|General (6 plugins)|
Bad Bots Are Your #1 Security Threat. Real security is stopping attackers dead, before they hack your site.
Don’t Leave Your Site At Risk If your site is vulnerable to attack, you’re putting your business and your reputation at serious risk. Getting hacked can mean you’re locked out of your site, client data stolen, your website defaced or offline, and Google will penalise you. Why take the risk? Download and install Shield now for FREE so that you have the most powerful WordPress security system working for you and protecting your site. Shield + iControlWP If you have multiple sites, then Shield combined with iControlWP, takes the pain out of managing your websites, and covers your security, daily backup (and restore), and updating plugins/themes All the wonderful features of how we protect you and your site are set out below in detail, but there are a few things about us, that you should know first: We’re on a mission to liberate people who manage websites from unnecessarily repetitive work, and by 2022 we want to be saving our clients over 62.5 million hours per year (and we’d love you to join us in our quest) We have three rules that apply to everything we do, and you’ll see these when you use our products or contact us for help: We make everything as simple and easy-to-use as possible (and no simpler!). We’re reliable – we make sure our products do what they promise. We take ownership for resolving problems – we will solve the problem, or point you towards the solution. So, read on for the detail, or start protecting yourself, your clients and your clients’ customers immediately by downloading and installing Shield now What makes the Shield different? No “Pro” restrictions on security features – it’s ALL there for you. Easy-To-Setup User Interface. It won’t break your website – you’ll never get that horrible, pit-of-your stomach feeling you get with other security plugins when your website doesn’t load anymore. Super Admin Security – the only WordPress Security Plugin that protects against tampering. Exclusive membership to a private security group where you can learn more about WordPress security. Awesome Features Blocks malicious URLs and requests Blocks ALL automated spambot comments. Hide your WordPress Admin and Login page. Prevents brute force attacks on your login and any attempted automatic bot logins. Verify user identity with email-based Two-Factor Authentication Monitor login activity and restrict username sharin, with User Sessions Management Review admin activity with a detailed Audit Trail Log Turn on and turn off WordPress Automatic Updates separately for plugins, themes and Core Easy to use kill switch to temporarily turn off all Firewall Features without disabling the plugin or even logging into WordPress. Super Admin Security Protection The only WordPress security plugin with a WordPress-independent security key to protect itself. more info Audit Trail Activity Monitor With the Audit Trail you can review all major actions that have taken place on your WordPress site, by all users. Firewall Protection Blocks all web requests to the site that violate the firewall security rules! more info Brute Force Login Protection and Two-Factor Authentication Provides effective security against Brute Force Hacking and email based Two-Factor Authenticated login. more info Comment SPAM (Full replacement and upgrade from Akismet) Blocks ALL automatic Bot-SPAM, and catches Human Comments SPAM without sending data to 3rd parties or charging subscription fees. more info FABLE – Fully Automatic Black Listing Engine No more manual IP Black lists. This plugin handles the blocking of IP addresses for hosts that are naughty. WordPress Lock Down Numerous security and protection mechanisms to lock down your WordPress admin area, such as blocking file edits and enforcing SSL. Automatic Updates Take back control of your WordPress Automatic Updates. Shield Security Explained The Shield is built to be highly reliable and easy to use by anyone! Originally built off the WordPress Firewall 2, it now includes much more: 9 effective and clear, Firewall blocking options – pick and choose for ultimate protection and compatibility. Option: Ignore already logged-in Administrators so you don’t firewall yourself as you work on the site. Option: IP Address Whitelist. So you can vet your own IP addresses and 3rd Party Services. Option: Developer option for 3rd Party Services to dynamically add IP Addresses to whitelist (our plugin is built to work with others!) E.g. iControlWP. Option: IP Address Blacklist so you can completely block sites/services based on their IP address. Option: to easily turn on / off the whole firewall without disabling the whole plugin! (so simple, but important) Recovery Option: You can use FTP to manually turn ON/OFF the Firewall. This means if you accidentally lock yourself out, you can forcefully turn off the firewall using FTP. You can also turn back on the firewall using the same method. Performance: When the firewall is running it is processing EVERY page load. So your firewall checking needs to be fast. This plugin is written to cache settings and minimize database access: 1-3 database calls per page load. Logging: Full logging of Firewall (and other options) to analyse and debug your traffic and settings. Option: Email when firewall blocks a page access – with option to specify recipient. Option: Email throttling. If you get hit by a bot you wont get 1000s of email… you can throttle how many emails are sent. useful for 3rd party services that connect to the site using other plugins. Basic functionality is based on the principles employed by the WordPress Firewall 2 plugin. Login and Identity Security Protection – Stops Brute Force Attacks Note: Login Protection is a completely independent feature to the Firewall. With the Login Protection features this plugin will single-handedly prevent brute force login attacks on all your WordPress sites. It doesn’t need IP Address Ban Lists (which are actually useless anyway), and instead puts hard limits on your WordPress site, and force users to verify themselves when they login. Three core security features provide layers to protect the WordPress Login system. Email-based 2-Factor Login Authentication based on IP address! (prevents brute force login attacks) Login Cooldown Interval – WordPress will only process 1 login per interval in seconds (prevents brute force login attacks) GASP Anti-Bot Login Form Protection – Adds 2 protection checks for all WordPress login attempts (prevents brute force login attacks using Bots) These options alone will protect and secure your WordPress sites from nearly all forms of Brute Force login attacks. And you hardly need to configure anything! Simply check the options to turn them on, set a cooldown interval and you’re instantly protected. SPAM and Comments Filtering As of version 1.6, this plugin integrates GASP Spambot Protection. We have taken this functionality a level further and added the concept of unique, per-page visit, Comment Tokens. Comment Tokens are unique keys that are created every time a page loads and they are uniquely generated based on 3 factors: The visitors IP address. The Page they are viewing A unique, random number, generated at the time the page is loaded. This is all handle automatically and your users will not be affected – they’ll still just have a checkbox like the original GASP plugin. These comment tokens are then embedded in the comment form and must be presented to your WordPress site when a comment is posted. The plugin will then examine the token, the IP address from which the comment is coming, and page upon which the comment is being posted. They must all match before the comment is accepted. Furthermore, we place a cooldown (i.e. you must wait X seconds before you can post using that token) and an expiration on these comment tokens. The reasons for this are: Cooldown means that a spambot cannot load a page, read the unique comment token and immediately re-post a comment to that page. It must wait a while. This has the effect of slowing down the spambots, and, if the spambots get it wrong, they’ve wasted that token – as tokens can only be used once. Expirations mean that a spambot cannot get the token and use it whenever it likes, it must use it within the specfied time. This all combines to make it much more difficult for spambots (and also human spammers as they have to now wait) to work their dirty magic 🙂
|iThemes Security (formerly Better WP Security)||7.4.0||94||3821||17374423|
Requires PHP: 7.3
iThemes Security is the #1 WordPress Security Plugin iThemes Security (formerly Better WP Security) gives you over 30+ ways to secure and protect your WordPress site. On average, 30,000 new websites are hacked each day. WordPress sites can be an easy target for attacks because of plugin vulnerabilities, weak passwords and obsolete software. Most WordPress admins don’t know they’re vulnerable, but iThemes Security works to lock down WordPress, fix common holes, stop automated attacks and strengthen user credentials. With advanced features for experienced users, our WordPress security plugin can help harden WordPress. Maintained and Supported by iThemes iThemes has been building and supporting WordPress tools since 2008 like BackupBuddy, our WordPress backup plugin. With our full range of WordPress plugins, themes and training, WordPress security is the next step in providing you with everything you need to build the WordPress web. Get Plugin Support and Pro Features Get added peace of mind with professional support from our expert team and pro features to take your site’s security to the next level with iThemes Security Pro. Pro Features: Two-Factor Authentication – Use a mobile app such as Google Authenticator or Authy to generate a code or have a generated code emailed to you. WordPress Salts & Security Keys – The iThemes Security plugin makes updating your WordPress keys and salts easy. Malware Scan Scheduling – Have your site scanned for malware automatically each day. If an issue is found, an email is sent with the details. Password Security – Generate strong passwords right from your profile screen. Password Expiration – Set a maximum password age and force users to choose a new password. You can also force all users to choose a new password immediately (if needed). Google reCAPTCHA – Protect your site against spammers. User Action Logging – Track when users edit content, login or logout. Import/Export Settings – Saves time setting up multiple WordPress sites. Dashboard Widget – Manage important tasks such as user banning and system scans right from the WordPress dashboard. Online File Comparison – When a file change is detected it will scan the origin of the files to determine if the change was malicious or not. Currently works only in WordPress core but plugins and themes are coming. Temporary Privilege Escalation – give a contractor or someone else temporary admin or editor access to your site that will automatically reset itself. wp-cli Integration – Manage your site’s security from the command line. iThemes Sync Integration Manage more than one WordPress site? Manage Away Mode, release lockouts and keep your themes, plugins and WordPress core up to date from one dashboard with iThemes Sync. Start managing 10 WordPress sites for free with iThemes Sync. iThemes Brute Force Attack Protection Network iThemes Security takes brute force attack protection to the next level by banning users who have tried to break into other sites from breaking into yours. The iThemes Brute Force Attack Protection Network will automatically report IP addresses of failed login attempts and will block them for a length of time necessary to protect your site based on the number of sites that have seen a similar attack. Protect iThemes Security works to protect your site by blocking bad users and increasing the security of passwords and other vital information. Prevents brute force attacks by banning hosts and users with too many invalid login attempts Scans your site to instantly report where vulnerabilities exist and fixes them in seconds Bans troublesome user agents, bots and other hosts Strengthens server security Enforces strong passwords for all accounts of a configurable minimum role Forces SSL for admin pages (on supporting servers) Forces SSL for any page or post (on supporting servers) Turns off file editing from within WordPress admin area Detects and blocks numerous attacks to your filesystem and database Detect iThemes Security monitors your site and reports changes to the filesystem and database that might indicate a compromise. iThemes Security also works to detect bots and other attempts to search vulnerabilities. Detects bots and other attempts to search for vulnerabilities. Monitors filesystem for unauthorized changes. Run a scan for malware and blacklists on the homepage of your site. Receive email notifications when someone gets locked out after too many failed login attempts or when a file on your site has been changed. Obscure iThemes Security hides common WordPress security vulnerabilities, preventing attackers from learning too much about your site and away from sensitive areas like your site’s login, admin, etc. Changes the URLs for WordPress dashboard areas including login, admin and more Completely turns off the ability to login for a given time period (away mode) Removes theme, plugin, and core update notifications from users who do not have permission to update them Removes Windows Live Write header information Removes RSD header information Renames “admin” account Changes the ID on the user with ID 1 Changes the WordPress database table prefix Changes wp-content path Removes login error messages Recover iThemes Security makes regular backups of your WordPress database, allowing you to get back online quickly in the event of an attack. Use iThemes Security to create and email database backups on a customizable schedule. For complete site backups and the ability to restore or move WordPress to a new host or domain, check out BackupBuddy. Other WordPress Security Benefits Makes it easier for users not accustomed to WordPress to remember login and admin URLs by customizing default admin URLs Detects hidden 404 errors on your site that can affect your SEO such as bad links and missing images WordPress Security Tutorials Learn how to use our WordPress security plugin with our series of in-depth tutorial videos: Getting Started Global Settings 404 Detection Away Mode Banned Users Brute Force Protection Compatibility Works on multi-site (network) and single site installations Works with Apache, LiteSpeed or NGINX (Note: NGINX will require you to manually edit your virtual host configuration) Features like database backups and file checks can be problematic on servers without a minimum of 64MB of RAM. All testing servers allocate 128MB to WordPress and usually don’t have any other plugins installed. Translations Spanish by Andrew Kurtis Please let us know if you would like to contribute a translation. Warning Please read the installation instructions and FAQ before installing this WordPress security plugin. iThemes Security makes significant changes to your database and other site files which can be problematic, so a backup is strongly recommended before making any changes to your site with this plugin. While problems are rare, most support requests involve the failure to make a proper backup before installation. License Released under the terms of the GNU General Public License.
WordPress Security Protection: Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam...
WordPress Security Protection: Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam & much more. View Security feature highlights below. View BulletProof Security feature details under the FAQ help section below. Secure your WordPress website even further by adding additional BulletProof Security Bonus Custom Code. See BulletProof Security Bonus Custom Code under the FAQ help section below. Effective, Reliable & Easy to use WordPress Security Plugin. BulletProof Security Feature Highlights One-Click Setup Wizard Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) MScan Malware Scanner .htaccess Website Security Protection (Firewalls) Hidden Plugin Folders|Files Cron (HPF) Login Security & Monitoring JTC-Lite (Limited version of BPS Pro JTC Anti-Spam|Anti-Hacker) Idle Session Logout (ISL) Auth Cookie Expiration (ACE) DB Backup: Full|Partial DB Backups | Manual|Scheduled DB Backups | Email Zip Backups | Cron Delete Old Backups DB Table Prefix Changer Security Logging HTTP Error Logging FrontEnd|BackEnd Maintenance Mode UI Theme Skin Changer (3 Theme Skins) Extensive System Info BulletProof Security Pro Feature Highlights One-Click Setup Wizard Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) AutoRestore Intrusion Detection & Prevention System (ARQ IDPS) Quarantine Intrusion Detection & Prevention System (ARQ IDPS) Real-time File Monitor (IDPS) MScan Malware Scanner DB Monitor Intrusion Detection System (IDS) DB Diff Tool: data comparison tool DB Backup: Full|Partial DB Backups | Manual|Scheduled DB Backups | Email Zip Backups | Cron Delete Old Backups DB Status & Info: extensive database status & info Plugin Firewall (IP Firewall): Automated Whitelisting & IP Address Updating in Real-time JTC Anti-Spam|Anti-Hacker Uploads Folder Anti-Exploit Guard (UAEG) .htaccess Website Security Protection (Firewalls) Hidden Plugin Folders|Files Cron (HPF) Custom php.ini Website Security Login Security & Monitoring w/Dashboard Alerting|Status Display & additional options/features Idle Session Logout (ISL) Auth Cookie Expiration (ACE) F-Lock: Read Only File Locking FrontEnd|BackEnd Maintenance Mode Security Logging HTTP Error Logging PHP Error Logging DB Table Prefix Changer S-Monitor: Monitoring & Alerting Core Pro Tools: 16 mini-plugins Heads Up Dashboard Status Display UI Theme Skin Changer (3 Theme Skins) Extensive System Info View All BulletProof Security Pro Feature Details BulletProof Security Installation and Setup Video Tutorial BulletProof Security Recommended Video Tutorials BulletProof Security Custom Code Video Tutorial BulletProof Security Security Log Video Tutorial Help Info Extensive Help Info can be found on the AIT-pro.com Forum website and by clicking the Read Me Help buttons on BulletProof Security plugin pages. For details about BulletProof Security plugin features and frequently asked questions see the FAQ section below. The BPS plugin Help and FAQ tab pages also contain additional help links.
Firewall, Malware Scanner, Two Factor Auth and Comprehensive Security Features, powered by our 24 hour team. Make security a priority with Wordfence.
|Sucuri Security – Auditing, Malware Scanner and Security Hardening||1.8.8||92||271||2289748|
The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
Sucuri Inc. is a globally recognized authority in all matters related to website security, with specialization in WordPress Security. The Sucuri Security WordPress plugin is free to all WordPress users. It is a security suite meant to complement your existing security posture. It offers its users a set of security features for their website, each designed to have a positive affect on their security posture: Security Activity Auditing File Integrity Monitoring Remote Malware Scanning Blacklist Monitoring Effective Security Hardening Post-Hack Security Actions Security Notifications Website Firewall (premium)
|All In One WP Security & Firewall||184.108.40.206||96||875||8636251|
Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.
|Protection SubCategory (4 plugins)|
|SX User Name Security||2.3.1||80||13||9965|
SX User Name Security prevents WordPress from showing your real Login everywhere. It ovverides the body_class function, User Nicename, Nickname and Di
WordPress show your WordPress login and ID in several places. It’s time to fix this ! WordPress automaticaly uses “User login” to fill in the “User Display Name”. WordPress also allows everyone to use the same value for Nickname, Display Name and Login. The body_class function also shows to everyone your User ID and Login on author pages. A hacker can easily see then use your “NickName” or “Display Name” to find your real login. Once activated, SX User Name Security will prevent WordPress from showing those informations. Features Body_class function : Removes User ID from body_class function (author pages) Removes User Nicename from body_class function (author pages) User informations : The plugin changes “Display Name” and “Nickname” to a random value (like ‘Ticibe T. Aduvoguripe’, ‘Lagubo N. Agigerovibe’ or ‘Datela N. Orejadavino’) if they are equal to user login If not, it changes “Display Name” to “Nickname” or “Nickname” to “Display Name” if one of them is equal to user login New Registration : Display Name and Nickname are changed to random value during user registration. Nicename is also changed (it’s used to generate the user permalink on the front-end). For previous user, a notice has been added to use another plugin to safely change old nicenames. 😉 All functions are translated into french and english. You can find me here on SeoMix, and here is the official french post about this plugin https://www.seomix.fr/user-name-security/
|SAR One Click Security||1.2.2||100||6||5167|
Adds some extra security to your WordPress with only one click.
There’s a lot of WordPress security plugins with many many options and pages to setup. And that is fine if you know what to do. But most of the times, you don’t need so much or simply you’re not sure about what to set or not. This plugin adds some extra security to your WordPress with only one click. No options page, just activate it! Features Like many other security plugins SAR One Click Security adds well known .htaccess rules, but only the ones probed to be safe to use in almost any type of site (including WooCommerce stores), to protect your WordPress from common attacks. This allows you to have a safer WordPress without worries about what protection you should be using. Turn off ServerSignature directive, that may leak information about your web server. Turn off directoy listing, avoiding bad configured hostings to leak your files. Blocks public access (from web) to following files that may leak information about your WordPress install: .htaccess, license.txt, readme.html, wp-config.php, wp-config-sample.php, install.php Blocks access to wp-login.php to dummy bots trying to register in WordPress sites that have registration disabled. Blocks requests looking for timthumb.php, reducing server load caused by bots trying to find it. (*) Blocks TRACE and TRACK request methods, preventing XST attacks. Blocks direct posting to wp-comments-post.php (most spammers do this) and access with blank User Agent, reducing spam comments a lot and also server load. Blocks direct access to PHP files in wp-content directory (this includes subdirectories like plugins or themes). Protecting you from a huge number of 0day exploits. Blocks direct POST to wp-login.php and access with blank User Agent, preventing most brute-force attacks and reducing server load. Blocks access to .txt files under any plugin/theme directory to prevent scans for installed plugins/themes. Blocks any query string trying to get a copy of the wp-config.php file. Blocks gf_page=upload query string argument, this was deprecated in Gravity Forms on May 2015, if your copy of Gravity Forms still uses it, update now! Removes version information from page headers. This includes not only the page header (html or xtml) but also feed headers (rss, rss2, atom, rdf) and opml comments. Only the version number is removed, not the entire generator information. (*) If your theme uses TimThumb, you can disable that blocking rule, check FAQ before installing the plugin to see how. Requirements WordPress 3.9.2 or higher. (Works with WordPress network/multisite installation). Apache 2.2.x or 2.4.x web server It has been tested in many servers including large providers like HostGator, Godaddy and 1&1 with optimal results, and it will work fine in any decent hosting service (that allows you to set options from .htaccess files). Anyway, if you get any problem after activating the plugin, check FAQ for instructions on how to manually uninstall it. Or maybe check it before install the plugin if you’re not sure about your hosting provider policy about .htacces Usage To apply above mentioned security rules simply install and activate the plugin, no options page, no user setup! If you need to remove the security rules for some reason, simply deactivate the plugin. If you want to add them again, activate the plugin again, that easy 😉 And remember, if your theme uses TimThumb, check FAQ before installing the plugin.
|Performance & Security||0.9.1||100||2||2092|
This plugin provides settings to modify WordPress and improve performance and security.
This plugin provides settings to modify WordPress and improve performance and security. General settings Modify excerpt length, the “More” text, and allow excerpts on Pages Change the “Read more” settings, so that the anchors to articles don’t jump Modify custom post types so that they appear in search results and RSS feeds Allow tags on pages and ensure all tags appear in search queries Remove relational links Remove the Windows Live Writer manifest link (wlwmanifest) Remove the RSD link Remove the shortlink Enable HTML5 support for forms, comment lists, images and captions. Enable or disable the Links Manager Disable auto-formatting of content and/or excerpts Performance Enable GZIP on Apache Disable WordPress pings from internal links Remove the version query string on styles and scripts Remove the JetPack plugin devicepx script Disable emoji support and remove emoji styles and scripts Disable jQuery Migrate dependency Disable the Block Editor Library CSS Disable oEmbed support Security Remove the WordPress version string Modify XMLRPC features – disable entirely and/or disable XMLRPC SSL testing Comment modifications: Disable comments Disable comments on media files Disable links in comments Remove the ‘URL’ field from the comments form Hide existing comments Administration Show statistics in the Admin section Change the WordPress greeting, even for non US English installs Remove dashboard widgets Remove menu items Include the “All Settings” menu item Login Change the login page logo Change the login page logo URL Change the login page logo URL title Disable detailed login errors Google Analytics Add the Google Tag Manager tracking code to your site head If you have further suggestions, please contact us via the plugin support page. If this plugin is useful for managing your WordPress settings, please review the plugin. Developed by James Robinson.
|WP Content Security Plugin||2.3||98||14||23133|
GitHub Plugin URI: https://github.com/dylandownhill/WP-Content-Security-Policy-Plugin Block XSS vulnerabilities by adding a Content Security Policy h
|Scanners SubCategory (2 plugins)|
Checks your WordPress installation and provides detailed reporting on discovered vulnerabilities, anything suspicious and how to fix them.
The Total Security plugin is the must-have tool when it comes security of your WordPress installation. The plugin monitors your website for security weaknesses that hackers might exploit and tells you how to easily fix them. Vulnerability Scan Check your site for security vulnerabilities and holes. Numerous installation parameters tests WP options tests Detailed help and description Core Scanner Scan WP core files with one click Quickly identify problematic files Great for removing exploits and fixing accidental file edits/deletes View files source to take a closer look Fix broken WP auto-updates File System Scours your file system by suspicious or potentially malicious files, compressed, log, binary, data, and temporary files. And any unknown file in WP core. Detects unknown file found in WP core => |*any file| Detects suspicious or potentially malicious files => |*.exe|*.com|*.scr|*.bat|*.msi|*.vb|*.cpl| Detects compressed files => |*.zip|*.rar|*.7z|*.gz|*.tar|*.bz2| Detects log, binary, data and temporary files => |*.log|*.dat|*.bin|*.tmp| Error 404 Log Logs 404 (Page Not Found) errors on your site, this also gives the added benefit of helping you find hidden problems causing 404 errors on unseen parts of your site as all errors will be logged. Secure Hidden Login Allows you to create custom URLs for user’s login, logout and admin’s login page, without editing any .htaccess files. Those attempting to gain access to your login form will be automatcally redirected to a customizable URL. Hide “wp-admin” folder. Log Viewer (debug.log) Adds a debug menu to the admin bar that shows real-time debugging information. Best practices on security combined into one plugin! Usage For Vulnerability Scan : Once you click the Execute button all tests will be run. For Core Scanner: Once you click the Execute button all tests will be run. Depending on various parameters of your site this can take from ten seconds to 2-3 minutes. Please don’t reload the page until testing is done. Each test comes with a detailed explanation which you should use to determine whether it affects your site or not. Most test have simple to follow instructions on how to strengthen your site’s security. Color-coded results separate files into categories: * Items in green are fully secured. Good job! * Items in orange are partially secured. Turn on more options to fully secure these areas * Items in red are not secured. You should secure these items immediately A warning to redo the scan will be informed every 15 days of last inspection. Translation Non-English Speaking Users – Contribute a translation using the GlotPress web interface – no technical knowledge required (how to).
|Security Ninja Lite||1.30||100||2||14219|
Check your site for security vulnerabilities with one click on 40+ tests and get info on all security aspects.
Full version of Security Ninja with 40+ tests is now available for FREE on WP.org. Please install it NOW. This lite version is no longer maintained. !!! This lite version is no longer maintained !!! Visit Security Ninja’s homepage for more details, FAQ and documentation. perform numerous security tests with one click check your site for security vulnerabilities and holes take preventive measures against attacks don’t let script kiddies hack your site prevent 0-day exploit attacks more tests coming with each update Upgrade Security Ninja to get more than 36 tests, detailed test description, code snippets for fixes and dedicated support.
|Monitors SubCategory (1 plugins)|
|WP Security Audit Log||3.4.1||94||235||1429988|
Requires PHP: 5.5 The #1 user-rated activity log plugin. Keep a comprehensive log of the changes that happen on your site with this easy to use plugi
THE MOST COMPREHENSIVE & EASY TO USE WORDPRESS ACTIVITY LOG PLUGIN Keep an activity log of everything that happens on your WordPress and WordPress multisite with the WP Security Audit Log plugin to: Ensure user productivity Ease troubleshooting Know exactly what all your users are doing Better manage & organize your WordPress site Easily spot suspicious behavior before there are security problems. WP Security Audit Log is the most comprehensive real time user activity and monitoring log plugin. It helps thousands of WordPress administrators and security professionals keep an eye on what is happening on their websites. It is also the most highly rated WordPress activity log plugin and have been featured on popular sites such as GoDaddy, ManageWP, Pagely, Shout Me Loud and WPKube. Note: All WrodPress logging functionality is FREE. Features such as reports, email notifications & search are available in the Premium Edition. WordPress Changes & Details the Plugin Keeps a Log Of As a comprehensive & complete WordPress activity log solution WP Security Audit Log does not just tell you that a post, a user profile, or an object was updated. It keeps a log of what was changed within the post, profile or object. Below is a summary of the changes that the plugin can keep a record of: Post, Page and Custom Post Type changes such as status, content changes, title, URL, date and custom field changes Tags and Categories changes such as creating, modifying or deleting them, and adding or removing them from posts Widgets and Menus changes such as creating, modifying or deleting them User changes such as user created or registered, deleted or added to a site on multisite network User profile changes such as password, email, display name and role changes User activity such as login, logout, failed logins and terminating other sessions WordPress core and settings changes such as installed updates, permalinks, default role, URL and other site-wide changes WordPress multisite network changes such as adding, deleting or archiving sites, adding or removing users from sites etc (activity logs for multisite networks). Plugins and Themes changes such as installing, activating, deactivating, uninstalling and updating them WordPress database changes such as when a plugin adds or removes a table Changes on WooCommerce Stores & Products, Yoast SEO, Advanced Custom Fields (ACF), MainWP and other popular WordPress plugins. WordPress site file changes such as new files are added, or existing ones are modified or deleted. For every event that the plugin keeps a log of it also reports the: Date & time (and milliseconds) of when it happened, User & role of the user who did the change, Source IP address from where the change happened. Refer to WordPress Activity Log Events for a complete list of all the changes the WP Security Audit Log can keep a record of. Extend the Functionality of the WP Security Audit Log Plugin Upgrade to WP Security Audit Log Premium to: See who is logged, See what everyone is doing in real time, Log off any user with just a click, Generate HTML and CSV reports, Export the activity log in CSV (ideal for integrations), Get notified via email of important changes, Get instant SMS message notifications of critical site changes, Search the activity log using text-based searches, Use built-in filters to fine tune the searches, Store activity log in an external database to improve security, Mirror the WordPress activity logs to Slack, Papertrail, Syslog and other central log management and collaboration solutions, Configure archiving and mirroring of logs. See our premium features page for more detailed information. Free and Premium Support Support for the WP Security Audit Log plugin on the WordPress forums is free. Premium world-class support is available via email to all WP Security Audit Log Premium customers. Note: paid customers support is always given priority over free support. Paid customers support is provided via one-to-one email and over the phone. Upgrade to Premium to benefit from priority support. Other Noteworthy Features WP Security Audit Log plugin also has a number of features that make WordPress and WordPress multisite monitoring and auditing easier, such as: Built-in support for reverse proxies and web application firewalls Full WordPress multisite support Easily create your custom alerts to monitor additional functionality Developer tools including the logging of all HTTP GET and POST requests Integration with WhatIsMyIpAddress.com so you can get all information about an IP address with just a mouse click Limit who can view the WordPress activity log by either users or roles Limit who can manage the plugin by either users or roles Configurable WordPress dashboard widget highlighting the most recent critical activity Configurable WordPress security audit trail data retention User avatar is shown in the alerts for better recognizability Enable or disable any security alerts and much more… Refer to the WordPress activity log plugin datasheet for a complete list of features. As Featured On: GoDaddy Kinsta Pagely Shout Me Loud The Dev Couple WPKube WPLift WP SmackDown SourceWP Techwibe KevinMuldoon.com Cloudways Collective Ray MyWPExpert BlogVault Firewall.cx Design Wall Tidy Repo Monster Post The Darknet WebEmpresa KitPloit EHacking WordPress Security Audit Log in your Language! We need help translating the plugin and the WordPress Security Alerts. Please visit the WordPress Translate Project to translate the plugin and drop us an email on firstname.lastname@example.org to get mentioned in the list of translators below. Italian translation by Leonardo Musumeci Brazilian Portuguese by Hudson Santos German translation by Mourad Louha Brazilian Portuguese translation by Hudson Santos Spanish translation by the WP Body team French translations by Denis Moscato Activity Log Extensions Activity Log for MainWP: This extension allows you to keep a log of MainWP network changes and to view the activity logs of all child sites from one central location – the MainWP dashboard. Related Links and Documentation What is a WordPress Activity Log? List of WordPress Activity Log events WordPress Multisite Features WP Security Audit Log and Reverse Proxy and WAFs Support WP Security Audit Log Database Documentation Official WP Security Audit Log Plugin Website Activity logs for MainWP Install WP Security Audit Log from within WordPress Visit ‘Plugins > Add New’ Search for ‘WP Security Audit Log’ Install and activate the WP Security Audit Log plugin Allow or skip diagnostic tracking Install WP Security Audit Log manually Upload the wp-security-audit-log directory to the /wp-content/plugins/ directory Activate the WP Security Audit Log plugin from the ‘Plugins’ menu in WordPress Allow or skip diagnostic tracking
|Unsorted Plugins (36 plugins)|
|WP Security Coat||1.0.0||100||2||408|
A security plugin mearnt to relieve you from your security issues in your wordpress website, built to prevent server , php/mysql and wordpress based attacks . Plugin Features Disallow indexing of ser...
ver files Block fake bots Hide worpdress version Remove RSD links and feeds Disable XML-RPC brute Force Attack Disable XML RPC pingback fro DDOS Attacks Disable Login Error Messages Disable WP Rest API Protection From Content Injection Attack Filter suspicious Query String and Non English Character Preventing From Sql Injection Protect Website From ClicK Jacking Attack enable Browser Blocking of cross site Site Scripting Prevent Content From Content Sniffing Block certain HTTP Methods not being used with the website Block Post Method from HTTP 1.0 and HTTP 0.9
|smart User Slug Hider||1.2||100||10||2464|
Requires PHP: 5.4 Hide usernames in Author Pages URLs to enhance Security
This Plugin replaces user names with 16 digits coded strings. See also Plugin Homepage For author page URLs WordPress uses the pattern example.com/author/name where 'name' represents the users login name. This means that the login names from all your users are publicly visible. This is the already half of the infomations needed to log in... The smart User Slug Hider Plugin changes all author page URLs from e.g. example.com/author/admin to something like example.com/author/e9e716def73f76ac. The codes are generated automatically and its impossible to make conclusions about the user names. The WordPress default URLs (like example.com/author/admin) will cause a 404 (not found) error. The plugin does not make any changes to your database. Deactivating the Plugin restores the default WordPress behavior. There are no settings and no need to change anything. Shortcodes The plugin adds three shortcodes you can use in your posts: [smart_user_slug] the user slug of the post author - e.g. e9e716def73f76ac [smart_user_url] the url of the post author's profile page - e.g. example.com/author/e9e716def73f76ac [smart_user_link] adds a link to the post author's profile page Theme Functions The plugin adds two functions that can be used in theme files: get_smart_user_slug( $author_id ) to get the user slug for the author - the parameter $author_id is optional, if omitted the author's ID of the current post is used the_smart_user_slug( $author_id ) to display the user slug for the author - the parameter $author_id is optional, if omitted the author's ID of the current post is used Do you like the smart User Slug Hider Plugin? Thanks, I appreciate that. You don't need to make a donation. No money, no beer, no coffee. Please, just tell the world that you like what I'm doing! And that's all. More plugins from Peter 404page - Define any of your WordPress pages as 404 error page hashtagger - Tag your posts by using #hashtags smart Custom Display Name - Set your Display Name to anything you like See all
This plugin allows to set some security improvements to your WordPress site. Blocking attempts of scan from WPScan and other similar tools. A few methods you want prevent to scan: Disable robots.txt ...
Disable detect User Agent Disable XML-RPC Remove generator info Prevent advanced fingerprinting Remove version number Stop plugin enumeration Prevent username enumeration Prevent wpconfig enumeration
This plugin adds a comprehensive suite of security measures to WordPress.
This plugin adds a comprehensive suite of security measures to WordPress. Simply install, activate, and rest assured that your site is now protected against most common attacks. We attempted to create the “Goldilocks” of WordPress security by finding a happy medium between the really complicated plugins that seem to slow down your site and often break functionality because they are too restrictive, and the piece-meal ones that only address one or two vulnerabilities at a time. The following areas of security weakness are addressed: XML RPC Protection – stops unauthorized content injection. Author Scanning Prevention – prevents revealing of user login names. Malicious Script Blocking – stops execution of scripts in specific vulnerable directories. Comment Spam Prevention – adds a CAPTCHA to the comment form. User Login Protection – includes automatic timed failed login attempt lockouts and CAPTCHA for login page. Automatic IP Ban – bans IP’s from the entire site based on number of failed login attempts. IP Blacklist – allows adding known bad IP’s and bans them from the entire site. IP Whitelist – allows adding known good IP’s. This plugin also provides a log of all login attempts including geographical IP data. Temporarily locked IP’s can be unlocked by the administrator. Permanently banned IP’s can be un-banned by the administrator. CAUTION: Do not use this plugin with other security plugins to avoid conflicts and other site issues. Use only one active security suite at a time. Support email@example.com
|Secure Blocks for Gutenberg||1.4.3||74||3||1005|
Secure your content in the editor by user role with Secure Blocks for Gutenberg
Secure your content in the editor by user role with Secure Blocks for Gutenberg. Using Secure Blocks you can add any Gutenberg block inside a secure block, have it render only to logged in users, or lock it down to a user role of your choosing. Secure Blocks also provides an additional area that can display blocks to users that do not have permission to view the content. For more information read the Secure Blocks introductory blog post, or view the video: The plugin provides the following functionality: Display content only to logged-users Display alternative content to logged-out users Display content to users within certain user roles Display alternative content to users not in those user roles Roadmap Features coming soon to aid with securing sites: Login Block Register Block Password Reset Block Restrict entire pages / posts, not just inline content
|WP Common security Checklist||1.0.8||100||2||921|
WP Common Security Checklist enables you to quickly and easily to solve most common security issues on WordPress Websites
WP Common Security Checklist enables you to quickly and easily to solve most common security issues on WordPress Websites Supported Features: Disable Generator meta tag that exposes WordPress Version Hide admin URL (Change default login url) Disable Editing in Dashboard (Theme Editor) Change default admin username Disable PHP execution in specifics directories (/wp-content/uploads and /wp-includes/) Protect Sensitive Files (Deny web access to wp-config, error_log, htaccess) Enables you to make backups of wp-config.php file Limit Login attempts Add CAPTCHA on login form Add CAPTCHA on comment form Read more: http://blog.luisfred.com.br/como-manter-o-meu-wordpress-mais-seguro/
|Log cleaner for iThemes Security||1.2||100||10||5416|
Restores the ability to manually delete iThemes Security logs from the database.
In early 2018, iThemes removed the ability to manually delete the database logs (see this thread). This plugin gives you that control back. Support Log cleaner for iThemes Security Support at the official WordPress repository. How to use Go to Tools -> ITSec Log Cleaner Select which logs to delete (or select ‘All’) Hit the Clear logs button Get on with the rest of your day (optional) Note: This plugin comes with no warranty of any kind. Uninstall Deactivate the plugin, delete if desired.
To block users from admin side except admin users for specific day,time, and date or permanently.
User Blocker plugin provide the ability to admin to block or unblock user accounts quickly and effortlessly. User can be blocked by Roll or username for specific day & time OR date range Or permanently. When someone tries to log in, and if that user blocked then a friendly error message is displayed on the login screen. You can unblock accounts at any time you want. Also admin can view blocked user list and quickly search user and unblock account if require. User Blocker Plugin Features Block user by time (FROM-time to TO-time) for certain week days Block user by date (FROM-date to TO-date) Block user Permanently Unblock user any time Block user by UserName OR by Role Customizable message for each blocked User OR Blocked Role View blocked user list By Time, By Date and Permanently blocked users. Easy to search any blocked user by username/ email / First name to view blocking status and modify or remove blocking Technical Support You have any suggestion with User Blocker plugin or you found a bug, please contact us at support.solwininfotech.com. Permissions: Only administrators are allowed to use this system. People with lower access levels are neither shown the new bulk actions, nor are they allowed to change the status of accounts. Important: Plugin does not deactivate any Admin users.
|WP Security Optimizer||1.5.15||86||7||3952|
Donate link: https://paypal.me/lucaercoliit/5 Protect your site from vulnerability scanner and hackers
Prevent hackers to sabotage your rankings in search engines. Elude attackers that exploits your website and fight Negative SEO attacks made using WPScan and other vulnerability scanner. An inspection engine monitors the traffic between clients and your Website, enhancing the security of your WordPress installation. WP Security Optimizer prevents wp-login brute force attacks by monitoring invalid login attempts, block dDoS attack via pingbacks, XMLRPC attack and is able to elude vulnerability scanners; Specially designed for WPScan where it’s able to induce false-positives and generate an unreadable report full of thousand wrong data. File Integrity Check (FIC) functionality will notify the administrative user about corrupted and infected PHP files stored into “wp-admin”, “wp-includes” and “uploads” folders. Analyzing the User-Agent field in the HTTP request headers, disallow access on your Website to the most widespread penetration test and security assessment applications, including: OpenVAS, Nikto, sqlmap, commix, skipfish, whatweb and WPScan. Useful for finding files that are actually used by developers (such of backup of WordPress’s configuration), page accessible but unlinked and README files that expose version number and reveal potential vulnerabilities. WP Security Optimizer is able to recognize common probing patterns used to look for vulnerabilities in WordPress, sending security notifications to the email address of blog administrator. The one thing you should do is activate it using the built-in plugin manager of WordPress. WP Security Optimizer does not require any configuration. Just install it! From within WordPress Login to your weblog Go to Plugins Select Add New Search for ‘WP Security Optimizer’ Select Install Now Activate WP Security Optimizer from your Plugins page. Manually Download and unzip the plugin Upload the entire “wp-security-optimizer” directory to the /wp-content/plugins/ directory Activate the plugin through the Plugins menu in WordPress
|Formula04 Site Lock||1.0||100||3||2055|
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=verbiphone%40gmail%2ecom Put a sitewide password on your site. Users
Very simple plug that allows you to put a password-protect the front end of your site. You can also white list pages so that they are still accessible without entering the site password. You can also set any page you want to be the \"enter your password\" screen. This is supposed to be a super simple plug, let me know if you want any features added.
Gauntlet Security can find opportunities for improving the security of your site. It checks many aspects of the site’s configuration including file permissions, server software, PHP, database, p...
lugins, themes, and user accounts. The plugin will give each check a pass, warning, or fail and explain in clear language how you can fix the issue. How you ultimately choose to patch these issues is up to you but whatever method you use, this plugin should always provide an accurate report. It does not make changes to your database or to any of your files and it should be compatible with all other security plugins. Checks and recommendations include: Set correct file and directory permissions Turn off directory indexing Prevent code execution in the uploads directory Block files in the includes directory Prevent access to stray files which could be useful to attackers Keep PHP up-to-date Disable dangerous PHP functions Disable allow_url_include and allow_url_fopen PHP flags Turn off the display of PHP errors Don’t advertise the PHP version you are running Use a strong database password Change the default database table prefix Keep WordPress up-to-date Turn off file editing in the control panel Set security keys in WP-Config file Don’t advertise the WordPress version you are running Turn off self-registration Force SSL when accessing the admin area Review the development activity and reputation of all plugins Remove unused themes from the server Rename the plugin directory Move the active theme to an alternate location Do not use TimThumb Do not use common user names (such as “admin”) Do not use weak passwords Do not have a user with an ID = 1 Minimize the number of admin users Users should not display their login usernames publicly Prevent username enumeration through standard author URLs …more tests planned Check the screenshots for more detail on some of the above features. Many of these security checks are based on recommendations from the WordPress codex: https://codex.wordpress.org/Hardening_WordPress. Disclaimer Some of the tips included in this plugin only require making small changes to configuration files (.htaccess, php.ini, wp-config.php, functions.php). Others require more in-depth changes to the filesystem or database. Before attempting any of these fixes, you should be comfortable experimenting and know how to undo any change you make. That includes making backups and knowing how restore your site from those backups. I can’t guarantee that the recommendations or sample code provided in this plugin will not break your site or that they will prevent it from being hacked. Requirements Apache web server WordPress 3.4 minimum PHP 5.2.7 minimum
|WP User Access Notification (by SiteGuarding.com)||2.1||74||3||2396|
Plugin sends notifications by email after successful and failed login actions with detailed information about the user and his location.
This plugin is very useful as for administrators of WordPress websites and for the users. It sends notifications about successful and failed login actions. If someone wants to hack or bruteforce the passwords of your users or administrator password, you will get full information about the attacker. It will show you IP address, Browser and Location (city and country) of the hacker. If hacker is lucky and he got your password, you will get notification about it. What you need to do, just change the password. Without this plugin hackers can use your accounts for a long time and you will not know about it. Doesn’t allow to the hackers to use your accounts and passwords. Main features: Easy to install, easy to use. Does not require extra configuration. Catches successful and failed login actions. Sends notifications to the administrator by email or by Telegram Messenger to your mobile. Shows Date/Time of access action, Browser, IP address, Location (City, Country). Please note this plugin uses 3rd party service http://api.ipinfodb.com (IP geolocation API)
|Content Security Policy Pro||1.3.5||100||2||1648|
The idea is quite simple: By sending a CSP header from a website, you are telling the browser what it is authorized to execute and what it is authorized to block. And by doing this, Content Security P...
olicy helps block the XSS vulnerabilities. CSP allows a host to specify a whitelist of approved sources that a browser can load content from and is an effective countermeasure for XSS attacks. Content Security Policy is delivered via a HTTP response header, much like HSTS, and defines approved sources of content that the browser may load. It can be an effective countermeasure to Cross Site Scripting (XSS) attacks and is also widely supported and usually easily deployed. CSP Directives * default-src: Define loading policy for all resources type in case of a resource type dedicated directive is not defined (fallback), * script-src: Define which scripts the protected resource can execute, * object-src: Define from where the protected resource can load plugins, * style-src: Define which styles (CSS) the user applies to the protected resource, * img-src: Define from where the protected resource can load images, * media-src: Define from where the protected resource can load video and audio, * frame-src: Define from where the protected resource can embed frames, * font-src: Define from where the protected resource can load fonts, * connect-src: Define which URIs the protected resource can load using script interfaces, * form-action: Define which URIs can be used as the action of HTML form elements, * sandbox: Specifies an HTML sandbox policy that the user agent applies to the protected resource, * script-nonce: Define script execution by requiring the presence of the specified nonce on script elements, * plugin-types: Define the set of plugins that can be invoked by the protected resource by limiting the types of resources that can be embedded, * reflected-xss: Instructs a user agent to activate or deactivate any heuristics used to filter or block reflected cross-site scripting attacks, equivalent to the effects of the non-standard X-XSS-Protection header, * report-uri: Specifies a URI to which the user agent sends reports about policy violation Written By This plugin was written by Laxman Thapa, Web Developer.
|RapID Secure Login||2.0.12||100||3||2592|
RapID Secure Login (RapID-SL) is a simple and convenient authentication plugin.
RapID Secure Login (RapID-SL) is a simple and convenient authentication replacement for Clef. Enjoy hassle-free and secure user login to WordPress websites and blogs. RapID-SL combines simplicity with a great user experience, removing the need for vulnerable and inconvenient usernames and passwords. Benefits 2FA with unrivalled ease of use. Up and running in a couple of minutes. A great alternative to Clef, with the added advantage of not relying on an external authentication service. Doesn’t rely on vulnerable and clumsy SMS one-time passwords. Use a second phone or tablet as a backup. Simple “scan and fingerprint” interface – no need to type anything. Fast sign-up to blogs and websites. Features Easy log-in with your phone: simply scan a QR code using your phone, then provide a fingerprint or PIN – never need complex personal details or passwords again. Enterprise-grade cybersecurity technology, using 2048-bit cryptography, trusted by governments and corporations worldwide. Direct mobile browser login too – simply tap the on screen QR code for a prompt. Easy install: no coding or special knowledge required. Customized logon screens supported via simple WordPress “shortcodes”. Automatic login to multiple sites from multiple devices. Download on Google Play Download on iTunes Service Platform Requirements Minimum WordPress version: 4.5 Minimum PHP version: 5.2.4 Minimum OpenSSL version: 1.0.2
Easy generate and distribute secure links for file downloads, that can expire, and track every download.
Secure Downloads plugin generate secure download links for protected files and can send emails to your clients for downloading. Links can expire after a predefined time and you can set IP lock for specific download. Download links does not show real location of files at your server. You can track every download of files by receiving email about file download with detailed info about download. Plugin Homepage | Support FEATURES Securely distribute your files and track every download. Upload your files via familiar WP interface. Define Title, Description and Version Number at “Attachment details” for your protected files All uploaded files stored inside protected, secure folder, which does not accessible for website visitors. Generate secure links to your protected files, which does not show real location of file. Links can expire after specific time. Links can be locked to specific IP or IP mask (network). Configure email template with different parameters. Send emails to your customers with secure links for download your protected files. Monitor downloading of each files, by receiving email notification about file download with detailed info about download. Fast configure your protected files via CSV form. Useful for saving or editing list of files in one form. Easy reorder list of files via drag and drop interface. Configure URLs for pages with warning, like “link expired notice”. Mobile friendly. SECURE DOWNLOADS IS GREAT FOR Distribute you files after purchase Delivery updates of your products to your customers
Security Safe is a free wp security plugin. Features: Firewall With Logs and Charts Disable XML-RPC.php Hide WordPress CMS Version Hide Script Versions Make Website Anonymous During Updates Enable Au...
tomatic Core, Plugin, and Theme Updates Disable Editing Theme Files Audit & Fix File Permission Audit Hosting Software Versions Login Security Brute Force Protection Content Copyright Protection 404 Error Logging Turn On/Off All Security Policies Easily
Change default login to a custom branded URL you define to prevent spam login, bot registration, and brute-force with protection of Google reCAPTCHA.
Secure AXS changes default WordPress login URL to the url you define from settings page to prevent brute force attacks, spam logins, and bot or automated registrations. The plugin blocks access to default login url, generates a custom branded login panel (Which you can change colors and images), without creating a custom page on your website. Additionally, the plugin offers the ultimate protection with the integration of latest and most sophisticated version of Google reCAPTCHA, where it’s required on login and sign up. Plugin Features Define new login url easily from settings page. Protect against spam login, bot registration or signup, with the integration of Google reCaptcha. Secure AXS is compatible with any permalink setup including the default. Choose to allow users with the role “Editor” to access plugin settings. Fully branded login page with colors and login logo of your choice. Plugin doesn’t create new pages on your website for displaying the new login panel. Plugin is compatible with other major security & cache plugins. IMPORTANT You MUST save your free Google reCAPTCHA API keys to the plugin settings to activate reCAPTCHA protection for the plugin to work properly, you can obtain your free key from https://www.google.com/recaptcha/admin. A brief Markdown Example Define url easily from settings page, it’s compatible with any permalink setup. Choose to allow users with the role ‘Editors’ to access plugin settings. Fully branded login page with colors and login logo of your choice. Plugin doesn’t create new pages on your website for displaying the new login panel. Plugin is compatible with other major security & cache plugins.
|Security & Firewall – MalCare Security||1.88||96||36||50303|
Get Bulletproof Security for your WordPress site. WordPress security plugin packed with comprehensive Firewall, malware scanner, cleaner & more.
Instant WordPress Malware Removal at 25% of the Industry Cost. Detects Complex Malware Others Plugins Frequently Miss Check out more MalCare customer testimonials from here. With it’s smart “Cloud Scan”, MalCare’s malware scanner will never impact your website performance nor overload your server. Ever. Clean your malware in less than 60 seconds. Our safe malware removal technology ensures that your website never breaks. MalCare comes with an inbuilt smart and powerful Firewall for real-time protection from Hackers and bots. It is the simplest WordPress Security plugin that doesn’t need any technical knowledge. You can get set and ready in just 50 secs. The brands you trust, trust MalCare to keep them safe. MalCare is trusted by Intel, Dolby True HD, CodeinWP, Site Care, WP Curve, Valet, among others. It is a perfect security solution for developer and agencies as it comes with all the tools you need to manage multiple websites from Website Management, White Label Solution, and Custom & Scheduled Reporting. Learn more about MalCare from here. MalCare in Numbers 200,000+ Sites Scanned and counting 250,000+ Successful Malware Removals 330GB Largest site Scanned 10,000+ Web hosts Compatibility Five Star Support Benefits of Using MalCare as Your Go-to Security Solution 1. Scanner That NEVER Slows Down Your Website No Server Overload. Ever. Scan website for vulnerabilities Consistent Scanning Practices Early Malware Detection 2. Fix a Hacked Website in less than 60 Seconds Fully Automated Malware Removal Unlimited Cleanups at No Additional Cost Cleans Complex Unknown Malware Support Always on Your Side 3. Real-time Protection from our Smart Firewall CAPTCHA-based Login Protection IP Blocking on a Global Level 4. Inbuilt WordPress Website Hardening Disable File Editor Protect Uploads Folder Change Security Keys Disallow Plugins 5. Single, Site Management Dashboard Perform WordPress Core, Theme, Plugin Updates Invite Team Members for Efficient Collaboration Exclusive White-label Solution to Grow Revenues Beautiful and Comprehensive Client Reporting 6. MalCare is a “Service,” Not just a Security Plugin Always Improving & Adding Features Unlike Plugins Our Support Has Your Back, Always Independent Dashboard Offers 24X7 Access to Backups Why Choose MalCare Security Services? Set up & Running in Just 60 Secs – Get started in no time. Log in. Auto-Install. And that’s it! Unlimited Scan and Cleanup – With MalCare Security Service, clean-up is automatic and at the click of a button, with no downtime. Detects Malware Missed by Other Plugins – Our proprietary algorithm identifies even the most complex malware and security hacks, without any false-positives. No Technical Knowledge Needed – Automated workflows that ensure everything you need is only a click away. Personal Support for Everyone – Agile & Responsive Customer Support that caters to Everyone. Difference Between Free & Paid MalCare Security Service? MalCare Security Service has a free version and a premium version. We’ll scan your site with our Scanner and protect your website with our Firewall in the free MalCare version. The paid version includes Cleaning a Hacked Site, Website Hardening, Website Management, White-Labeling, Client Reporting, and taking Regular Backups. Kindly take a look at our security feature pages for more details. To learn more, please take a look at MalCare free vs premium page.
|Easy Email Subscription||1.1||60||2||2818|
Easy Email Subscription form with secured captcha.
This Plugin allows widget drag n drop form with captcha to display in sidebars.You can also use shortcode to display form anywhere in the template or pages or post.
Dessky Security is the ultralight plugin for basic Security Hardening. It is specially designed not to drain any resources from your website. Once you enable all major security measures your input is no longer required. Features include upload directory restriction, disabling of plugin/theme editor, admin username check and more. This plugin was developed by Dessky. Premium Support Unfortunately Dessky team does not provide support for the Dessky Security on the WordPress.org forums. In order to get support from a Dessky Team you will have to purchase it here. Bug Reports Bug reports for the Dessky Security plugin are welcomed on WordPress.org Forums. Dessky Team will respond only to the posts that are properly qualified as bugs and fix them as soon as possible. Credits: Dessky Security is based on the ‘Sucuri WordPress Security’ plugin developed by Daniel Cid.
|User Activity Log||1.2.7||88||10||14394|
Log all activity of users and get notified when user login to admin area.
Do your site have many users for various admin side activity? Do you stuck with issue to track user activity on your website admin side? do you want to secure your site by tracking log of all user activity ? do you want to get notified when particular user logged in ? Just relax, Now with the help of "User Activity Log" Plugin you can track all users activity on your website. As of this moment, the plugin logs data when anyone do following activity: WordPress - Core Updates Posts - Created, Updated, Deleted Pages - Created, Updated, Deleted Custom Post Type Posts- Created, Updated, Deleted Tags - Created, Edited, Deleted Categories - Created, Edited, Deleted Taxonomies terms - Created, Edited, Deleted Comments - Created, Approved, Unproved, Trashed, Untrashed, Spammed, Unspammed, Deleted Media - Uploaded, Edited, Deleted Users - Login, Logout, Login has failed, Update profile, Registered and Delete Plugins -Activated, Deactivated Themes - Installed, Updated, Deleted, Activated Widgets - Added to a sidebar / Deleted from a sidebar, Order widgets Menus - A menu is being Created, Updated, Deleted Export - User download export file from the site Plugins supported - bbpress Translation Ready - .pot file attached Additional features for security: Admin will be notified via email when selected user logged in. Admin will be notified via email when selected role's any user logged in. User Activity Log Pro Features: Pro version overcome your limitations with lite version of user activity log. User Activity Log PRO Plugin Features All lite version features with detail logs Hook Settings - Can modify what will be in track list instead of all logs Sorting options - To view log data in ascending or descending order Password security - Only authorized user can delete log Favorite/Unfavorite log to store log separately Export Log - Export log anytime in CSV format for future usage Detail Logs - View log in details to compare old and new changes Delete Logs - Single & Multi delete log option Custom Event Log - To add your own theme/plugin hook support Plugins supported - bbpress, WooCommerce, Contact Form 7 and more coming soon.. Detailed Documentation - From which steps you need to start For whom User Activity Log Pro is useful ? Most needed for Website Owner Product Manager, Site In-charge or Site Manager, Team Leader, Developers IT companies to track multiple developers behavior IT Consultants, Freelancers Buy User Activity Log Pro on Codecanyon : https://codecanyon.net/item/user-activity-log-pro-for-wordpress/18201203?ref=solwin Documentation: User Activity Log Documentation Link Warning The purpose of this plugin is to keep track of all activity with in your WordPress area. we have performed testing with various cases to make sure plugins works very well, but you should make sure you have a backup of your database, before installing plugin. Compatibility Currently I am not aware of any compatibility issues with any other WordPress plugins. (NOTE: Please have a back of your database before installing plugin) Support If you find any issue please ask questions on support forum and we will try to solve issue. We're active for any support issues. So hope you will love it. Disclaimer This plugin is released under the GPL licence. We do not accept any responsibility for any damages or losses, direct or indirect, that may arise from using the plugin or these instructions. This software is provided as is, with absolutely no warranty. Please refer to the full version of the GPL license for more information.
XO Security is a plugin to enhance login related security.
XO Security is a plugin to enhance login related security. This plugin does not write to .htaccess file. Nginx also works. Functions Record login log. Limit login attempts. Login Alert. Add Captcha to the login form and comment form. Change the URL of the login page. (WordPress multisite subdomain type is not supported). Disable login by mail address. Change login error message. Disable XML-RPC and XML-RPC Pingback. Disable REST API. Change REST API URL prefix. Disable author archive page. Remove comment author class of comments list. WordPress multisite support.
|HTTP headers to improve web site security||2.5||100||8||14825|
Donate link: https://www.paypal.me/conradcarl Use your HTTP header to improve security of your web site
This plug-in helps setting up the various header instructions included in the HTTP protocol allowing for simple improvement of your website security. This plug-in provides enabling of the following measures: HSTS (Strict-Transport-Security) CSP (Content-Security-Policy) Clickjacking mitigation (X-Frame-Options in main site) XSS protection (X-XSS-Protection) Disabling content sniffing (X-Content-Type-Options) Referrer policy Expect-CT Remove PHP version information from the HTTP header Remove WordPress version information from the header securityheaders.com is a useful resource for evaluating your web site’s security. As usual, make sure to understand the meaning of these options and to run full tests on your web site as some options may result in some features stop working.
|Defender Security, Monitoring, and Hack Protection||2.1.2||98||49||106350|
Requires PHP: 7.4 WordPress security plugin with malware scanner, IP blocking, audit logs, antivirus scans, activity logs, firewall, 2FA, brute forc
Defender is layered security for WordPress made easy. And by easy, we mean amazingly easy! No longer do you have to go through hideously complex settings and get a virtual PhD in security. Defender adds all the hardening and security tweaks you need, in minutes. 🙂 Security Tweaks Defender starts with a list of one-click hardening techniques that will instantly add layers of protection to your site. Block hackers at every level: Disable trackbacks and pingbacks – safety first Core and server update recommendations – stay on top of your systems Change default database prefix – they won’t find this Disable file editor – if they get in, they won’t get far Hide error reporting – don’t reveal your issues Update security keys – ultimate security reset Prevent information disclosure – why tell them what you have Prevent PHP execution – because it’s daaaangerous File Scans Run free scans that check WordPress for suspicious code. The Defender scan tool compares your WordPress install with the directory, reports changes and lets you restore the original file with a click. Google 2-step Verification Now you can easily join the millions of users that make their accounts safer with Google 2-Step Verification. Activate and protect your account with both your password and your phone. IP Blacklist Keep your site safe with Defender’s simple IP manager. Manually block specific IPs, import a list of banned IPs and set automated timed and permanent lockouts. Defender makes it easy to quickly block and unblock specific locations. ★★★★★ “I found other pro security plugins a bit too fiddly for my taste…I’m delighted with Defender” – KeithADV ★★★★★ “Thank you for bringing back a free and easy to use 2-Factor Authentication after Clef! Defender helps keep me aware of my sites security.” – awijasa ★★★★★ “Defender’s interface is very intuitive with warnings that are very helpful” – djohns ★★★★★ “Defender Recently blocked over 3000 attacks in one week without any noticeable impact on the website. WPMUDEV knocking it out of the park on this one.” – David Oswald Login Protection Brute force attacks are no match for Defender. Limit login attempts to stop users trying to guess passwords. Permanently ban IPs or trigger a timed lockout after a set number of failed login attempts. Login Screen Masking Defender makes it easy to move your login screen to a custom URL. Not only does login screen masking improve security, it lets you white label your login user experience and improves branding. 404 Limiter Defender detects when bots are being used to scan your site for vulnerabilities and shuts them down. The 404 limiter lets you stop the scan by detecting when a user keeps visiting pages that do not exist. Notifications and Reports Defender runs surveillance and sends notifications with information that matters. Features Available in Defender Include: Google 2-Step Verification One-click site hardening and security tweaking WordPress core file scanning and repair Login Screen Masking IP Blacklist manager and logging Unlimited file scans Timed Lockout brute force attack shield for login protection 404 limiter for blocking vulnerability scans IP lockout notifications and reports Defender can take care of all your security needs, for free! However, if you’d like extra scanning, audits and monitoring, you can always take the next step with Defender Pro. About Us WPMU DEV is a premium supplier of quality WordPress plugins and themes. For premium support with any WordPress related issues you can join us here: https://premium.wpmudev.org/ Don’t forget to stay up to date on everything WordPress from the Internet’s number one resource: WPMU DEV Blog Hey, one more thing… we hope you enjoy our free offerings as much as we’ve loved making them for you!
|Security & Malware scan by CleanTalk||2.32.2||94||53||115298|
Security, FireWall, Malware auto scan by CleanTalk, online security. Security plugin.
|Security, Antivirus, Firewall – S.A.F||2.3.5||94||15||34141|
Security plugin to protect website with firewall and antivirus scanner, brute force security monitor, life system security monitor
Security, Antivirus, Firewall – S.A.F. Security plugin of the website it’s key to your safety and calmness. Protect your website from hackers attacks and spammers. Powerful tools with smart algorithms, simple interface and very effective action protect files on your server from any kind of malwares and vulnerabilities themes and plugin. S.A.F. plugin work in background to protect your entire website and every single part of your website. S.A.F. scan all plugins, themes and core files in background as result you get full reports and detailed logs. S.A.F. notfiy you multiply ways all security threats and attacks attempts. S.A.F. most powerfull security tool for wordpress with multi site functionality support. Scan files system, healing infected files, protect your website from brute force attacks it’s a main goals of S.A.F. Security, Antivirus, Firewall – S.A.F. Modules Live System Monitor (System Log) Antivirus Cloud Antivirus Monitor Security Email Report Firewall (Network Monitor) Brute Force Monitor 404 Detector Easy Password Google Captcha Auto Update Cron Scheduler WordPress info Security, Antivirus, Firewall – S.A.F. Features Brute force security protection Antivirus files security scanner Cloud antivirus security module Protect website from spammers Protect backend from attacks Detection of vulnerable plugins/themes Malware security scanner Advanced admin security notification DD0S attacks protection Files permission check Antivirus security scanning Multi site security support Daily, weekly, monthly security report Security, Antivirus, Firewall – S.A.F. Functionality Details Live System Monitor (System Log) Security system monitor show you all events related with all security modules. You can simple control everything what’s happening in your system. System security monitor collect details of all changes in system including another security modules. You can see detailed log of every single change. You always know what’s happening with your website you wouldn’t miss any illegal activity. This security module will show all brute force security module notifications, malware detection by file system security monitoring modules and much more. Security Email Report With email security report you can stay informed about status of all security modules on your website. You can schedule daily, weekly or monthly report period and select time when you with to send security reports. In security report you’ll get detailed information about all security issues, attacks and security events on your website. Report have antivirus report, brute force attacks security report, firewall bans report, network monitor security report, 404 detection security report, google captcha report. Firewall (Network Monitor) Firewall security module protect your website from intrusions and hacker attacks. Network monitoring detect attacks and ban IP’s of the attacker. Firewall provide wide range of security settings for monitoring process and banned IP’s management. Ban manager provide few security modes for temporary and permanent ban attackers IP’s. Brute Force Monitor With brute force security protection module you can limit number of attempts for failed logins. IP of the hacker will be blocked when brute force attacks will be detected by this S.A.F. module. In settings section you can customize lock time, amount of brute force attemts for the first and second time of the brute force detection. Brute force attacks detection module also include admin notifications settings. S.A.F. provide you multi step brute force security notification after first attepmt of brute force attack Ip of the attacker will be blocked for some configured amount of time. After second brute force attack attemt you can define different lock time. Smart security monitoring of the brut force attacks it’s really important. Brute force detection will help to protect your website in time. Antivirus Antivirus security module protect your website from infection and heal already infected files in the case if it’s already happened. Our antivirus security module implemented based on unique 2 level viruses control. On the first level our antivirus scan your server files and detect all infection cases. Second level scan files with online cloud antivirus service, which use more then 50 most powerful antivirus software to scan your files on Cloud. All process optimized to save resources of your system and for detection malware and viruses the best way. With our double stage algorithm any malware and viruses have no chance to survive. All security process of scanning is fully automatic and do not require any special skills. Cloud Antivirus Monitor Cloud antivirus security monitor provide you full control and all details of results of scanning with cloud antivirus. Here you control all results, you can make some action to infected files on your server. You’ll have all reports for all scans, infection and healing cases. It’s not require any additional action from your side, but here you’ll have more advanced tools and reports if you need it. 404 Detector Hackers are always looking for vulnerabilities on your site that can be exploited. Some of these vulnerabilities can be found by scanning of the content on the front end of the website. Such links research will be detected by 404 security detector module. Here you’ll see list of such action and you get access to ban tools. Easy Password Simple password it’s one of the most common security problems. Do not use simple passwords and protect your website from simple passwords of another users. Using strong passwords lowers overall risk of a security breach. The rate at which an attacker can submit guessed passwords to the system is a key factor in determining system security. We have also brute force monitor to protect system from such guessing. Google Captcha Very effective module to protect your website against spammers and bots. Implemented with multi site mode support. With this tools you get reliable protection of your admin section from bots and spammers. Google reCaptcha uses advanced risk analysis engine and adaptive CAPTCHAs to keep bots from engaging in abusive activities on your site. Auto Update Keep your site up to date to stay safe and secured. Auto update module provide you easy tool to enable updates of your wordpress update core files, plugins and themes installed on your website. All screepts, even wordpress core files, third-party plugins and themes may potentially be vulnerable to different type of attacks. Making sure you always have the newest versions of WordPress, all plugins and themes installed on your website minimizes the risk to be hacked. Keep everything up to date to protect your website and your information. Cron Scheduler Build in cron scheduling tasks for all security checks and scans. Every security scanning activity could be planned insettings of every module and Cron scheduler run all this tasks in planned time frame. Security Report Our security report module include all cases which was detected. In report settings you can configure frequency of security reports and time when exactly do you wish to generate reports. In security report configuration section you can also change subject of the report email. Control security of your website with all this security modules of S.A.F. When you enable every security module make sure that you change settings to configure it for your need. Security of your website depend of your settings. Detection of every not nessesery activity , like : brute force attacks, malware detection or other security problems fully depend of configurations of every single module.
|User Login History||1.7.1||98||16||39576|
(The pre-release version is available on GitHub.com. Please use this pre-release version in DEVELOPMENT environment only and create issues if you find any bugs.) The plugin helps you to track any visi...
tor’s login details with the following attributes: Login – Login Date-Time Logout – Logout Date-Time Last Seen – Last Seen Date-Time Login Status – Logged in/Logged out/Failed/Blocked Online Status – Online/Offline/Idle Session Duration – How long the user stayed on your website per session. User ID Username Current Role Old Role – The role while user gets logged in into your website. Browser Operating System IP Address Country Name and Country Code (Based on IP Address) Timezone (Based on IP Address) Some More Useful Features Preferable Timezone – You can select your preferred timezone to be used for the listing table. Shortcode – The plugin comes with a customizable shortcode that you can use in your template or content to view the login history of current logged in user. You can use the shortcodes <?php echo do_shortcode['user-login-history'] ?> and [user-login-history] in your template file and content respectively. For more detail, please see the help page under plugin menu. Multisite Network (Since version 1.7.0) – On the network admin area, you can see the listing table which shows all the records fetched from all the blogs of the current network. Advanced Search Filter CSV Export Compatible With WooCommerce BuddyPress UserPro Ultimate Member Loginizer Theme My Login Admin Custom Login Login No Captcha reCAPTCHA Force Login WPS Hide Login Login LockDown Custom Login Page Customizer Translations Currently, this plugin is available in the following two languages i.e. English Italian You can download the language files from here. Do you want to translate this plugin to another language? I recommend using POEdit or if you prefer to do it straight from the WordPress admin interface use Loco Translate. When you’re done, send us the file(s) and I’ll add it to the official plugin. You can also translate the plugin Online. Bug Fixes If you find any bug, please create a topic with a step by step description to reproduce the bug. Please search the forum before creating a new topic. Keywords Login Log,Online User,Login Form Security,Report,Brute Force Detector, user log, log, logger, detector, tracker, membership, register, sign up, admin, subscriber, editor, geo location, xml-rpc profile, front end registration, manager, report, statistics, activity, user role editor,fail login attempt detector
|Security Ninja – WordPress Security Plugin||2.50||86||21||63877|
Requires PHP: 7.4 Tests security issues, malware & warns of dangerous plugins. Detailed report on your site security & how to secure it. Get
Plug-in to ease the setting of TLS headers for HSTS and similar
TLS is growing in complexity. Server Name Indication (SNI) now means HTTPS sites may be on shared IP addresses, or otherwise restricted. For these servers it is handy to be able to set desired HTTP headers without access to the web servers configuration or using .htaccess file. This plug-in exposes controls for: HSTS (Strict-Transport-Security) HPKP (Public-Key-Pins) Disabling content sniffing (X-Content-Type-Options) XSS protection (X-XSS-Protection) Clickjacking mitigation (X-Frame-Options in main site) Expect-CT HSTS is used to ensure that future connections to a website always use TLS, and disallowing bypass of certificate warnings for the site. HPKP is used if you don’t want to rely solely on the Certificate Authority trust model for certificate issuance. Disabling content sniffing is mostly of interest for sites that allow users to upload files of specific types, but that browsers might be silly enough to interpret of some other type, thus allowing unexpected attacks. XSS protection re-enables XSS protection for the site, if the user has disabled it previously, and sets the “block” option so that attacks are not silently ignored. Clickjacking protection is usually only relevant when someone is logged in but users requested it, presumably they have rich content outside of WordPress authentication they wish to protect. Expect-CT is used to ensure Certificate Transparency is configured correctly.
|Stop User Enumeration||1.3.8||100||12||40381|
Helps secure your site against hacking attacks through detecting User Enumeration
Even if you are careful and set your blogging nickname differently from your login id, if you are using permalinks it only takes a few seconds to discover your real user name. This plugin stops user enumeration dead (like in use by WPSCAN), and additionally it will log an event in your system log so you can use (optionally) fail2ban to block the probing IP directly at your firewall, a very powerful solution for VPS owners to stop brute force attacks as well as DDoS attacks. Since WordPress 4.5 user data can also be obtained by API calls without logging in, this is a WordPress feature, but if you don't need it, this plugin will restrict that too.
|Secure Copy Content Protection||1.3.9||100||5||17033|
WordPress Copy Content Protection Secure Copy Content Protection Secure Copy Content Protection Free Demo Secure Copy Content Protection Pro Demo Secure Copy Content Protection is a plugin aimed at...
protecting web content from being plagiarized. As soon as Copy Protection plugin is activated it disables the right click, copy paste, content selection and copy shortcut keys on your website thus preventing content theft as well as web scraping, which are very popular nowadays. Besides all the abovementioned copy methods Copy Protection allows to disable inspect elements and provides a protected site, where no copyright infringement may occur. The plugin is called content copy protection. It is very easy to use take and install. By these 2 steps, you will have a copyrighted material. The installation of the following plugin will last only a few seconds so you don’t waste your time on installation. For example, if other plugins demand a long time on installation and usage this plugin will help you to save your time and disable copy methods. So only a few seconds, and you will have a protected site and free of plagiarism. What function does the plugin have? By choosing post type you will have a function on the page protect content selection. So the plugin prevents copy. In any case, if you use the plugin you cannot see copy paste in your site. This is an anti-copy plugin. And the one weapon for content protection is the plugin. SEO From the point of view of SEO, it is worth saying goodbye to copy and paste. The plugin will ensure the copyright sign. Your copyright text will be in safe from content theft. It will disable all kinds of copy paste from your site. By installing this plugin you will start to say “stop copy” from your content. In another word, it is called anti-copy paste. We know that Google doesn’t like a copy. It wants unique and no copy text. And for example, if your domain is a new one and the ones who have an old domain copy from you, because of them you may appear on the blacklist of Google. To avoid such situation install the plugin and will have a copyright intellectual property. Consequently, this will bring the right google page rank for your site. How disable right click on a website? The answer is as simple as a day, install a plugin. Protection In the part of protection here comes watermark, but nowadays modern thieves can easily erase it. That is why you should turn off no right click and drag and drop and again you will have a copy-protected text and image. We approve that it is trustworthy. For instance, if the client sees the same content in another site he may think that the plagiarism is yours. But it is a big infringement of copyright which you can protect. Here again, comes for the help the plugin which will avoid theft of copyright. Use copyright symbols in the plugin and there will not be an outflow of information. The next vital question is: Can a website be copyrighted and the answer will be No No an No. You will not meet any infringement with the plugin. There is a law of international copyright ant plugin will be like a confirmation of that law. The plugin can help to protect your personal files. Such as personal information. For instance, if you are a blogger, journalist or you work in the sphere of film, sport and in any field that wants personal information protection in that case the plugin is just for you. You just disable copy shortcut keys, disable inspect elements and your personal information will not be in hands of thieves. Which is really very disgusting. So that is why you just install the plugin in a few seconds and will have a copyrighted blog. So the main reason why to choose the plugin. It is easy to use, easy to install and ensures your fire protection. To protect your personal information and avoid any kinds of plagiarism or web scraping, just install the plugin. And it is vital to repeat that you will get a copyright infringement protection. And this plugin will be the patent for your personal information. If there exists the law of infringement protection then without any doubt this plugin is the confirmation of that law. Operation Systems Windows Linux Mac Browsers Google Chrome Mozilla Firefox Opera Internet Explorer Safari Blocked Shortcuts Google Chrome – CTRL+SHIFT+I | CTRL+SHIFT+J | CTRL+C | F12 | CTRL+SHIFT+U Mozilla Firefox – CTRL+SHIFT+I | CTRL+SHIFT+J | CTRL+C | F12 | CTRL+SHIFT+U | F7 | F5 Opera – CTRL+SHIFT+I | CTRL+SHIFT+J | CTRL+C | CTRL+SHIFT+E | Internet Explorer – F12 | CTRL+SHIFT+U | CTRL+C | F12+CTRL Safari – Cmd+Opt+I | Cmd+Opt+J | Cmd+Opt+C | Cmd+Opt+U Features Content copy protection Notification text Disable left click Disable right click Disable Developer Tools Disable Drag/Drop Disable F12 Disable CTRL+C Disable CTRL+V Disable CTRL+X Disable CTRL+S Disable CTRL+A Style settings PRO Features Includes ALL Free version Features and Block by IP Block by Country Front/back blocker Block Rest api Protection by user roles Protection by post/post type Block content with password Paid content via PayPal More on the way … It’s your chance to protect your content with our powerful Copy Protection plugin. Don’t forget, in case of any problems or upcoming questions feel free to contact us via e-mail at firstname.lastname@example.org.
|BuddyPress Security Check||3.2.2||82||13||47341|
Donate link: https://bungeshea.com/donate/ Combat spam registrations for a BuddyPress-powered site using Google's reCAPTCHA
Important: Since version 2.0, this plugin now requires at least PHP 5.3. Please ensure you are running the latest available version of PHP on your server. This plugin adds Google’s reCAPTCHA to the BuddyPress registration page and WordPress login page to prevent bots from registering and keep your site free from spam registrations. reCAPTCHA is “tough on bots, easy on humans”: while it is increbianle effective on preventing bots from registering, most of the time all the user needs to do to verify themselves is simply check a box. After installing this plugin, you will need to register your site with Google (requires a Google account) and enter the site key and secret key on the Settings > BuddyPress > Options admin menu. If you would prefer not to use Google’s service, there is an alternative security check method also available; see below; Prior to version 2.0, a less effective security check method was used where the user needed to answer simple math sum before registering. This method is still available, and can be turned on on the Settings > BuddyPress > Options menu. You can learn more at the plugin’s website, or on GitHub Translations Thanks to the awesome work of the following translators, this plugin can be used in these languages: Indonesian thanks to Jordan Silaen from ChameleonJohn.com Russian thanks to Howard Steele from SuperbWebsiteBuilders.com Swedish thanks to Thord D. Hedengren French thanks to Frédérick Baldo Serbo-Croatian thanks to Andrijana Nikolic from WebHostingGeeks and Ogi Djuraskovic from FirstSiteGuide.com Spanish thanks to Renato Alves Hungarian thanks to Laszlo Espadas Brazilian Portuguese thanks to Renato Alves Danish thanks to Andreas Bjørn Hassing Nielsen Italian thanks to Nicole Curioni Belarusian thanks to Natasha from uStarCash If you have a translation to contribute, please sent it through to me by email or on GitHub.
|Secure DB Connection||1.1.5||100||3||11126|
Sets SSL keys and certs for encrypted MySQL database connections.
Depending on the MySQL server setup the SSL certs used may not be in the trusted store, if that’s the case mysqli_ssl_set() needs to be called to set custom keys and certs before connect. This Plugin adds a custom DB class that allows these settings to be configured via custom constants. This plugin will also add a custom item on the “At a Glance” section of the Dashboard to show if the $wpdb connection is secure or not. Also find me on GitHub.
|WooCommerce SecureSubmit Gateway||1.12.0||100||3||18291|
SecureSubmit allows merchants to take PCI-Friendly Credit Card payments on WooCommerce using Heartland Payment Systems Payment Gateway.
This plugin provides a Heartland Payment Systems Gateway addon to the WooCommerce plugin using our SecureSubmit card tokenization library. Features of SecureSubmit: Only two configuration fields: public and secret API key Simple to install and configure Tokenized payments help reduce PCI Scope Enables credit card saving for a friction-reduced checkout How do I get started? Get your Certification (Dev/Sandbox) Api Keys by creating an account on https://developer.heartlandpaymentsystems.com/SecureSubmit/
|SSL Insecure Content Fixer||2.7.2||96||189||1807899|
Clean up your WordPress website’s HTTPS insecure content and mixed content warnings. Installing the SSL Insecure Content Fixer plugin will solve most insecure content warnings with little or no ...
effort. The remainder can be diagnosed with a few simple tools. When you install SSL Insecure Content Fixer, its default settings are activated and it will automatically perform some basic fixes on your website using the Simple fix level. You can select more comprehensive fix levels as needed by your website. WordPress Multisite gets a network settings page. This can be used to set default settings for all sites within a network, so that network administrators only need to specify settings on sites that have requirements differing from the network defaults. See the SSL Insecure Content Fixer website for more details. Translations Many thanks to the generous efforts of our translators: Bulgarian (bg_BG) — the Bulgarian translation team Chinese simplified (zh_CN) — the Chinese translation team English (en_CA) — the English (Canadian) translation team English (en_GB) — the English (British) translation team English (en_ZA) — the English (South African) translation team Dutch (nl_NL) — the Dutch translation team German (de_DE) — the German translation team French (fr_FR) — the French translation team Italian (it_IT) — the Italian translation team Japanese (ja) — the Japanese translation team Russian (ru_RU) — the Russian translation team Spanish (es_ES) — the Spanish translation team If you’d like to help out by translating this plugin, please sign up for an account and dig in. Privacy SSL Insecure Content Fixer does not collect any personally identifying information, and does not set any cookies.
Prevent brute force logins on your WordPress site with Google's reCAPTCHA.
This plugin prevents brute force logins on your WordPress website by adding Google’s easy to use reCAPTCHA to the login form.