-hooks/customizing-firewall-filter-rules/
In a recent update, we made it even easier by giving each rule a unique name, so you can target exactly the one you want to adjust.
If you need help setting up the snippet, just email us at support@wpsecurityninja.com with the name of the rule, and we'll be happy to help you get it working for your site.
You can also turn off the "Block Suspicious Requests" option entirely, but we recommend just disabling the specific rule that's causing issues. This way, you keep your site protected while letting Videotoblog.ai work as intended.
We have plans to make a nice interface for the firewall rules that would allow to easily customize and tweak the firewall rules, but that is scheduled for a later release.
Let us know if you need any more help.
Share WP Security Ninja
Q: Real-Time IP Blocklist of Wordfence v/s Cloud Firewall WP Security Ninja
I was thinking to upgrade free wordfence to paid one for real time ip blocklist feature and wp security ninja offer just popped up. I have spent some time and compared all features, WP Ninja looks better in features. Whats difference between real time ip list of both plugins? Malicious IP list is generated by sites using WP Ninja only or it’s from other sources as well? e.g. If a hacker attacking wordpress site on wordfence network will be blocked automatically by malicious IP blocker of WP Ninja? Are you using any third party service like cloudflare ?
Lars_Koudal
Jul 10, 2025A: Great question! Both WP Security Ninja and Wordfence offer strong protection, but their approaches to real-time IP blocklists have some differences.
WP Security Ninja's firewall uses a multi-layered approach. It's built on the robust 8G firewall ruleset, and it also loads a massive, regularly updated blocklist of known malicious IPs, currently over 600 million. This list is collated from multiple sources, not just from sites running WP Security Ninja. In addition, all sites using the plugin contribute to a shared intelligence network, so if a new malicious IP is detected attacking one site, it can be quickly blocked across the entire network of sites using WP Security Ninja.
As for Wordfence, while I can't speak to their exact methods, they have a large and talented team and are well-known for their real-time threat intelligence. Their paid version also offers a real-time IP blocklist, and I'm sure they use a combination of their own data and other sources to keep their users protected.
WP Security Ninja does not rely on third-party services like Cloudflare for its core firewall or blocklist features.
Hope this helps clarify things! If you have any more questions, feel free to ask.
Share WP Security Ninja
Q: Concern about general communication about the team and development
Hi Lars, got another one for you :)
I bought Tier 4 in April 2025 and one concern I have is there's been no communication (e.g. email newsletters) from you in terms of new updates, plans for the future, etc.
Most sellers here on AppSumo are pretty active in communicating with users once their campaign ends. They seem to take advantage of the upfront capital and traffic to boost their marketing efforts — I'm wondering why you haven't done the same?
You've put out several YouTube videos over the last month but you only have 28 subscribers and I don't see any prominent channels reviewing your plugin or creating tutorials. Is this run by a team or is it just you?
All in all, I feel you need to market your product more and better. Collaborate with YT influencers, send email newsletters, provide updates about development and your team, etc.
Lars_Koudal
Jul 9, 2025A: Hi iXzenoS,
Thank you so much for your thoughtful feedback and for being a Tier 4 supporter! We really appreciate you taking the time to share your concerns and suggestions.
I want to clarify a few things about our communication and development efforts. We've actually been quite active on social media over the past several months, sharing updates, tips, and engaging with our community. We are on X, Facebook and LinkedIn. Regarding newsletters - In May 2025 alone, we sent out five dedicated newsletters to our subscribers, covering everything from new plugin features to our revamped support system and more. This is in addition to our regular newsletters that highlight new blog posts and security tips.
We also maintain a public roadmap at https://securityninja.productlift.dev/, where users can submit ideas, vote on features, and track our progress. Many of the suggestions from our community have already been implemented, and you can always check the latest changelog directly in the plugin by clicking the “Updates” button in the top right corner of the admin interface.
You're absolutely right about our YouTube channel - it's still in its early days! We only started focusing on video content recently, and we know there's a long way to go. We'd love for you to be subscriber #29 ;-) and help us grow that channel with your feedback and ideas for content you'd like to see.
To answer your question about the team: after our last AppSumo campaign, we were able to expand to two full-time employees, and we're hoping to grow even more with the support from this campaign. Building and marketing a product like this is a huge challenge, but we're committed to improving every step of the way.
Thanks again for your honest feedback and for being part of our journey. If you have any specific ideas or requests, please keep them coming - we're always listening and eager to improve!
Share WP Security Ninja
Q: Haven't received the "MainWP Addon" since April 2025
Hi Lars, I read in one of your previous comments:
"You will get an email sent to you as soon as I see any Tier 3 or 4 purchase - We added this after launching, so its not part of the automated redemption process. We are here right now, but forgive us due to timezone differences if we are not sending it immediately. We usually get all MainWP licenses out within 24 hours."
I purchased Tier 4 in April 2025 but haven't received any emails from you. Can you check why and send it to me please?
Also, please automate the process already — it really shouldn't take months just to implement something as simple as this. Or even better, why not include the addon under the WP Security Ninja settings as a modular option that users can toggle off and on, just like many other plugins do whenever they offer integrations and extensions.
Lars_Koudal
Jul 9, 2025A: Hi there! If you’ve seen that comment, I’m guessing you’ve also seen our other replies about this issue. As we’ve mentioned before, if you haven’t received your MainWP license key, please reach out to us directly at support@wpsecurityninja.com.
Just to clarify, the MainWP license was promised after we had already locked down the redemption process, so it’s not automated. This means we have to manually check which users need a license and also keep track of cancellations to close licenses as needed.
We’re really sorry if you didn’t get your license! :-( If it’s been three months, it’s safe to assume we missed your note. Please just email us and we’ll get your license key to you ASAP (as long as you’re on Tier 3 or 4).
Thanks for your patience and understanding!
Share WP Security Ninja