• Nullsto Rules must be read before making a post, otherwise you will get permanent warning points or a permanent ban.

    Nullsto Forum provides CLEAN and SAFE resources. You can use them for development and testing if you are on Windows and have an antivirus that alerts you about a possible infection: It is a false positive since every script is double checked by our experts. While downloading a resource, we recommend that you add Nullsto to your trusted sites/sources or temporarily disable your antivirus. "Enjoy your presence on Nullsto"
Security Ninja Pro - WordPress Security Made Easy

Security Ninja Pro - WordPress Security Made Easy v5.287 Nulled

No permission to download
Overview Updates (27) History Discussion

Security Ninja PRO - WordPress Security Made Easy v5.287

Security Ninja PRO - WordPress Security Made Easy v5.287 Nulled
== Changelog ==

= 5.287 =
* 2026-06-02
* FIX: Change Login URL (Pro) — Works when Cloud Firewall is disabled; only “Change login URL” and the slug need to be enabled under Login Protection.
* FIX: Change Login URL (Pro) — `/your-slug/` login URLs work even when permalinks are Plain (fixes 404 when the Preview link used a path-style URL).
* FIX: Change Login URL (Pro) — Reliable path matching for subdirectory installs; fallback serves login if WordPress resolved the request as a 404.
* FIX: Change Login URL (Pro) — wp-admin blocking applies to `/wp-admin` with or without a trailing slash.
* IMPROVED: Change Login URL (Pro) — Admin Preview shows the same URL the plugin uses (`?slug` on Plain permalinks, `/slug/` otherwise).

Security Ninja PRO - WordPress Security Made Easy v5.284

Security Ninja PRO - WordPress Security Made Easy v5.284 Nulled
= 5.284 =
* 2026-05-23
* FIX: Change Login URL (Pro) — Checkout and other frontend flows that use WordPress `admin-post.php` (for example FluentCart account creation during checkout) no longer show “Access Denied” for visitors. Legitimate public handlers registered with `admin_post_nopriv_*` are allowed; direct access to the rest of wp-admin stays blocked.
* IMPROVED: Rename Login (Pro) — Recognized temporary-login plugin links (Temporary Login Without Password, One Time Login, Magic Login, Login Links) are no longer blocked when accessing wp-admin before authentication completes. Extend via the `securityninja_rename_login_allow_autologin` filter.
* IMPROVED: AI Security Advisor now uses WordPress 7 structured AI responses for more reliable report output.
* IMPROVED: AI Security Advisor reports now include richer context from Security Tests, Vulnerability Scanner, Core Scanner, and recent security events.
* IMPROVED: Pro sites now include Malware Scanner findings in AI report context when available.
* NEW: WordPress 7 Abilities (optional, on by default): expose read-only security data to other WordPress AI clients—Security Test summary (passed/warning/failed), 7-day attack activity vs the previous week, and the latest saved AI Security Advisor report. Control exposure under Security Advisor → Settings; turning this off does not affect generating reports or follow-ups on the Security Advisor page.
* NEW: Added a dismissable "Re-evaluate with AI" reminder after tests, scans, and firewall setting changes (stays hidden after dismiss until a new security event occurs).

Security Ninja PRO - WordPress Security Made Easy v5.282

Security Ninja PRO - WordPress Security Made Easy v5.282 Nulled
== Changelog ==

= 5.282 =
* 2026-04-
* FIX: Two-factor authentication (Pro) — When 2FA is enabled but required roles were missing or invalid, login could skip the 2FA step. Security Ninja now falls back to requiring **Administrator** so the code prompt always appears for protected accounts.
* FIX: Saving 2FA status would fail if firewall not enabled. Thank you Vassos.
* Added a new Tools-page Cleanup button. Securely removes any legacy options or data. Thank you Davina for the idea.
* FIX: Cloud Firewall (Pro) — Clearing **all** countries in country blocking and saving now actually turns country blocking off. Previously, choosing “none” could leave old selections in place because empty lists were not saved correctly.
* IMPROVED: Cloud Firewall — IP whitelist entries written as **ranges** (CIDR, one per line on IP Management) now apply the same way everywhere: visitor checks, secret recovery links, and automatic whitelist logic no longer treat ranges like plain single IPs only in some code paths.
* NEW: Cloud Firewall (Pro) — Option to soften country blocking for satellite ISPs like Starlink. Easily enable or adjust under Firewall → Settings for smoother access while keeping strong protection.
* IMPROVED: Cloud Firewall (Pro) — If a country or cloud block is skipped because the visitor is using a satellite ISP (satellite ASN softening), you'll now see this clearly in the Events log.

Security Ninja PRO - WordPress Security Made Easy v5.276

Security Ninja PRO - WordPress Security Made Easy v5.276 Nulled
== Changelog ==

= 5.276 =
* 2026-03-27
* Maintenance release - Minor improvements and stability.
* FIX: Security Fixes — Saving the Fixes screen now applies wp-config changes only when toggles are ON: disable file editor, disable WP_DEBUG, and secure session cookies. Previously, always-present form keys made the “on” paths run even when options were OFF, which could append duplicate `define()` lines and trigger PHP notices (thanks Masahiro Kasahara for the report). `update_define` also skips appending a constant that is already defined (e.g. set from an included file).
* Setup wizard – Fixed errors in the wizard and made a few small improvements.

Security Ninja PRO - WordPress Security Made Easy v5.275

Security Ninja PRO - WordPress Security Made Easy v5.275 Nulled
= v5.275 = 2026-03-16
* FIX: Event Logger – Plugin and theme installs are now logged (previously only updates were recorded). Activate and deactivate events are always logged with a fallback label when plugin name cannot be read.
* NEW: Event Logger – Now also logs activated_plugin, deactivated_plugin, add_user_role, and remove_user_role for a fuller audit trail.
* Event Logger – reliability: Event Logger now records settings changes, post updates, plugin activation/deactivation, and user events correctly when the module is enabled. Previously, events could be missing due to licensing checks blocking the write path; logging no longer depends on that for storing events.
* Event Logger – less noise: A single click to update an already-published post now creates one log entry instead of three. Saving a settings page (e.g. General) creates one entry instead of duplicate entries.
* Event Logger – clearer actions: Settings saves are logged with the action "options_saved" and show which settings page was updated (e.g. General, Reading). Internal WordPress hook names like "whitelist_options" are no longer shown in the log.
* Event Logger – security: Passwords and account activation keys are never stored in the log or shown in event details. User registration and profile update events only store non-sensitive data.
* AI Security Advisor – Get a plain-English security summary and top improvements from your security tests. Uses WordPress 7 AI Connectors (OpenAI, Google, Anthropic); no domains, URLs, or personal data are sent.
* AI Security Advisor – Overview tab shows when your site was last reviewed and a one-line teaser from the latest report, or invites you to run your first review or set up a connector.
* AI Security Advisor – Dashboard widget shows advisor status at a glance (last reviewed, ready for first review, or set up) with a quick link to the Security Advisor page.
* Event Logger – Login events are recorded only when a valid user is present, so your log stays accurate when other plugins or tools fire login-related hooks.
* IMPROVED: Visitor Logging (Cloud Firewall) – The Visitor Logging subtab now shows how much database space the visitor log uses and how many entries it contains. A "Reset visitor log" button lets you clear all visitor log entries in one click.
* FIX: Firewall – Removed the "blocked_kanagawa" blocked-hosts rule. Kanagawa is a Japanese prefecture and the rule caused false positives for legitimate traffic from Japanese ISPs (e.g. OCN). Thank you Masahiro.

Security Ninja PRO - WordPress Security Made Easy v5.270

Security Ninja PRO - WordPress Security Made Easy v5.270 Nulled
== Changelog ==

= 5.270 =
* 2026-02-22
* FIX: Secure cookies fix now writes ini_set lines before any closing PHP tag in wp-config.php, preventing "headers already sent" and cookie/login issues. Thanks to Olga for the detailed report that made this fix possible.
* NEW: Core Scanner – You can now open a printable report when the scan finds issues. Use "Print / Download report" to open the report in a new window and print or save as PDF for your records or support.
* IMPROVED: Core Scanner – The report button is always visible; when no issues are detected it shows a short notice so you know the option is available after the next scan with findings.
* IMPROVED: Core Scanner – Original WordPress core files are cached for one day when restoring or comparing, so repeat operations are faster and put less load on external servers.
* IMPROVED: Core Scanner – "View differences" now opens in the same unified File Viewer layout as "View File", with consistent styling, file metadata, and shared security validation instead of a separate standalone page.
* FIX: Firewall enable modal – "Send email" (activate and send unblock link) now works. The unblock-email AJAX action was not registered and the handler expected the email in GET; the action is now registered and all unblock-email requests use POST only.
* TECH: All internal script and style references now use non-minified JS and CSS only; minified copies have been removed to simplify the codebase.
* FIX: Fixed PHP 8.1 deprecation notice "Implicit conversion from float to int loses precision" in Cloud Firewall IPv6 CIDR matching. Thanks to Lesford for the report.

Security Ninja PRO - WordPress Security Made Easy v5.264

Security Ninja PRO - WordPress Security Made Easy v5.264 Nulled
= 5.264 =
* 2026-01-31
* FIX: Fixed wpdb::prepare() error during plugin uninstallation when dropping database tables.
* FIX: Vulnerability scanner no longer blocks wp-admin after deactivating and reactivating the plugin. If the vulnerability data files are missing or unreadable (e.g. after reactivation or server changes), the plugin now recovers automatically: it shows the vulnerability count as zero until the data is restored in the background, and the dashboard continues to load normally.
* IMPROVED: Vulnerability module now recreates and re-downloads its data files when they are missing, so you no longer need to reinstall the plugin to fix a "JSONL file not readable" error.
* FIX: Hardened vulnerability JSONL file handling: guard fclose() on stream and catch all errors when counting records, so missing or unreadable files never cause a fatal in wp-admin.
* FIX: Login Protection - "Failed login warnings" toggle now correctly saves when disabled (was reverting to enabled because unchecked checkbox is omitted from form POST).
* FIX: 2FA – Disabling 2FA in settings now persists correctly; toggle uses a hidden input so unchecked state is saved.

Security Ninja PRO - WordPress Security Made Easy v5.263

Security Ninja PRO - WordPress Security Made Easy v5.263
= v5.263 =
* Improved bandwidth usage getting vulnerabilities for all users.
* Improved: Vulnerability scanner now reads vulnerability feeds in a streaming, memory-efficient way to reduce peak memory usage.

Security Ninja PRO - WordPress Security Made Easy v5.261

Security Ninja PRO - WordPress Security Made Easy v5.261
= 5.261 = 2025-11-17
* Fixed: 2FA - Changed key name format from "site_url (username):email" to "site_url:username" - Thank you Davina.
* Fixed: Compatibility warning with WordPress 6.7 regarding translation loading timing
* Fixed: Server security restriction warning when checking wp-config.php file location
* Fixed: Fixed critical bug where database prefix changer added an extra underscore when updating wp-config.php, causing WordPress to look for non-existent tables with double underscores (e.g., wp_12345__posts instead of wp_12345_posts). Thank you Tchai.
* Fixed: Database prefix changer to properly update option names and meta keys when changing from custom prefixes (not just "wp_").
* IMPROVED: Database prefix changer now works with any prefix, not just the default "wp_". Can now rename tables when changing from one custom prefix to another. All plugin tables are automatically included in the renaming process.

Security Ninja PRO - WordPress Security Made Easy v5.260

Security Ninja PRO - WordPress Security Made Easy v5.260 Nulled
== Changelog ==

= 5.260 =
* 2025-11-12
* NEW: Failed login email warnings - administrators receive email notifications when someone attempts to log in with their username and fails. Can be enabled in Login Form Protection settings.
* NEW: Admin IPs are automatically whitelisted on plugin activation and successful admin login to prevent administrators from being blocked. Thank you Val.
* FIX: Fixed country blocking to respect "only block backend" setting when enabled. Thank you Guru for the tip.
* IMPROVED: Secret access URL processing has been moved up in the request cycle to make sure IP whitelisting happens before any ban checks, so blocked visitors should be able to get back on the site more reliably.
* IMPROVED: wp-config.php backups are stored in encrypted format (AES-256-CBC) to ensure data security. Each backup uses a unique encryption key and initialization vector. This was introduced in a previous release, but was not added to the changelog.
* Update 3rd party libraries - Freemius SDK 2.13.0 among others.
Top