Requires PHP: 7.3

iThemes Security is the #1 WordPress Security Plugin iThemes Security (formerly Better WP Security) gives you over 30+ ways to secure and protect your WordPress site. On average, 30,000 new websites are hacked each day. WordPress sites can be an easy target for attacks because of plugin vulnerabilities, weak passwords and obsolete software. Most WordPress admins don’t know they’re vulnerable, but iThemes Security works to lock down WordPress, fix common holes, stop automated attacks and strengthen user credentials. With advanced features for experienced users, our WordPress security plugin can help harden WordPress. Maintained and Supported by iThemes iThemes has been building and supporting WordPress tools since 2008 like BackupBuddy, our WordPress backup plugin. With our full range of WordPress plugins, themes and training, WordPress security is the next step in providing you with everything you need to build the WordPress web. Get Plugin Support and Pro Features Get added peace of mind with professional support from our expert team and pro features to take your site’s security to the next level with iThemes Security Pro. Pro Features: Two-Factor Authentication – Use a mobile app such as Google Authenticator or Authy to generate a code or have a generated code emailed to you. WordPress Salts & Security Keys – The iThemes Security plugin makes updating your WordPress keys and salts easy. Malware Scan Scheduling – Have your site scanned for malware automatically each day. If an issue is found, an email is sent with the details. Password Security – Generate strong passwords right from your profile screen. Password Expiration – Set a maximum password age and force users to choose a new password. You can also force all users to choose a new password immediately (if needed). Google reCAPTCHA – Protect your site against spammers. User Action Logging – Track when users edit content, login or logout. Import/Export Settings – Saves time setting up multiple WordPress sites. Dashboard Widget – Manage important tasks such as user banning and system scans right from the WordPress dashboard. Online File Comparison – When a file change is detected it will scan the origin of the files to determine if the change was malicious or not. Currently works only in WordPress core but plugins and themes are coming. Temporary Privilege Escalation – give a contractor or someone else temporary admin or editor access to your site that will automatically reset itself. wp-cli Integration – Manage your site’s security from the command line. iThemes Sync Integration Manage more than one WordPress site? Manage Away Mode, release lockouts and keep your themes, plugins and WordPress core up to date from one dashboard with iThemes Sync. Start managing 10 WordPress sites for free with iThemes Sync. iThemes Brute Force Attack Protection Network iThemes Security takes brute force attack protection to the next level by banning users who have tried to break into other sites from breaking into yours. The iThemes Brute Force Attack Protection Network will automatically report IP addresses of failed login attempts and will block them for a length of time necessary to protect your site based on the number of sites that have seen a similar attack. Protect iThemes Security works to protect your site by blocking bad users and increasing the security of passwords and other vital information. Prevents brute force attacks by banning hosts and users with too many invalid login attempts Scans your site to instantly report where vulnerabilities exist and fixes them in seconds Bans troublesome user agents, bots and other hosts Strengthens server security Enforces strong passwords for all accounts of a configurable minimum role Forces SSL for admin pages (on supporting servers) Forces SSL for any page or post (on supporting servers) Turns off file editing from within WordPress admin area Detects and blocks numerous attacks to your filesystem and database Detect iThemes Security monitors your site and reports changes to the filesystem and database that might indicate a compromise. iThemes Security also works to detect bots and other attempts to search vulnerabilities. Detects bots and other attempts to search for vulnerabilities. Monitors filesystem for unauthorized changes. Run a scan for malware and blacklists on the homepage of your site. Receive email notifications when someone gets locked out after too many failed login attempts or when a file on your site has been changed. Obscure iThemes Security hides common WordPress security vulnerabilities, preventing attackers from learning too much about your site and away from sensitive areas like your site’s login, admin, etc. Changes the URLs for WordPress dashboard areas including login, admin and more Completely turns off the ability to login for a given time period (away mode) Removes theme, plugin, and core update notifications from users who do not have permission to update them Removes Windows Live Write header information Removes RSD header information Renames “admin” account Changes the ID on the user with ID 1 Changes the WordPress database table prefix Changes wp-content path Removes login error messages Recover iThemes Security makes regular backups of your WordPress database, allowing you to get back online quickly in the event of an attack. Use iThemes Security to create and email database backups on a customizable schedule. For complete site backups and the ability to restore or move WordPress to a new host or domain, check out BackupBuddy. Other WordPress Security Benefits Makes it easier for users not accustomed to WordPress to remember login and admin URLs by customizing default admin URLs Detects hidden 404 errors on your site that can affect your SEO such as bad links and missing images WordPress Security Tutorials Learn how to use our WordPress security plugin with our series of in-depth tutorial videos: Getting Started Global Settings 404 Detection Away Mode Banned Users Brute Force Protection Compatibility Works on multi-site (network) and single site installations Works with Apache, LiteSpeed or NGINX (Note: NGINX will require you to manually edit your virtual host configuration) Features like database backups and file checks can be problematic on servers without a minimum of 64MB of RAM. All testing servers allocate 128MB to WordPress and usually don’t have any other plugins installed. Translations Spanish by Andrew Kurtis Please let us know if you would like to contribute a translation. Warning Please read the installation instructions and FAQ before installing this WordPress security plugin. iThemes Security makes significant changes to your database and other site files which can be problematic, so a backup is strongly recommended before making any changes to your site with this plugin. While problems are rare, most support requests involve the failure to make a proper backup before installation. License Released under the terms of the GNU General Public License.

Firewall, Malware Scanner, Two Factor Auth and Comprehensive Security Features, powered by our 24 hour team. Make security a priority with Wordfence.

THE MOST DOWNLOADED WORDPRESS SECURITY PLUGIN WordPress security is all we do. Secure your WordPress website with Wordfence. Powered by the constantly updated Threat Defense Feed, our Web Application Firewall stops you from getting hacked. Wordfence Scan leverages the same proprietary feed, alerting you quickly in the event your site is compromised. Our Live Traffic view gives you real-time visibility into traffic and hack attempts on your WordPress website. A deep set of additional tools round out the most complete WordPress security solution available. With over 22 million downloads, Wordfence is the most popular WordPress security plugin available. Wordfence Security is 100% free and open source. We also offer a Premium API key that gives you Premium Support, Country Blocking, Scheduled Scans, Password Auditing, real-time updates to the Threat Defense Feed, two-factor authentication, and we even check if your website IP address is being used to Spamvertize. Click here to sign-up for Wordfence Premium now or simply install Wordfence free and start protecting your website. You can find our official documentation at docs.wordfence.com and our Frequently Asked Questions on our support portal at support.wordfence.com. We are also active in our community support forums on wordpress.org if you are one of our free users. Our Premium Support Ticket System is at support.wordfence.com. Learn about WordPress security at wordfence.com/learn. This is a brief introductory video for Wordfence: Wordfence Security is Multi-Site compatible and includes Cellphone Sign-in which permanently secures your WordPress website from brute force hacks. WORDPRESS SECURITY FEATURES WordPress Firewall Web Application Firewall stops you from getting hacked by identifying malicious traffic, blocking attackers before they can access your website. Threat Defense Feed automatically updates firewall rules that protect you from the latest threats. Premium members receive the real-time version. Block common WordPress security threats like fake Googlebots, malicious scans from hackers and botnets. Blocking Features Real-time blocking of known attackers. If another site using Wordfence is attacked and blocks the attacker, your site is automatically protected. Block entire malicious networks. Includes advanced IP and Domain WHOIS to report malicious IP's or networks and block entire networks using the firewall. Report WordPress security threats to network owner. Rate limit or block WordPress security threats like aggressive crawlers, scrapers and bots doing security scans for vulnerabilities in your site. Choose whether you want to block or throttle users and robots who break your WordPress security rules. Premium users can also block countries and schedule scans for specific times and a higher frequency. WordPress Login Security Sign-in using your password and your cellphone to vastly improve login security. This is called Two Factor Authentication and is used by banks, government agencies and military world-wide for highest security authentication. Enforce strong passwords among your administrators, publishers and users. Improve login security. Checks the strength of all user and admin passwords to enhance login security. Includes login security to lock out brute force hacks and to stop WordPress from revealing info that will compromise WordPress security. Security Scanning Scans for the HeartBleed vulnerability - included in the free scan for all users. Scans core files, themes and plugins against WordPress.org repository versions to check their integrity. Verify security of your source. See how files have changed. Optionally repair changed files that are security threats. Scans for signatures of over 44,000 known malware variants that are known WordPress security threats. Scans for many known backdoors that create security holes including C99, R57, RootShell, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx and many many more. Continuously scans for malware and phishing URL's including all URLs on the Google Safe Browsing List in all your comments, posts and files that are security threats. Scans for heuristics of backdoors, trojans, suspicious code and other security issues. Monitoring Features See all your traffic in real-time, including robots, humans, 404 errors, logins and logouts and who is consuming most of your content. Enhances your situational awareness of which security threats your site is facing. A real-time view of all traffic including automated bots that often constitute security threats that Javascript analytics packages never show you. Real-time traffic includes reverse DNS and city-level geolocation. Know which geographic area security threats originate from. Monitor your DNS security for unauthorized DNS changes. Monitors disk space which is related to security because many DDoS attacks attempt to consume all disk space to create denial of service. Multi-Site WordPress Security Wordfence Security for multi-site also scans all posts and comments across all blogs from one admin panel. WordPress Multi-Site (or WordPress MU in the older parlance) compatible. IPv6 Compatible Fully IPv6 compatible including all whois lookup, location, blocking and security functions. Major Theme and Plugins Supported Includes support for other major plugins and themes like WooCommerce. Free Learning Center The Wordfence website includes an in-depth WordPress Security Learning Center. The Wordfence WordPress security plugin is full-featured and constantly updated by our team to incorporate the latest security features and to hunt for the newest security threats to your WordPress website.

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

A COMPREHENSIVE, EASY TO USE, STABLE AND WELL SUPPORTED WORDPRESS SECURITY PLUGIN WordPress itself is a very secure platform. However, it helps to add some extra security and firewall to your site by using a security plugin that enforces a lot of good security practices. The All In One WordPress Security plugin will take your website security to a whole new level. This plugin is designed and written by experts and is easy to use and understand. It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques. All In One WP Security also uses an unprecedented security points grading system to measure how well you are protecting your site based on the security features you have activated. Our security and firewall rules are categorized into “basic”, “intermediate” and “advanced”. This way you can apply the firewall rules progressively without breaking your site’s functionality. The All In One WordPress Security plugin doesn’t slow down your site and it is 100% free. Visit the WordPress Security Plugin page for more details. Below is a list of the security and firewall features offered in this plugin: User Accounts Security Detect if there is a user account which has the default “admin” username and easily change the username to a value of your choice. The plugin will also detect if you have any WordPress user accounts which have identical login and display names. Having account’s where display name is identical to login name is bad security practice because you are making it 50% easier for hackers because they already know the login name. Password strength tool to allow you to create very strong passwords. Stop user enumeration. So users/bots cannot discover user info via author permalink. User Login Security Protect against “Brute Force Login Attack” with the Login Lockdown feature. Users with a certain IP address or range will be locked out of the system for a predetermined amount of time based on the configuration settings and you can also choose to be notified via email whenever somebody gets locked out due to too many login attempts. As the administrator you can view a list of all locked out users which are displayed in an easily readable and navigable table which also allows you to unlock individual or bulk IP addresses at the click of a button. Force logout of all users after a configurable time period Monitor/View failed login attempts which show the user’s IP address, User ID/Username and Date/Time of the failed login attempt Monitor/View the account activity of all user accounts on your system by keeping track of the username, IP address, login date/time, and logout date/time. Ability to automatically lockout IP address ranges which attempt to login with an invalid username. Ability to see a list of all the users who are currently logged into your site. Allows you to specify one or more IP addresses in a special whitelist. The whitelisted IP addresses will have access to your WP login page. Add Google reCaptcha or plain maths captcha to WordPress Login form. Add Google reCaptcha or plain maths captcha to the forgot password form of your WP Login system. User Registration Security Enable manual approval of WordPress user accounts. If your site allows people to create their own accounts via the WordPress registration form, then you can minimize SPAM or bogus registrations by manually approving each registration. Ability to add Google reCaptcha or plain maths captcha to the WordPress’s user registration page to protect you from spam user registration. Ability to add Honeypot to the WordPress’s user registration form to reduce registration attempts by robots. Database Security Easily set the default WP prefix to a value of your choice with the click of a button. Schedule automatic backups and email notifications or make an instant DB backup whenever you want with one click. File System Security Identify files or folders which have permission settings which are not secure and set the permissions to the recommend secure values with click of a button. Protect your PHP code by disabling file editing from the WordPress administration area. Easily view and monitor all host system logs from a single menu page and stay informed of any issues or problems occurring on your server so you can address them quickly. Prevent people from accessing the readme.html, license.txt and wp-config-sample.php files of your WordPress site. htaccess and wp-config.php File Backup and Restore Easily backup your original .htaccess and wp-config.php files in case you will need to use them to restore broken functionality. Modify the contents of the currently active .htaccess or wp-config.php files from the admin dashboard with only a few clicks Blacklist Functionality Ban users by specifying IP addresses or use a wild card to specify IP ranges. Ban users by specifying user agents. Firewall Functionality This plugin allows you to easily add a lot of firewall protection to your site via htaccess file. An htaccess file is processed by your web server before any other code on your site. So these firewall rules will stop malicious script(s) before it gets a chance to reach the WordPress code on your site. Access control facility. Instantly activate a selection of firewall settings ranging from basic, intermediate and advanced. Enable the famous “6G Blacklist” Firewall rules courtesy of Perishable Press Forbid proxy comment posting. Block access to debug log file. Disable trace and track. Deny bad or malicious query strings. Protect against Cross Site Scripting (XSS) by activating the comprehensive advanced character string filter. or malicious bots who do not have a special cookie in their browser. You (the site admin) will know how to set this special cookie and be able to log into your site. WordPress PingBack Vulnerability Protection feature. This firewall feature allows the user to prohibit access to the xmlrpc.php file in order to protect against certain vulnerabilities in the pingback functionality. This is also helpful to block bots from constantly accessing the xmlrpc.php file and wasting your server resource. Ability to block fake Googlebots from crawling your site. Ability to prevent image hotlinking. Use this to prevent others from hotlinking your images. Ability to log all 404 events on your site. You can also choose to automatically block IP addresses that are hitting too many 404s. Ability to add custom rules to block access to various resources of your site. Brute force login attack prevention Instantly block Brute Force Login Attacks via our special Cookie-Based Brute Force Login Prevention feature. This firewall functionality will block all login attempts from people and bots. Ability to add a simple math captcha to the WordPress login form to fight against brute force login attacks. Ability to hide admin login page. Rename your WordPress login page URL so that bots and hackers cannot access your real WordPress login URL. This feature allows you to change the default login page (wp-login.php) to something you configure. Ability to use Login Honeypot which will helps reduce brute force login attempts by robots. Security Scanner The file change detection scanner can alert you if any files have changed in your WordPress system. You can then investigate and see if that was a legitimate change or some bad code was injected. Comment SPAM Security Monitor the most active IP addresses which persistently produce the most SPAM comments and instantly block them with the click of a button. Prevent comments from being submitted if it doesn’t originate from your domain (this should reduce some SPAM bot comment posting on your site). Add a captcha to your wordpress comment form to add security against comment spam. Automatically and permanently block IP addresses which have exceeded a certain number of comments labeled as SPAM. Front-end Text Copy Protection Ability to disable the right click, text selection and copy option for your front-end. Regular updates and additions of new security features WordPress Security is something that evolves over time. We will be updating the All In One WP Security plugin with new security features (and fixes if required) on a regular basis so you can rest assured that your site will be on the cutting edge of security protection techniques. Works with Most Popular WordPress Plugins It should work smoothly with most popular WordPress plugins. Additional Features Ability to remove the WordPress Generator Meta information from the HTML source of your site. Ability to remove the WordPress Version information from the JS and CSS file includes of your site. Ability to prevent people from accessing the readme.html, license.txt and wp-config-sample.php files Ability to temporarily lock down the front end of your site from general visitors while you do various backend tasks (investigate security attacks, perform site upgrades, do maintenance work etc.) Ability to export/import the security settings. Prevent other sites from displaying your content via a frame or iframe. Plugin Support If you have a question or problem with the All In One Security plugin, post it on the support forum and we will help you. Developers If you are a developer and you need some extra hooks or filters for this plugin then let us know. Github repository – https://github.com/Arsenal21/all-in-one-wordpress-security Translations All In One WP Security plugin can be translated to any language. Currently available translations: English German Spanish French Hungarian Italian Swedish Russian Chinese Portuguese (Brazil) Persian Visit the WordPress Security Plugin page for more details. Privacy Policy This plugin may collect IP addresses for security reasons such as mitigating brute force login threats and malicious activity. The collected information is stored on your server. No information is transmitted to third parties or remote server locations. Usage Go to the settings menu after you activate the plugin and follow the instructions.

Adds some extra security to your WordPress with only one click.

There’s a lot of WordPress security plugins with many many options and pages to setup. And that is fine if you know what to do. But most of the times, you don’t need so much or simply you’re not sure about what to set or not. This plugin adds some extra security to your WordPress with only one click. No options page, just activate it! Features Like many other security plugins SAR One Click Security adds well known .htaccess rules, but only the ones probed to be safe to use in almost any type of site (including WooCommerce stores), to protect your WordPress from common attacks. This allows you to have a safer WordPress without worries about what protection you should be using. Turn off ServerSignature directive, that may leak information about your web server. Turn off directoy listing, avoiding bad configured hostings to leak your files. Blocks public access (from web) to following files that may leak information about your WordPress install: .htaccess, license.txt, readme.html, wp-config.php, wp-config-sample.php, install.php Blocks access to wp-login.php to dummy bots trying to register in WordPress sites that have registration disabled. Blocks requests looking for timthumb.php, reducing server load caused by bots trying to find it. (*) Blocks TRACE and TRACK request methods, preventing XST attacks. Blocks direct posting to wp-comments-post.php (most spammers do this) and access with blank User Agent, reducing spam comments a lot and also server load. Blocks direct access to PHP files in wp-content directory (this includes subdirectories like plugins or themes). Protecting you from a huge number of 0day exploits. Blocks direct POST to wp-login.php and access with blank User Agent, preventing most brute-force attacks and reducing server load. Blocks access to .txt files under any plugin/theme directory to prevent scans for installed plugins/themes. Blocks any query string trying to get a copy of the wp-config.php file. Blocks gf_page=upload query string argument, this was deprecated in Gravity Forms on May 2015, if your copy of Gravity Forms still uses it, update now! Removes version information from page headers. This includes not only the page header (html or xtml) but also feed headers (rss, rss2, atom, rdf) and opml comments. Only the version number is removed, not the entire generator information. (*) If your theme uses TimThumb, you can disable that blocking rule, check FAQ before installing the plugin to see how. Requirements WordPress 3.9.2 or higher. (Works with WordPress network/multisite installation). Apache 2.2.x or 2.4.x web server It has been tested in many servers including large providers like HostGator, Godaddy and 1&1 with optimal results, and it will work fine in any decent hosting service (that allows you to set options from .htaccess files). Anyway, if you get any problem after activating the plugin, check FAQ for instructions on how to manually uninstall it. Or maybe check it before install the plugin if you’re not sure about your hosting provider policy about .htacces Usage To apply above mentioned security rules simply install and activate the plugin, no options page, no user setup! If you need to remove the security rules for some reason, simply deactivate the plugin. If you want to add them again, activate the plugin again, that easy 😉 And remember, if your theme uses TimThumb, check FAQ before installing the plugin.

GitHub Plugin URI: https://github.com/dylandownhill/WP-Content-Security-Policy-Plugin Block XSS vulnerabilities by adding a Content Security Policy h

Content Security Policy (CSP) is a W3C guideline to prevent cross-site scripting (XSS) and related attacks. XSS allows other people to run scripts on your site, making it no longer your application running on your site, and opens your whole domain to attack due to “Same-Origin Policy” – XSS anywhere on your domain is XSS everywhere on your domain. (see https://www.youtube.com/watch?v=WljJ5guzcLs) CSP tells your browser to push least-privilege environment on your application, allowing the client to only use resources from trusted domains and block all resources from anywhere else. Adding CSP to your site will protect your visitors from: Cross-site scripting (XSS) attacks Adware and Spyware while on your site This plugin will help you set your CSP settings and will add them to the page the visitor requested. Policy violations will be logged in a database table which can be viewed via an admin page that supplies all the violations, along with counts. Buttons easily allow you to add the sites to your headers or to ignore them. This plugin also allows you to ignore sites that repeatedly violate your policies. For example, some tracking images will show as violating your policies, but you still don’t want them to run, therefore you can block the site from showing up in your logs – note, however, that the browser will still call your server and your server will still spend resources processing the call. In addition, this plugin can help you to get on the HSTS Preload list – See https://hstspreload.org/ for details. CSP Directives CSP allows you to control where your visitors’ browser can run code from. The W3C specification allows for the following directives: default-src The default-src is the default policy for loading content. If another setting is blank then this setting will be used. script-src Defines valid sources of JavaScript. style-src Defines valid sources of stylesheets. img-src Defines valid sources of images. connect-src Applies to XMLHttpRequest (AJAX), WebSocket or EventSource. manifest-src Specifies which manifest can be applied to the resource worker-src Specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts. font-src Defines valid sources of fonts. object-src Defines valid sources of plugins. Stops your site becoming the source of drive-by attacks. media-src Defines valid sources of audio and video. base-uri Limit the values that can be used in the entry. frame-src Defines valid sources for loading frames. sandbox Enables a sandbox for the requested resource similar to the iframe sandbox attribute. form-action The form-action restricts which URLs can be used as the action of HTML form elements. frame-ancestors Whether to allow embedding the resource using a frame, iframe, object, embed, etc. in non-HTML resources. plugin-types Restricts the set of plugins that can be invoked by limiting the types of resources that can be embedded. report-uri URL to post information on violations of the policies you set. require-sri-for Require integrity check for scripts and/or styles. CSP Entry Syntax Note – with version 3 of the CSP specification there has been a move to ‘strict-dynamic’ – see the Upgrade Notice section for more information. Each directive can take one or more of the following values: * Allows loading resources from any source. ‘none’ Blocks loading resources from all sources. The single quotes are required. ‘self’ Refers to your own host. The single quotes are required. ‘unsafe-inline’ Allows inline elements, such as functions in script tags, onclicks, etc. The single quotes are required. ‘unsafe-eval’ Allows unsafe dynamic code evaluation such as JavaScript eval(). The single quotes are required. ‘strict-dynamic’ The trust explicitly given to a script present in the markup, by accompanying it with a nonce or a hash, shall be propagated to all the scripts loaded by that root script. The single quotes are required. ‘sha-AAAAAAAAA’ For scripts and styles that can’t take a nonce the browser will tell you a ‘sha-‘ value you can use. The single quotes are required. ‘nonce-AAAAAAAAA’ The trust nonce value – this value is automatically generated per page refresh and should not be entered by the user. The single quotes are required. data: Allow loading resources from data scheme – usually inline images. This is insecure; an attacker can also inject arbitrary data: URIs. Use this sparingly and definitely not for scripts. mediastream: Allows mediastream: URIs to be used as a content source. filesystem: Allow loading resource from file system. https: Only allows loading resources from HTTPS: on any domain. This can be used to block insecure requests. www.example.com Allow loading resources from this domain, using any scheme (http/https) *.example.com Allow loading resourcs from any subdomain under example.com, using any scheme (http/https) http://www.example.com Allows loading resources from this domain using this scheme. /path/to/file/ Allows loading any file from this path on this domain. /path/to/file/thefile Allows loading this one file on this domain. Security Headers In addition to the CSP headers, there are other security headers supported, including: Expect-CT Instructs user agents (browsers) to expect valid Signed Certificate Timestamps (SCTs) to be served. Strict Transport Security The HTTP Strict-Transport-Security response header (HSTS) lets a web site tell browsers that it should only be accessed using HTTPS, instead of using HTTP. X-Frame-Options The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object> . Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites. X-XSS-Protection The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Although these protections are largely unnecessary in modern browsers when sites implement a strong Content-Security-Policy that disables the use of inline JavaScript (‘unsafe-inline’), they can still provide protections for users of older web browsers that don’t yet support CSP. X-Content-Type-Options The X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should not be changed and be followed. This allows to opt-out of MIME type sniffing, or, in other words, it is a way to say that the webmasters knew what they were doing. Referrer-Policy The Referrer-Policy HTTP header governs which referrer information, sent in the Referer header, should be included with requests made. Written By This plugin was written by Dylan Downhill, CDO of Elixir Interactive .

Check your site for security vulnerabilities with one click on 40+ tests and get info on all security aspects.

Full version of Security Ninja with 40+ tests is now available for FREE on WP.org. Please install it NOW. This lite version is no longer maintained. !!! This lite version is no longer maintained !!! Visit Security Ninja’s homepage for more details, FAQ and documentation. perform numerous security tests with one click check your site for security vulnerabilities and holes take preventive measures against attacks don’t let script kiddies hack your site prevent 0-day exploit attacks more tests coming with each update Upgrade Security Ninja to get more than 36 tests, detailed test description, code snippets for fixes and dedicated support.

Requires PHP: 5.4 Hide usernames in Author Pages URLs to enhance Security

This Plugin replaces user names with 16 digits coded strings. See also Plugin Homepage For author page URLs WordPress uses the pattern example.com/author/name where 'name' represents the users login name. This means that the login names from all your users are publicly visible. This is the already half of the infomations needed to log in... The smart User Slug Hider Plugin changes all author page URLs from e.g. example.com/author/admin to something like example.com/author/e9e716def73f76ac. The codes are generated automatically and its impossible to make conclusions about the user names. The WordPress default URLs (like example.com/author/admin) will cause a 404 (not found) error. The plugin does not make any changes to your database. Deactivating the Plugin restores the default WordPress behavior. There are no settings and no need to change anything. Shortcodes The plugin adds three shortcodes you can use in your posts: [smart_user_slug] the user slug of the post author - e.g. e9e716def73f76ac [smart_user_url] the url of the post author's profile page - e.g. example.com/author/e9e716def73f76ac [smart_user_link] adds a link to the post author's profile page Theme Functions The plugin adds two functions that can be used in theme files: get_smart_user_slug( $author_id ) to get the user slug for the author - the parameter $author_id is optional, if omitted the author's ID of the current post is used the_smart_user_slug( $author_id ) to display the user slug for the author - the parameter $author_id is optional, if omitted the author's ID of the current post is used Do you like the smart User Slug Hider Plugin? Thanks, I appreciate that. You don't need to make a donation. No money, no beer, no coffee. Please, just tell the world that you like what I'm doing! And that's all. More plugins from Peter 404page - Define any of your WordPress pages as 404 error page hashtagger - Tag your posts by using #hashtags smart Custom Display Name - Set your Display Name to anything you like See all

This plugin adds a comprehensive suite of security measures to WordPress.

This plugin adds a comprehensive suite of security measures to WordPress. Simply install, activate, and rest assured that your site is now protected against most common attacks. We attempted to create the “Goldilocks” of WordPress security by finding a happy medium between the really complicated plugins that seem to slow down your site and often break functionality because they are too restrictive, and the piece-meal ones that only address one or two vulnerabilities at a time. The following areas of security weakness are addressed: XML RPC Protection – stops unauthorized content injection. Author Scanning Prevention – prevents revealing of user login names. Malicious Script Blocking – stops execution of scripts in specific vulnerable directories. Comment Spam Prevention – adds a CAPTCHA to the comment form. User Login Protection – includes automatic timed failed login attempt lockouts and CAPTCHA for login page. Automatic IP Ban – bans IP’s from the entire site based on number of failed login attempts. IP Blacklist – allows adding known bad IP’s and bans them from the entire site. IP Whitelist – allows adding known good IP’s. This plugin also provides a log of all login attempts including geographical IP data. Temporarily locked IP’s can be unlocked by the administrator. Permanently banned IP’s can be un-banned by the administrator. CAUTION: Do not use this plugin with other security plugins to avoid conflicts and other site issues. Use only one active security suite at a time. Support sysdev@latcomsystems.com

WP Common Security Checklist enables you to quickly and easily to solve most common security issues on WordPress Websites

WP Common Security Checklist enables you to quickly and easily to solve most common security issues on WordPress Websites Supported Features: Disable Generator meta tag that exposes WordPress Version Hide admin URL (Change default login url) Disable Editing in Dashboard (Theme Editor) Change default admin username Disable PHP execution in specifics directories (/wp-content/uploads and /wp-includes/) Protect Sensitive Files (Deny web access to wp-config, error_log, htaccess) Enables you to make backups of wp-config.php file Limit Login attempts Add CAPTCHA on login form Add CAPTCHA on comment form Read more: http://blog.luisfred.com.br/como-manter-o-meu-wordpress-mais-seguro/

To block users from admin side except admin users for specific day,time, and date or permanently.

User Blocker plugin provide the ability to admin to block or unblock user accounts quickly and effortlessly. User can be blocked by Roll or username for specific day & time OR date range Or permanently. When someone tries to log in, and if that user blocked then a friendly error message is displayed on the login screen. You can unblock accounts at any time you want. Also admin can view blocked user list and quickly search user and unblock account if require. User Blocker Plugin Features Block user by time (FROM-time to TO-time) for certain week days Block user by date (FROM-date to TO-date) Block user Permanently Unblock user any time Block user by UserName OR by Role Customizable message for each blocked User OR Blocked Role View blocked user list By Time, By Date and Permanently blocked users. Easy to search any blocked user by username/ email / First name to view blocking status and modify or remove blocking Technical Support You have any suggestion with User Blocker plugin or you found a bug, please contact us at support.solwininfotech.com. Permissions: Only administrators are allowed to use this system. People with lower access levels are neither shown the new bulk actions, nor are they allowed to change the status of accounts. Important: Plugin does not deactivate any Admin users.

Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=verbiphone%40gmail%2ecom Put a sitewide password on your site. Users

Very simple plug that allows you to put a password-protect the front end of your site. You can also white list pages so that they are still accessible without entering the site password. You can also set any page you want to be the \"enter your password\" screen. This is supposed to be a super simple plug, let me know if you want any features added.

Plugin sends notifications by email after successful and failed login actions with detailed information about the user and his location.

This plugin is very useful as for administrators of WordPress websites and for the users. It sends notifications about successful and failed login actions. If someone wants to hack or bruteforce the passwords of your users or administrator password, you will get full information about the attacker. It will show you IP address, Browser and Location (city and country) of the hacker. If hacker is lucky and he got your password, you will get notification about it. What you need to do, just change the password. Without this plugin hackers can use your accounts for a long time and you will not know about it. Doesn’t allow to the hackers to use your accounts and passwords. Main features: Easy to install, easy to use. Does not require extra configuration. Catches successful and failed login actions. Sends notifications to the administrator by email or by Telegram Messenger to your mobile. Shows Date/Time of access action, Browser, IP address, Location (City, Country). Please note this plugin uses 3rd party service http://api.ipinfodb.com (IP geolocation API)

RapID Secure Login (RapID-SL) is a simple and convenient authentication plugin.

RapID Secure Login (RapID-SL) is a simple and convenient authentication replacement for Clef. Enjoy hassle-free and secure user login to WordPress websites and blogs. RapID-SL combines simplicity with a great user experience, removing the need for vulnerable and inconvenient usernames and passwords. Benefits 2FA with unrivalled ease of use. Up and running in a couple of minutes. A great alternative to Clef, with the added advantage of not relying on an external authentication service. Doesn’t rely on vulnerable and clumsy SMS one-time passwords. Use a second phone or tablet as a backup. Simple “scan and fingerprint” interface – no need to type anything. Fast sign-up to blogs and websites. Features Easy log-in with your phone: simply scan a QR code using your phone, then provide a fingerprint or PIN – never need complex personal details or passwords again. Enterprise-grade cybersecurity technology, using 2048-bit cryptography, trusted by governments and corporations worldwide. Direct mobile browser login too – simply tap the on screen QR code for a prompt. Easy install: no coding or special knowledge required. Customized logon screens supported via simple WordPress “shortcodes”. Automatic login to multiple sites from multiple devices. Download on Google Play Download on iTunes Service Platform Requirements Minimum WordPress version: 4.5 Minimum PHP version: 5.2.4 Minimum OpenSSL version: 1.0.2

Security Safe is a free wp security plugin. Features: Firewall With Logs and Charts Disable XML-RPC.php Hide WordPress CMS Version Hide Script Versions Make Website Anonymous During Updates Enable Au...

tomatic Core, Plugin, and Theme Updates Disable Editing Theme Files Audit & Fix File Permission Audit Hosting Software Versions Login Security Brute Force Protection Content Copyright Protection 404 Error Logging Turn On/Off All Security Policies Easily

Get Bulletproof Security for your WordPress site. WordPress security plugin packed with comprehensive Firewall, malware scanner, cleaner & more.

Instant WordPress Malware Removal at 25% of the Industry Cost. Detects Complex Malware Others Plugins Frequently Miss Check out more MalCare customer testimonials from here. With it’s smart “Cloud Scan”, MalCare’s malware scanner will never impact your website performance nor overload your server. Ever. Clean your malware in less than 60 seconds. Our safe malware removal technology ensures that your website never breaks. MalCare comes with an inbuilt smart and powerful Firewall for real-time protection from Hackers and bots. It is the simplest WordPress Security plugin that doesn’t need any technical knowledge. You can get set and ready in just 50 secs. The brands you trust, trust MalCare to keep them safe. MalCare is trusted by Intel, Dolby True HD, CodeinWP, Site Care, WP Curve, Valet, among others. It is a perfect security solution for developer and agencies as it comes with all the tools you need to manage multiple websites from Website Management, White Label Solution, and Custom & Scheduled Reporting. Learn more about MalCare from here. MalCare in Numbers 200,000+ Sites Scanned and counting 250,000+ Successful Malware Removals 330GB Largest site Scanned 10,000+ Web hosts Compatibility Five Star Support Benefits of Using MalCare as Your Go-to Security Solution 1. Scanner That NEVER Slows Down Your Website No Server Overload. Ever. Scan website for vulnerabilities Consistent Scanning Practices Early Malware Detection 2. Fix a Hacked Website in less than 60 Seconds Fully Automated Malware Removal Unlimited Cleanups at No Additional Cost Cleans Complex Unknown Malware Support Always on Your Side 3. Real-time Protection from our Smart Firewall CAPTCHA-based Login Protection IP Blocking on a Global Level 4. Inbuilt WordPress Website Hardening Disable File Editor Protect Uploads Folder Change Security Keys Disallow Plugins 5. Single, Site Management Dashboard Perform WordPress Core, Theme, Plugin Updates Invite Team Members for Efficient Collaboration Exclusive White-label Solution to Grow Revenues Beautiful and Comprehensive Client Reporting 6. MalCare is a “Service,” Not just a Security Plugin Always Improving & Adding Features Unlike Plugins Our Support Has Your Back, Always Independent Dashboard Offers 24X7 Access to Backups Why Choose MalCare Security Services? Set up & Running in Just 60 Secs – Get started in no time. Log in. Auto-Install. And that’s it! Unlimited Scan and Cleanup – With MalCare Security Service, clean-up is automatic and at the click of a button, with no downtime. Detects Malware Missed by Other Plugins – Our proprietary algorithm identifies even the most complex malware and security hacks, without any false-positives. No Technical Knowledge Needed – Automated workflows that ensure everything you need is only a click away. Personal Support for Everyone – Agile & Responsive Customer Support that caters to Everyone. Difference Between Free & Paid MalCare Security Service? MalCare Security Service has a free version and a premium version. We’ll scan your site with our Scanner and protect your website with our Firewall in the free MalCare version. The paid version includes Cleaning a Hacked Site, Website Hardening, Website Management, White-Labeling, Client Reporting, and taking Regular Backups. Kindly take a look at our security feature pages for more details. To learn more, please take a look at MalCare free vs premium page.

Dessky Security is the ultralight plugin for basic Security Hardening. It is specially designed not to drain any resources from your website. Once you enable all major security measures your input is no longer required. Features include upload directory restriction, disabling of plugin/theme editor, admin username check and more. This plugin was developed by Dessky. Premium Support Unfortunately Dessky team does not provide support for the Dessky Security on the WordPress.org forums. In order to get support from a Dessky Team you will have to purchase it here. Bug Reports Bug reports for the Dessky Security plugin are welcomed on WordPress.org Forums. Dessky Team will respond only to the posts that are properly qualified as bugs and fix them as soon as possible. Credits: Dessky Security is based on the ‘Sucuri WordPress Security’ plugin developed by Daniel Cid.

XO Security is a plugin to enhance login related security.

XO Security is a plugin to enhance login related security. This plugin does not write to .htaccess file. Nginx also works. Functions Record login log. Limit login attempts. Login Alert. Add Captcha to the login form and comment form. Change the URL of the login page. (WordPress multisite subdomain type is not supported). Disable login by mail address. Change login error message. Disable XML-RPC and XML-RPC Pingback. Disable REST API. Change REST API URL prefix. Disable author archive page. Remove comment author class of comments list. WordPress multisite support.

Requires PHP: 7.4 WordPress security plugin with malware scanner, IP blocking, audit logs, antivirus scans, activity logs, firewall, 2FA, brute forc

Defender is layered security for WordPress made easy. And by easy, we mean amazingly easy! No longer do you have to go through hideously complex settings and get a virtual PhD in security. Defender adds all the hardening and security tweaks you need, in minutes. 🙂 Security Tweaks Defender starts with a list of one-click hardening techniques that will instantly add layers of protection to your site. Block hackers at every level: Disable trackbacks and pingbacks – safety first Core and server update recommendations – stay on top of your systems Change default database prefix – they won’t find this Disable file editor – if they get in, they won’t get far Hide error reporting – don’t reveal your issues Update security keys – ultimate security reset Prevent information disclosure – why tell them what you have Prevent PHP execution – because it’s daaaangerous File Scans Run free scans that check WordPress for suspicious code. The Defender scan tool compares your WordPress install with the directory, reports changes and lets you restore the original file with a click. Google 2-step Verification Now you can easily join the millions of users that make their accounts safer with Google 2-Step Verification. Activate and protect your account with both your password and your phone. IP Blacklist Keep your site safe with Defender’s simple IP manager. Manually block specific IPs, import a list of banned IPs and set automated timed and permanent lockouts. Defender makes it easy to quickly block and unblock specific locations. ★★★★★ “I found other pro security plugins a bit too fiddly for my taste…I’m delighted with Defender” – KeithADV ★★★★★ “Thank you for bringing back a free and easy to use 2-Factor Authentication after Clef! Defender helps keep me aware of my sites security.” – awijasa ★★★★★ “Defender’s interface is very intuitive with warnings that are very helpful” – djohns ★★★★★ “Defender Recently blocked over 3000 attacks in one week without any noticeable impact on the website. WPMUDEV knocking it out of the park on this one.” – David Oswald Login Protection Brute force attacks are no match for Defender. Limit login attempts to stop users trying to guess passwords. Permanently ban IPs or trigger a timed lockout after a set number of failed login attempts. Login Screen Masking Defender makes it easy to move your login screen to a custom URL. Not only does login screen masking improve security, it lets you white label your login user experience and improves branding. 404 Limiter Defender detects when bots are being used to scan your site for vulnerabilities and shuts them down. The 404 limiter lets you stop the scan by detecting when a user keeps visiting pages that do not exist. Notifications and Reports Defender runs surveillance and sends notifications with information that matters. Features Available in Defender Include: Google 2-Step Verification One-click site hardening and security tweaking WordPress core file scanning and repair Login Screen Masking IP Blacklist manager and logging Unlimited file scans Timed Lockout brute force attack shield for login protection 404 limiter for blocking vulnerability scans IP lockout notifications and reports Defender can take care of all your security needs, for free! However, if you’d like extra scanning, audits and monitoring, you can always take the next step with Defender Pro. About Us WPMU DEV is a premium supplier of quality WordPress plugins and themes. For premium support with any WordPress related issues you can join us here: https://premium.wpmudev.org/ Don’t forget to stay up to date on everything WordPress from the Internet’s number one resource: WPMU DEV Blog Hey, one more thing… we hope you enjoy our free offerings as much as we’ve loved making them for you!

Security plugin to protect website with firewall and antivirus scanner, brute force security monitor, life system security monitor

Security, Antivirus, Firewall – S.A.F. Security plugin of the website it’s key to your safety and calmness. Protect your website from hackers attacks and spammers. Powerful tools with smart algorithms, simple interface and very effective action protect files on your server from any kind of malwares and vulnerabilities themes and plugin. S.A.F. plugin work in background to protect your entire website and every single part of your website. S.A.F. scan all plugins, themes and core files in background as result you get full reports and detailed logs. S.A.F. notfiy you multiply ways all security threats and attacks attempts. S.A.F. most powerfull security tool for wordpress with multi site functionality support. Scan files system, healing infected files, protect your website from brute force attacks it’s a main goals of S.A.F. Security, Antivirus, Firewall – S.A.F. Modules Live System Monitor (System Log) Antivirus Cloud Antivirus Monitor Security Email Report Firewall (Network Monitor) Brute Force Monitor 404 Detector Easy Password Google Captcha Auto Update Cron Scheduler WordPress info Security, Antivirus, Firewall – S.A.F. Features Brute force security protection Antivirus files security scanner Cloud antivirus security module Protect website from spammers Protect backend from attacks Detection of vulnerable plugins/themes Malware security scanner Advanced admin security notification DD0S attacks protection Files permission check Antivirus security scanning Multi site security support Daily, weekly, monthly security report Security, Antivirus, Firewall – S.A.F. Functionality Details Live System Monitor (System Log) Security system monitor show you all events related with all security modules. You can simple control everything what’s happening in your system. System security monitor collect details of all changes in system including another security modules. You can see detailed log of every single change. You always know what’s happening with your website you wouldn’t miss any illegal activity. This security module will show all brute force security module notifications, malware detection by file system security monitoring modules and much more. Security Email Report With email security report you can stay informed about status of all security modules on your website. You can schedule daily, weekly or monthly report period and select time when you with to send security reports. In security report you’ll get detailed information about all security issues, attacks and security events on your website. Report have antivirus report, brute force attacks security report, firewall bans report, network monitor security report, 404 detection security report, google captcha report. Firewall (Network Monitor) Firewall security module protect your website from intrusions and hacker attacks. Network monitoring detect attacks and ban IP’s of the attacker. Firewall provide wide range of security settings for monitoring process and banned IP’s management. Ban manager provide few security modes for temporary and permanent ban attackers IP’s. Brute Force Monitor With brute force security protection module you can limit number of attempts for failed logins. IP of the hacker will be blocked when brute force attacks will be detected by this S.A.F. module. In settings section you can customize lock time, amount of brute force attemts for the first and second time of the brute force detection. Brute force attacks detection module also include admin notifications settings. S.A.F. provide you multi step brute force security notification after first attepmt of brute force attack Ip of the attacker will be blocked for some configured amount of time. After second brute force attack attemt you can define different lock time. Smart security monitoring of the brut force attacks it’s really important. Brute force detection will help to protect your website in time. Antivirus Antivirus security module protect your website from infection and heal already infected files in the case if it’s already happened. Our antivirus security module implemented based on unique 2 level viruses control. On the first level our antivirus scan your server files and detect all infection cases. Second level scan files with online cloud antivirus service, which use more then 50 most powerful antivirus software to scan your files on Cloud. All process optimized to save resources of your system and for detection malware and viruses the best way. With our double stage algorithm any malware and viruses have no chance to survive. All security process of scanning is fully automatic and do not require any special skills. Cloud Antivirus Monitor Cloud antivirus security monitor provide you full control and all details of results of scanning with cloud antivirus. Here you control all results, you can make some action to infected files on your server. You’ll have all reports for all scans, infection and healing cases. It’s not require any additional action from your side, but here you’ll have more advanced tools and reports if you need it. 404 Detector Hackers are always looking for vulnerabilities on your site that can be exploited. Some of these vulnerabilities can be found by scanning of the content on the front end of the website. Such links research will be detected by 404 security detector module. Here you’ll see list of such action and you get access to ban tools. Easy Password Simple password it’s one of the most common security problems. Do not use simple passwords and protect your website from simple passwords of another users. Using strong passwords lowers overall risk of a security breach. The rate at which an attacker can submit guessed passwords to the system is a key factor in determining system security. We have also brute force monitor to protect system from such guessing. Google Captcha Very effective module to protect your website against spammers and bots. Implemented with multi site mode support. With this tools you get reliable protection of your admin section from bots and spammers. Google reCaptcha uses advanced risk analysis engine and adaptive CAPTCHAs to keep bots from engaging in abusive activities on your site. Auto Update Keep your site up to date to stay safe and secured. Auto update module provide you easy tool to enable updates of your wordpress update core files, plugins and themes installed on your website. All screepts, even wordpress core files, third-party plugins and themes may potentially be vulnerable to different type of attacks. Making sure you always have the newest versions of WordPress, all plugins and themes installed on your website minimizes the risk to be hacked. Keep everything up to date to protect your website and your information. Cron Scheduler Build in cron scheduling tasks for all security checks and scans. Every security scanning activity could be planned insettings of every module and Cron scheduler run all this tasks in planned time frame. Security Report Our security report module include all cases which was detected. In report settings you can configure frequency of security reports and time when exactly do you wish to generate reports. In security report configuration section you can also change subject of the report email. Control security of your website with all this security modules of S.A.F. When you enable every security module make sure that you change settings to configure it for your need. Security of your website depend of your settings. Detection of every not nessesery activity , like : brute force attacks, malware detection or other security problems fully depend of configurations of every single module.

Requires PHP: 7.4 Tests security issues, malware & warns of dangerous plugins. Detailed report on your site security & how to secure it. Get

In over 7 years Security Ninja has helped thousands site owners like you to feel safe. Run 50+ security tests in an instant & discover issues you didn’t even know existed. Help yourself now with Ninja’s simplicity & ease of use. Automatically block 600 million bad IPs with one click! Security Ninja PRO Cloud Firewall will help you stay one step ahead of bad guys by using the collective know-how of millions of attacked sites, and ban bad guys before they even open your site. Test the plugin now on Security Ninja site or give us a shout on Twitter @WebFactoryLtd. perform 50+ security tests with one click Security Ninja does not make any changes – it’s your site, you have full control check your site for security vulnerabilities, issues & holes take preventive measures against attacks don’t let script kiddies hack your site prevent 0-day exploit attacks optimize and speed-up your database every test is explained, documented and instructions provided on how to fix problems tests include: brute-force attack on user accounts to test password strength numerous installation parameters tests file permissions version hiding 0-day exploits tests debug and auto-update modes tests database configuration tests Apache and PHP related tests WP options tests more tests are coming with every update complete list of tests: Check if WordPress core is up to date Check if automatic WordPress core updates are enabled Check if plugins are up to date Check if there are deactivated plugins Check if active plugins have been updated in the last 12 months Check if active plugins are compatible with your version of WP Check if themes are up to date Check if there are any deactivated themes Check if full WordPress version info is revealed in page’s meta data Check if readme.html file is accessible via HTTP on the default location Check the PHP version Check the MySQL version Check if server response headers contain detailed PHP version info Check if expose_php PHP directive is turned off Check if user with username “admin” and administrator privileges exists Check if “anyone can register” option is enabled Check user’s password strength with a brute-force attack Check for display of unnecessary information on failed login attempts Check if database table prefix is the default one Check if security keys and salts have proper values Check the age of security keys and salts Test the strength of WordPress database password Check if general debug mode is enabled Check if database debug mode is enabled Check if JavaScript debug mode is enabled Check if display_errors PHP directive is turned off Check if WordPress installation address is the same as the site address Check if wp-config.php file has the right permissions (chmod) set Check if install.php file is accessible via HTTP on the default location Check if upgrade.php file is accessible via HTTP on the default location Check if register_globals PHP directive is turned off Check if PHP safe mode is disabled Check if allow_url_include PHP directive is turned off Check if plugins/themes file editor is enabled Check if uploads folder is browsable by browsers Test if user with ID “1” and administrator role exists Check if Windows Live Writer link is present in pages’ header data Check if wp-config.php is present on the default location Check if MySQL server is connectable from outside with the WP user Check if EditURI link is present in pages’ header data Check if TimThumb script is used in the active theme Check if the server is vulnerable to the Shellshock bug #6271 Check if the server is vulnerable to the Shellshock bug #7169 Check if admin interface is delivered via SSL Check if MySQL account used by WordPress has too many permissions Test if a list of usernames can be fetched by looping through user IDs on http://siteurl.com/?author={ID} Security Ninja PRO has seven additional modules: Cloud Firewall, Core Scanner, Malware Scanner, Auto Fixer, Database Optimizer, Events Logger & Scheduled Scanner. They provide an all-in-one security solution for any site. With premium support and continuous updates Security Ninja PRO is a perfect tool to keep your site safe. See what the PRO version offers What others say about the plugin WPExplorer Tutorials 7 WP Loop Bitcatcha WebHostingSecretRevealed License info jQuery Cookie Plugin, Copyright 2013 Klaus Hartl jQuery.ScrollTo, Copyright 2007-2012 Ariel Flesler

Helps secure your site against hacking attacks through detecting User Enumeration

Even if you are careful and set your blogging nickname differently from your login id, if you are using permalinks it only takes a few seconds to discover your real user name. This plugin stops user enumeration dead (like in use by WPSCAN), and additionally it will log an event in your system log so you can use (optionally) fail2ban to block the probing IP directly at your firewall, a very powerful solution for VPS owners to stop brute force attacks as well as DDoS attacks. Since WordPress 4.5 user data can also be obtained by API calls without logging in, this is a WordPress feature, but if you don't need it, this plugin will restrict that too.

Donate link: https://bungeshea.com/donate/ Combat spam registrations for a BuddyPress-powered site using Google's reCAPTCHA

Important: Since version 2.0, this plugin now requires at least PHP 5.3. Please ensure you are running the latest available version of PHP on your server. This plugin adds Google’s reCAPTCHA to the BuddyPress registration page and WordPress login page to prevent bots from registering and keep your site free from spam registrations. reCAPTCHA is “tough on bots, easy on humans”: while it is increbianle effective on preventing bots from registering, most of the time all the user needs to do to verify themselves is simply check a box. After installing this plugin, you will need to register your site with Google (requires a Google account) and enter the site key and secret key on the Settings > BuddyPress > Options admin menu. If you would prefer not to use Google’s service, there is an alternative security check method also available; see below; Prior to version 2.0, a less effective security check method was used where the user needed to answer simple math sum before registering. This method is still available, and can be turned on on the Settings > BuddyPress > Options menu. You can learn more at the plugin’s website, or on GitHub Translations Thanks to the awesome work of the following translators, this plugin can be used in these languages: Indonesian thanks to Jordan Silaen from ChameleonJohn.com Russian thanks to Howard Steele from SuperbWebsiteBuilders.com Swedish thanks to Thord D. Hedengren French thanks to Frédérick Baldo Serbo-Croatian thanks to Andrijana Nikolic from WebHostingGeeks and Ogi Djuraskovic from FirstSiteGuide.com Spanish thanks to Renato Alves Hungarian thanks to Laszlo Espadas Brazilian Portuguese thanks to Renato Alves Danish thanks to Andreas Bjørn Hassing Nielsen Italian thanks to Nicole Curioni Belarusian thanks to Natasha from uStarCash If you have a translation to contribute, please sent it through to me by email or on GitHub.

SecureSubmit allows merchants to take PCI-Friendly Credit Card payments on WooCommerce using Heartland Payment Systems Payment Gateway.

This plugin provides a Heartland Payment Systems Gateway addon to the WooCommerce plugin using our SecureSubmit card tokenization library. Features of SecureSubmit: Only two configuration fields: public and secret API key Simple to install and configure Tokenized payments help reduce PCI Scope Enables credit card saving for a friction-reduced checkout How do I get started? Get your Certification (Dev/Sandbox) Api Keys by creating an account on https://developer.heartlandpaymentsystems.com/SecureSubmit/

Prevent brute force logins on your WordPress site with Google's reCAPTCHA.

This plugin prevents brute force logins on your WordPress website by adding Google’s easy to use reCAPTCHA to the login form.