描述

WP FIREWALL

Detects and Logs Threats
Add Firewall Rules to Allow and Deny IP Addresses With Internal Notes
Historical Log of Firewall Blocks With Visual Chart

WP LOGIN SECURITY

Disable XML-RPC.php
Brute Force Protection
[Pro] Automatically Block IPs Based on Threat Score
[Pro] Priority Support

WP PRIVACY

Hide WordPress CMS Version
Hide Script Versions
Make Website Anonymous During Updates
[Pro] Make Theme Versions Private
[Pro] Make Plugin Versions Private

WP CORE, THEME, AND PLUGIN FILE SECURITY

Enable Automatic Core, Plugin, and Theme Updates
Disable Editing Theme Files
Audit & Fix File Permission
[Pro] Bulk Fix File Permissions
[Pro] Automatically Fix Theme/Plugin File Permissions

OTHER FEATURES

404 Error Logging
Content Copyright Protection
Audit Hosting Software Versions
Various Logs and Charts
Turn On/Off All Security Policies Easily
Import/Export Settings

Every WordPress security plugin becomes more complicated and bloated as more features are added. As a plugin’s code grows, it consumes more time to load, thus slowing down your website. WP Security Safe’s purpose is to protect your website from the majority of threats with minimal impact on website load time. We constantly test our load performance to ensure our features to ensure it continues to run fast and lean.

Note: Upgrade to WP Security Safe Pro to unlock advanced Pro features.

Twitter: Follow WP Security Safe
Website: WP Security Safe

LANGUAGE SUPPORT

English (default)
Spanish
Translate this plugin in your language.

Videos

屏幕截图

File Permissions
Login Attempts
Firewall Blocks

安装

Install WP Security Safe automatically or by uploading the ZIP file to your plugins folder.
Activate the WP Security Safe on the ‘Plugins’ admin page. When activated the plugin settings are initially set minimum security values.
Navigate to the Plugin Settings by clicking on the WP Security Safe menu located on the left side admin panel.
On Plugin Settings page, you will notice an icon menu at the top of the page. Navigate through all of them and review and change settings as they pertain to your site’s needs.
Test your site thoroughly. If you notice that your site is not functioning as expected, you can turn off each type of security policy (Privacy, Files, User Access, etc.) by navigating to each page and disabling the policy type. If necessary, you can disable all policy types at once on Plugin Settings page.
If you are having issues, reach out for help in the forum before leaving a review.

评价

davincileonardo 2022年12月16日 1 回复

The best security plugin I know. Awesome developer! Support gives me a lot of attention, but not to fix this plugin (it's brilliant, simple and indestructible), but other bugs on my site.Professionally.Efficiently.Nice.I highly recommend it to everyone!

Minaya 2021年10月30日

Very good

brightonseo 2021年5月7日

This plugin is going places. Very nice.

annloub 2022年5月17日 1 回复

This app has been very helpful as I navigate my way through my WordPress site. Thank you.

annon369 2020年11月10日 1 回复

Great, flawless, easy to use... We've tried a half dozen other products, most caused issues and broke some functionality. This plugin is flawless, we will be buying Pro version to support creator.

thmwordpress 2020年11月8日 1 回复

I wish all apps UI's where designed as clean and easy to use as this. This has the best set of tools to secure WP without all the nonsense... great work

阅读所有14条评价

贡献者及开发者

“WP Security Safe” 是开源软件。以下人员对此插件做出了贡献。

将“WP Security Safe”翻译成您的语言。

对开发感兴趣吗?

您可以浏览代码，查看SVN仓库，或通过RSS订阅开发日志。

更新日志

Versions Key (Major.Minor.Patch)

Major – 1.x.x increase involves major changes to the visual or functional aspects of the plugin, or removing functionality that has been previously deprecated. (higher risk of breaking changes)
Minor – x.1.x increase introduces new features, improvements to existing features, or introduces deprecations. (low risk of breaking changes)
Patch – x.x.1 increase is a bug fix, security fix, or minor improvement and does not introduce new features. (non-breaking changes)

= Version 2.5.2 (High Priority)
*Release Date – 18 Jul 2023

Security Fix: Updated SDK dependency to version 2.5.10

= Version 2.5.1 (High Priority)
Release Date – 4 May 2023

Bug Fix: The blacklist check and username blocking were firing in the wrong orders

= Version 2.5.0 (Medium Priority)
Release Date – 3 May 2023

New Feature: Automatically block common generic usernames and custom defined usernames
New Feature: Prevent the registration of a username that is on the block list
Bug Fix: Database tables were not automatically created on all active sites when the plugin was network activated or a new site was added to the network in a multisite environment
Bug Fix: Custom db tables were not the correct charset and collate
Bug Fix: Network admin plugins page displayed a link to the main site’s settings.
Bug Fix: Site admin plugins page displayed a link to a dashboard page that did not exist.
Bug Fix: If plugin settings were manually deleted via the database, the plugin would not recreate them automatically
Improvement: Better load performance with PHP 7.4 type hinting
Improvement: Updated username threat detection to use the default block list values
Improvement: There were inconsistencies with how settings were referenced throughout the code.
Improvement: Prevent plugin from loading if the minimum versions of WordPress and PHP are not installed
Improvement: Updated SDK dependency to version 2.5.7
Improvement: Updated PHP version checks
Minor Improvement: Increased Minimum PHP Version to 7.4
Minor Improvement: Increased Minimum WordPress Version to 5.3
Minor Improvement: Added Versions Key to changelog
Minor Improvement: formatting improvements to the readme.txt
NOTICE: Version 3.0 Will coming with some new features regarding user management, improved load performance, and more multisite tools.
Tested up to 6.2.0

= Version 2.4.4 (High Priority)
Release Date – 05 Apr 2022

Security: Updated SDK to version 2.4.3 due to security vulnerability
Security: Implemented escaping to prevent XSS
Warning: Upcoming Version 2.5 will require a minimum PHP 7.4 and WordPress 5.3
Improvement: Implemented centralized sanitization library for retrieval of all request variables for better reliability and consistency of sanitization
Improvement: Updated PHP version checks
Tested up to 5.9.2

Version 2.4.2 (Medium Priority)

Release Date – 06 Feb 2022

NOTICE: Upcoming Version 2.5 will require a minimum PHP 7.4 and WordPress 5.3
Security: Improved XSS escaping throughout the admin pages.
Bug Fix: The filter hooks into ‘authenticate’ were using add_action instead of add_filter
Bug Fix: Some styling on the permissions table was not getting applied correctly due to missing class
Improvement: Fix some PHP notices
Improvement: Updated PHP version checks
Tested up to: 5.9

Version 2.4.1 (Low Priority)

Release Date – 04 March 2021

Bug Fix: Pantheon Hosting: files in the uploads directory now accept 770 permissions as secure
Improvement: Removed the batch permissions dropdown and the update permissions button when no files/dirs are available to modify.

Version 2.4.0 (Medium Priority)

Release Date – 28 February 2021
Release Notes: https://wpsecuritysafe.com/changelog/version-2-4/

Added Feature: Automatically blocks IP addresses temporarily after numerous failed logins
Added Feature: Import and Export settings are now included with the free version.
Added Pro Feature: Advanced Automatic IP Blocking after numerous threats are detected.
Improvement: Fixed some PHP warnings displayed when XML-RPC requests use poorly formatted XML. Thank you Charles Suggs for reporting this.
Improvement: Adjusted cleanup script to leave allow/deny table for 3 days past expiration for more advanced threat detection.
Improvement: Allowed IPs now get exempt from nonce checks.
Improvement: Adjusted upgrade script to be more efficient with load.
Improvement: Updated file permission statuses to be error, warning, and notice versus bad, ok, good
Improvement: Adjusted Login Error handling so that the user is sent back to the login screen when the login attempt is blocked and the error is displayed.
Improvement: Fixed various PHP Warnings: Thanks John Dorner for reporting them.
Improvement: Automatically group and sort bad file permissions to the top of the file permissions table.
Improvement: Changed the 404, login, and block charts from 7 days to 30 days of data to display.
Improvement: Minor code improvements.
Improvement: Updated SDK to version 2.4.2
Improvement: Updated PHPDoc notes
Improvement: Updated PHP version checks
Bug Fix: Pantheon Hosting: directories in the uploads directory now accept 770 permissions as secure
Pro Bug Fix: Plugins files were not getting file permissions fixed after a plugin update.
Tested up to: 5.6.2

Version 2.3.2 (Medium Priority)

Release Date – 11 September 2020

Improvement: Removed feature Local Login as it was triggering false positives due to browser caching issues.
Improvement: Updated PHP version checks
Tested up to: 5.5.1

Version 2.3.1 (High Priority)

Release Date – 05 January 2020

Bug Fix: version privacy for JS files conflicted with Google Recaptcha. Thank you Lynn Appleget for reporting this bug.
Bug Fix: Plugin updates were not getting logged properly after an update.
Bug Fix: Plugin would not initialize in a multi-site network.
Bug Fix: Prevent caching of nonce for front-end login form
Bug Fix: Some 404s were getting detected before a WP redirect was happening.
Improvement: Fixed PHP Notices
Improvement: Updated PHP version checks
Improvement: PHP version comparison logic improved
Improvement: Increase performance by reducing unnecessary method calls
Improvement: Updated SDK
Tested up to: 5.4

Version 2.3.0 (Low Priority)

Release Date – 13 November 2019

Bug Fix: Administrator role was prevented from right-clicking and highlighting when these content protection features were enabled. This role should be excluded from these policies.
Bug Fix: Fixed typo which had no affect on functionality due to fallback check.
Improvement: Changed default settings to include “Make Website Anonymous” during updates and “Prevent WordPress version files from public access”.
Improvement: Minor performance enhancements
Increase PHP version requirement to match WordPress core.
Tested up to: 5.3

Version 2.2.3 (High Priority)

Release Date – 21 October 2019

Bug Fix: Local Login feature would not allow logins via front-end login forms created with wp_login_form(). Thank you @alfonsoborghi for the bug report.
Bug Fix: An admin notice was not properly counting directories with OK permissions on the Files admin page.
Bug Fix: Stats were attempting to record during system activities and thus throwing “WordPress database error Duplicate entry”
Bug Fix: Search and bulk delete on the Firewall Allow/Deny admin page would trigger false flag admin errors regarding IP validation.
Bug Fix: Sort filters on the Firewall admin page would trigger false flag admin notices.
Bug Fix: Body class was being added to every page in the admin.
Bug Fix: Duplicate policy disabled admin notices were appearing on admin pages using wp_list_table()
Security: Added nonce to reset and save settings
Security: Added nonce to add / remove Firewall rules
Improvement: Renamed nonces to prevent conflicts with other plugins
Improvement: Performance tuning to reduce function calls
Improvement: Changed default settings to include disabling XML-RPC and force Local Logins.
Improvement: Fixed a PHP Warning.
Improvement: Updated PHP version checks
Tested up to: 5.2.4

Version 2.2.2 (Medium Priority)

Release Date – 09 September 2019

Bug Fix: Cron cleanup scripts were failing.
Improvement: Fixed two PHP errors.

Version 2.2.1 (Medium Priority)

Release Date – 05 September 2019

Updated Feature: The local login feature was improved to be more reliable.
Bug Fix: The local login feature was causing server errors on Pantheon servers. Thanks FullSteam Labs for the bug report.
Bug Fix: The blacklist check was not functioning properly.
Bug Fix: The sidebar was appearing on tabs that were full width of the screen.
Bug Fix: The charts would not load in a local development environment without an active internet connection.
Bug Fix: Fixed minor styling anomalies when viewing admin in Spanish
Pro Bug Fix: File corrupt error displayed if imported settings already matched the current settings.
Improvement: Added more i18n language support.
Improvement: The form that adds an IP to the firewall is more user-friendly
Improvement: Added ability to make notes when manually adding IPs to the firewall
Improvement: Fixed some minor PHP notices.
Improvement: Added ‘Status’ column and filter to Firewall page.
Improvement: Added additional information to the ‘Details’ column.
Improvement: Converted the Firewall page to include all detected threats
Improvement: Added Spanish Translations
Improvement: Updated logo and minor styling
Improvement: Updated PHP version checks
Security: Added additional sanitization for logging
Tested with ManageWP Version 4.9.1
Tested up to: 5.2.3

Version 2.1.1 (Medium Priority)

Release Date – 15 July 2019

Bug Fix: Session handling conflicted with some admin features in oddball scenarios
Improvement: Fixed a PHP Warning

Version 2.1.0 (Medium Priority)

Release Date – 15 July 2019

Bug Fix: WP Cron activities were not recording to activity log (Only visible in debug mode)
Bug Fix: Charts do not display properly until an entry has been initially added to stats.
Bug Fix: Styling issue with wp_table_list pagination
Bug Fix: Search field not working on log tables
Bug Fix: Admin notices would not display for policies that were disabled or if wp cron was disabled using DISABLE_WP_CRON.
Bug Fix: The admin notices were not displaying bold properly
Improvement: Fixed some PHP notices, thanks to Charles Suggs
Improvement: Excluded user roles super admin, administrator, editor, and author from text highlighting and right-click content protection while logged in
Improvement: Updated SDK
Improvement: Implemented better session handling for increased load performance
Improvement: Added more i18n language support.

Version 2.0.2 (High Priority)

Release Date – 10 June 2019

Improvement: In some outlying circumstances, the DB tables do not get created. A failsafe was added to create the tables if the insertion of a record failed.
Bug Fix: The new DB tables get created if the plugin is disabled and then enabled, but not after an update process.

Version 2.0.0 (Low Priority)