Prevent hackers to sabotage your rankings in search engines.

Elude attackers that exploits your website and fight Negative SEO attacks made using WPScan and other vulnerability scanner.

An inspection engine monitors the traffic between clients and your Website, enhancing the security of your WordPress installation.

WP Security Optimizer prevents wp-login brute force attacks by monitoring invalid login attempts, block dDoS attack via pingbacks, XMLRPC attack and is able to elude vulnerability scanners; Specially designed for WPScan where it's able to induce false-positives and generate an unreadable report full of thousand wrong data.

File Integrity Check (FIC) functionality will notify the administrative user about corrupted and infected PHP files stored into "wp-admin", "wp-includes" and "uploads" folders.

Analyzing the User-Agent field in the HTTP request headers, disallow access on your Website to the most widespread penetration test and security assessment applications, including: OpenVAS, Nikto, sqlmap, commix, skipfish, whatweb and WPScan.

Useful for finding files that are actually used by developers (such of backup of WordPress's configuration), page accessible but unlinked and README files that expose version number and reveal potential vulnerabilities.

WP Security Optimizer is able to recognize common probing patterns used to look for vulnerabilities in WordPress, sending security notifications to the email address of blog administrator.

The one thing you should do is activate it using the built-in plugin manager of WordPress. WP Security Optimizer does not require any configuration. Just install it!

1.5.15

• Tweak: WordPress signatures updated

1.5.14

• Tweak: WordPress signatures updated

1.5.13

• Tweak: WPScan signatures updated

1.5.12

• Tweak: WPScan signatures updated

1.5.11

• Tweak: WPScan signatures updated
• Add: Donation feature

1.5.10

• Tweak: File Integrity Check signatures updated

1.5.9

• Tweak: File Integrity Check signatures updated

1.5.8

• Tweak: File Integrity Check signatures updated

1.5.7

• Tweak: Reporting system has been improved
• Tweak: File Integrity Check signatures updated

1.5.6

• Tweak: File Integrity Check signatures updated

1.5.5

• Add: File Integrity Check (FIC) functionality search for PHP scripts saved into "uploads" folder
• Tweak: Reporting graphs implemented

1.5.4

• Add: Switchable email alerting settings on WPScan detection
• Tweak: Directory listing protection enhanced

1.5.3

• Add: Support for HTTP and HTTPS upstream proxies for brute force attacks. The X-Forwarded-For request header help you to identify the real client IP address

1.5.2

• Add: File Integrity Check (FIC): A critical functionality for WordPress security. The administrative user will be notified about corrupted and infected PHP files stored into "wp-admin" and "wp-includes" folders

1.5.1

• Add: Filter for WhatWeb's default User-Agent

1.5.0

• Add: Prevents brute force attacks by monitoring invalid login attempts
• Add: Notifications by email on brute force attacks
• Add: Attacks Reporting Section in Control Center menu

1.4.0

• Add: Block brute force and dDoS attack via XML-RPC

1.3.2

• Tweak: Hide its 'readme' file preventing to expose own version number

1.3.1

• Fix: Fixed logo image path in Control Center menu

1.3

• Add: Control Center administration page and menu

1.2

• Add: E-mail notifications has now geolocation support to trace hacker's IP

1.1

• Tweak: Does not replace "X-Meta-Generator" header for admin users

1.0

• First public release