Descripción
WordPress security is essential to protect your website from hackers and malicious attacks. Without proper security measures, your site can be vulnerable to data breaches, spam, and unauthorized access. A well-secured WordPress site ensures that your content, user data, and website functionality remain safe from threats.
This plugin boosts your WordPress security with several key features:
- Security Headers: Adds extra layers of protection by sending security headers with each page load.
- Change WP Login Error Message: Hides whether the username or password is incorrect, preventing hackers from easily guessing your login details.
- Disable WP REST API: Stops unauthorized access to your site’s data by disabling the REST API for non-logged-in users.
- Disable XML-RPC: Blocks XML-RPC functionality to prevent brute force attacks and unauthorized access.
- Disable Right-Click: Adds a basic level of protection against copying your site content by disabling right-clicking.
- Disable Ctrl+C, Ctrl+X, Ctrl+V, Ctrl+A: It will disable these shortcuts, preventing copying of site content.
- Email Alerts on Login: Sends the site admin an email alert every time someone logs into the WordPress dashboard.
- Change Default WP-Login URL: Customize your WordPress Login Page URL to any name instead of the default ‘wp-admin.’
Special Feature:
If you’re locked out of your WordPress Dashboard (e.g., forgot the custom login URL), you can deactivate the plugin using a special URL. This allows you to regain access without needing to log in to cPanel or FTP.
Tutorial video
If you want to learn more about how this plugin works, please check our website – ideastocode.com.
External services
This plugin connects to an API to obtain the IP address and country name, which are required to display the details when someone logs in to your WordPress dashboard.
It sends the logged-in user’s IP address and country information when they log in. If you are using WP Login Email Alerts, you are giving consent to use this service.
This service is provided by ipapi (ipapi.co): Terms of Service
Instalación
Improve Website Security can be installed directly on your website.
- Log in to your site’s dashboard, i.e., /wp-admin.
- Then go to Plugins Add New.
- Search for Improve Website Security or ideasToCode.
- Locate the Improve Website Security & click on Install Now.
- Activate the plugin Navigate to Settings.
Preguntas frecuentes
-
Can the Improve Website Security be used with all themes?
-
Yes, you can use this plugin with any theme. We have tested it with popular themes such as Enfold, Avada, Elementor page builder, Astra, Divi, and more, and it works perfectly.
-
How to check if the Security Headers have been added to the site?
-
Please review your website at Security Headers. Turn on the feature in the plugin, and you will get an A+ score.
-
Why is my Security Header score different on other sites?
-
This is because this plugin does not add all the Content Security Policies (CSP). Some CSPs are very tricky and can break the site, so only a basic level of CSP has been added. This ensures safety while allowing the site to function properly. It doesn’t block every script or URL.
-
What is “Change WP Login Error Message”?
-
When you try to log in to your WordPress site (wp-admin) and enter the wrong username or the correct username with the wrong password, WordPress, by default, shows whether the password is incorrect or the username doesn’t exist. This can be a security risk, as it reveals information to attackers. With this plugin, the error message displayed is “Incorrect Username or Password,” so hackers can’t tell if the username was correct.
-
How to check if WP REST API has been disabled?
-
First, open your website in a new browser and check the URL yoursiteurl.com/wp-json. If you see a lot of information, it means the API is enabled. After enabling the plugin, check the same URL, and you should see an error message hiding everything. Make sure you are checking in incognito mode or another browser, as the plugin will not affect logged-in users.
-
How to check if xmlrpc.php is enabled or disabled?
-
Simply go to yourwebsite.com/xmlrpc.php. If you see the message “XML-RPC server accepts POST requests only,” it means it is enabled. After disabling this option in the plugin, this link will either show nothing, display a “page not found” error, or another type of error.
-
What is the “Disable Right Click” feature?
-
This feature adds a basic level of protection. Anyone trying to right-click on your site will not be able to do so. Also, this method is not 100% secure for copying content or images, but it does provide a simple level of protection for less tech-savvy users.
-
What is the “Disable Ctrl+C, Ctrl+X, Ctrl+V, Ctrl+A:” feature?
-
With this enabled, site visitors cannot use these keyboard shortcuts, thus protecting the site’s content. Again, please note this is not a 100% solution for content protection, but it does restrict many users from easily stealing the content.
-
What is “Email Alerts on Login”?
-
This feature sends an email to the admin (only) whenever someone accesses your WordPress dashboard. The email includes the username, country, IP address, and time of the login attempt.
-
Why didn’t I receive an email alert on login?
-
This could be due to the configuration on your website. Please install the WP Mail SMTP plugin and check if it’s working properly. You can Check this tutorial video if it’s not working.
-
How to change wp-admin default login URL?
-
It is very easy to change the default login with this plugin. Simply go to the tab Change Login URL and add any SecretKey, which could be a text or numbers you want to use for login. You can then access the dashboard with yoursite.com/SecretKey or yoursite.com/wp-admin?SecretKey or yoursite.com/wp-login?SecretKey.
-
Why isn’t /SecretKey working?
-
One of the reasons for it not working could be the Permalinks settings. Make sure the permalinks are not set to Plain. Additionally, make sure to clear the cache of your site. And we recommend using wp-login?SecretKey as this should always work. The last option, if you cannot access your site, is by using the Plugin Deactivation feature.
-
What is the “Plugin Deactivation URL” feature?
-
This feature allows you to deactivate your plugin. It can be extremely useful, especially if you have forgotten your customized login URL. Please note, after the plugin is deactivated, you can log back into your site with the default login URL wp-admin and then reset the login URL. A new deactivation URL will be generated every time you deactivate and activate the plugin. This is for safety because, in case anyone finds out about your deactivation URL, we do not want it to be misused.
Reseñas
Colaboradores y desarrolladores
Este software es de código abierto. Las siguientes personas han contribuido a este plugin.
ColaboradoresTraduce “Improve Website Security” a tu idioma.
¿Interesado en el desarrollo?
Revisa el código, echa un vistazo al repositorio SVN o suscríbete al registro de desarrollo por RSS.
Registro de cambios
1.0.0
- Initial release.