{"id":222131,"date":"2025-03-22T19:00:05","date_gmt":"2025-03-22T19:00:05","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/ultimate-security\/"},"modified":"2026-05-19T21:17:24","modified_gmt":"2026-05-19T21:17:24","slug":"ultimate-security","status":"publish","type":"plugin","link":"https:\/\/cn.wordpress.org\/plugins\/ultimate-security\/","author":23331565,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.20","stable_tag":"1.0.20","tested":"6.9.4","requires":"5.8","requires_php":"8.1","requires_plugins":null,"header_name":"Ultimate Security","header_author":"wpultimatesecurity","header_description":"Ultimate Security plugin for Your Site","assets_banners_color":"b2a99b","last_updated":"2026-05-19 21:17:24","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/www.wpultimatesecurity.com","header_plugin_uri":"https:\/\/www.wpultimatesecurity.com","header_author_uri":"https:\/\/www.wpultimatesecurity.com\/","rating":0,"author_block_rating":0,"active_installs":10,"downloads":2051,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"programmelab","date":"2025-05-12 18:41:17"},"1.0.1":{"tag":"1.0.1","author":"programmelab","date":"2025-07-24 07:38:15"},"1.0.10":{"tag":"1.0.10","author":"wpultimatesecurity","date":"2025-09-08 12:52:29"},"1.0.11":{"tag":"1.0.11","author":"wpultimatesecurity","date":"2025-09-10 20:22:17"},"1.0.12":{"tag":"1.0.12","author":"wpultimatesecurity","date":"2025-09-16 11:06:42"},"1.0.13":{"tag":"1.0.13","author":"wpultimatesecurity","date":"2025-11-17 14:00:45"},"1.0.14":{"tag":"1.0.14","author":"wpultimatesecurity","date":"2025-11-24 20:56:38"},"1.0.15":{"tag":"1.0.15","author":"wpultimatesecurity","date":"2025-12-08 17:28:06"},"1.0.16":{"tag":"1.0.16","author":"wpultimatesecurity","date":"2025-12-22 18:32:32"},"1.0.17":{"tag":"1.0.17","author":"wpultimatesecurity","date":"2026-02-18 10:05:50"},"1.0.18":{"tag":"1.0.18","author":"wpultimatesecurity","date":"2026-05-05 21:40:30"},"1.0.19":{"tag":"1.0.19","author":"wpultimatesecurity","date":"2026-05-11 21:19:41"},"1.0.2":{"tag":"1.0.2","author":"programmelab","date":"2025-07-29 07:46:25"},"1.0.20":{"tag":"1.0.20","author":"wpultimatesecurity","date":"2026-05-19 21:17:24"},"1.0.3":{"tag":"1.0.3","author":"programmelab","date":"2025-07-30 12:37:08"},"1.0.4":{"tag":"1.0.4","author":"programmelab","date":"2025-08-11 18:46:22"},"1.0.5":{"tag":"1.0.5","author":"programmelab","date":"2025-08-14 09:01:05"},"1.0.6":{"tag":"1.0.6","author":"programmelab","date":"2025-08-18 19:38:10"},"1.0.7":{"tag":"1.0.7","author":"wpultimatesecurity","date":"2025-08-25 19:11:42"},"1.0.8":{"tag":"1.0.8","author":"wpultimatesecurity","date":"2025-09-01 19:15:34"},"1.0.9":{"tag":"1.0.9","author":"wpultimatesecurity","date":"2025-09-02 09:22:37"}},"upgrade_notice":[],"ratings":[],"assets_icons":{"icon-128x128.gif":{"filename":"icon-128x128.gif","revision":3344476,"resolution":"128x128","location":"assets","locale":"","width":1024,"height":1024},"icon-256x256.gif":{"filename":"icon-256x256.gif","revision":3344476,"resolution":"256x256","location":"assets","locale":"","width":512,"height":512}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3537964,"resolution":"1544x500","location":"assets","locale":"","width":3088,"height":1000},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3537964,"resolution":"772x250","location":"assets","locale":"","width":1544,"height":500}},"assets_blueprints":{"blueprint.json":{"filename":"blueprint.json","revision":3537984,"resolution":false,"location":"assets","locale":"","contents":"{\"$schema\":\"https:\\\/\\\/playground.wordpress.net\\\/blueprint-schema.json\",\"landingPage\":\"\\\/wp-admin\\\/admin.php?page=ultimate-security#\\\/\",\"preferredVersions\":{\"php\":\"8.1\",\"wp\":\"latest\"},\"features\":{\"networking\":true},\"login\":true,\"plugins\":[\"ultimate-security\"],\"siteOptions\":{\"blogname\":\"Ultimate Security Demo\",\"blogdescription\":\"Security Plugin by WP Ultimate Security\",\"permalink_structure\":\"\\\/%postname%\\\/\"},\"meta\":{\"title\":\"Ultimate Security Demo\",\"description\":\"Try the Ultimate Security WordPress plugin inside WordPress Playground.\",\"author\":\"WP Ultimate Security\",\"categories\":[\"security\",\"plugin\"]},\"steps\":[{\"step\":\"installPlugin\",\"pluginData\":{\"resource\":\"wordpress.org\\\/plugins\",\"slug\":\"ultimate-security\"},\"options\":{\"activate\":true}}]}"}},"all_blocks":[],"tagged_versions":["1.0.0","1.0.1","1.0.10","1.0.11","1.0.12","1.0.13","1.0.14","1.0.15","1.0.16","1.0.17","1.0.18","1.0.19","1.0.2","1.0.20","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9"],"block_files":[],"assets_screenshots":{"Screenshot-1.png":{"filename":"Screenshot-1.png","revision":3397281,"resolution":"1","location":"assets","locale":"","width":2400,"height":1800},"Screenshot-2.png":{"filename":"Screenshot-2.png","revision":3397281,"resolution":"2","location":"assets","locale":"","width":2400,"height":1800},"Screenshot-3.png":{"filename":"Screenshot-3.png","revision":3397281,"resolution":"3","location":"assets","locale":"","width":2400,"height":1800},"Screenshot-4.png":{"filename":"Screenshot-4.png","revision":3397281,"resolution":"4","location":"assets","locale":"","width":2400,"height":1800},"Screenshot-5.png":{"filename":"Screenshot-5.png","revision":3397281,"resolution":"5","location":"assets","locale":"","width":2400,"height":1800},"Screenshot-6.png":{"filename":"Screenshot-6.png","revision":3397281,"resolution":"6","location":"assets","locale":"","width":2400,"height":1800},"Screenshot-7.png":{"filename":"Screenshot-7.png","revision":3397281,"resolution":"7","location":"assets","locale":"","width":2400,"height":1800},"Screenshot-8.png":{"filename":"Screenshot-8.png","revision":3397281,"resolution":"8","location":"assets","locale":"","width":2400,"height":1800}},"screenshots":[]},"plugin_section":[262246],"plugin_tags":[2439,362,1229,600,1909],"plugin_category":[54],"plugin_contributors":[246206],"plugin_business_model":[],"class_list":["post-222131","plugin","type-plugin","status-publish","hentry","plugin_section-dashboard-widgets","plugin_tags-brute-force","plugin_tags-captcha","plugin_tags-login-security","plugin_tags-security","plugin_tags-two-factor-authentication","plugin_category-security-and-spam-protection","plugin_contributors-wpultimatesecurity","plugin_committers-wpultimatesecurity"],"banners":{"banner":"https:\/\/ps.w.org\/ultimate-security\/assets\/banner-772x250.png?rev=3537964","banner_2x":"https:\/\/ps.w.org\/ultimate-security\/assets\/banner-1544x500.png?rev=3537964","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/ultimate-security\/assets\/icon-128x128.gif?rev=3344476","icon_2x":"https:\/\/ps.w.org\/ultimate-security\/assets\/icon-256x256.gif?rev=3344476","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/ultimate-security\/assets\/Screenshot-1.png?rev=3397281","caption":""},{"src":"https:\/\/ps.w.org\/ultimate-security\/assets\/Screenshot-2.png?rev=3397281","caption":""},{"src":"https:\/\/ps.w.org\/ultimate-security\/assets\/Screenshot-3.png?rev=3397281","caption":""},{"src":"https:\/\/ps.w.org\/ultimate-security\/assets\/Screenshot-4.png?rev=3397281","caption":""},{"src":"https:\/\/ps.w.org\/ultimate-security\/assets\/Screenshot-5.png?rev=3397281","caption":""},{"src":"https:\/\/ps.w.org\/ultimate-security\/assets\/Screenshot-6.png?rev=3397281","caption":""},{"src":"https:\/\/ps.w.org\/ultimate-security\/assets\/Screenshot-7.png?rev=3397281","caption":""},{"src":"https:\/\/ps.w.org\/ultimate-security\/assets\/Screenshot-8.png?rev=3397281","caption":""}],"raw_content":"<!--section=description-->\n<h4>WORDPRESS SECURITY PLUGIN \u2014 PROTECTION WITHOUT THE COMPLEXITY<\/h4>\n\n<p>Automated bots probe WordPress logins and forms around the clock. Ultimate Security shuts that down \u2014 with two-factor authentication, brute-force lockouts, anti-spam CAPTCHA, a hidden login URL, session controls, and security maintenance tools \u2014 all from a clean dashboard you do not need to be a security expert to run.<\/p>\n\n<p>\ud83d\udee1\ufe0f <strong>Lightweight. Privacy-first. No bloat.<\/strong><\/p>\n\n<h4>Why Ultimate Security?<\/h4>\n\n<ul>\n<li><strong>It just works.<\/strong> Sensible defaults out of the box \u2014 turn it on, you are safer in minutes.<\/li>\n<li><strong>Built for real attacks.<\/strong> Stops the automated login, brute-force and spam traffic that actually hits WordPress sites.<\/li>\n<li><strong>Zero learning curve.<\/strong> Plain-English settings, a Test Mode to preview rules before they go live.<\/li>\n<li><strong>Privacy-respecting.<\/strong> No tracking, no data collection. Pro features are clearly labelled.<\/li>\n<\/ul>\n\n<h4>\ud83d\udd10 Login &amp; Two-Factor Authentication<\/h4>\n\n<ul>\n<li><strong>Two-Factor Authentication (2FA)<\/strong> \u2014 Email one-time codes <strong>and<\/strong> authenticator apps via TOTP\/HOTP.<\/li>\n<li><strong>Per-user 2FA with role-based configuration options<\/strong> \u2014 Let users enable 2FA and configure which roles should use email or app-based 2FA.<\/li>\n<li><strong>Brute-force login lockout<\/strong> \u2014 Limit failed attempts, auto-lock offenders, auto-reset retries, block specific users, and keep a recovery URL for emergencies.<\/li>\n<li><strong>Custom login URL<\/strong> \u2014 Hide <code>wp-admin<\/code> \/ <code>wp-login.php<\/code> behind a secret address so bots cannot find it.<\/li>\n<li><strong>Strong password policies<\/strong> \u2014 Enforce length, complexity, expiry and password history.<\/li>\n<li><strong>Session control<\/strong> \u2014 Limit concurrent logins per user and harden auth cookies.<\/li>\n<\/ul>\n\n<h4>\ud83e\udd16 Bot &amp; Brute-Force Protection<\/h4>\n\n<ul>\n<li><strong>Anti-spam CAPTCHA<\/strong> \u2014 Google reCAPTCHA v2\/v3 <strong>and<\/strong> Cloudflare Turnstile.<\/li>\n<li><strong>Form coverage<\/strong> \u2014 Protect WordPress login, registration and lost-password forms; Turnstile also supports comment forms; WooCommerce login\/register forms are supported when enabled.<\/li>\n<li><strong>No-conflict mode<\/strong> \u2014 Plays nicely alongside other CAPTCHA setups.<\/li>\n<\/ul>\n\n<h4>\ud83e\uddf1 Security Maintenance &amp; Controls<\/h4>\n\n<ul>\n<li>Rotate WordPress security keys \/ salts on demand.<\/li>\n<li>Use the Update Manager to control WordPress core, plugin and theme update behavior.<\/li>\n<li>Connect Cloudflare and deploy configurable WAF rule groups from the dashboard.<\/li>\n<li>Review a basic Security Score with prioritized security checks.<\/li>\n<li>Advanced hardening toggles, API privacy filtering and scheduled salt rotation are available in Pro.<\/li>\n<\/ul>\n\n<h4>\ud83d\udcca Monitoring &amp; Tools<\/h4>\n\n<ul>\n<li><strong>Login Activity snapshot<\/strong> \u2014 Review recent successful and failed login activity from the dashboard.<\/li>\n<li><strong>Basic Security Score<\/strong> \u2014 See a scored security posture based on enabled protections.<\/li>\n<li><strong>Site Health snapshot<\/strong> \u2014 WordPress\/PHP versions, memory, active plugins and theme at a glance.<\/li>\n<li><strong>Test Mode<\/strong> \u2014 Simulate security rules and review what <em>would<\/em> have been blocked before enforcing.<\/li>\n<li><strong>Settings backup &amp; restore<\/strong> \u2014 Export\/import your configuration as JSON for migrations or disaster recovery.<\/li>\n<\/ul>\n\n<p>\ud83d\udc49 <strong><a href=\"https:\/\/www.wpultimatesecurity.com\">Check Out \u00bb<\/a><\/strong><\/p>\n\n<h3>External Services<\/h3>\n\n<p>This plugin connects to the following third-party services, and only when you explicitly enable the related feature:<\/p>\n\n<h4>Google reCAPTCHA<\/h4>\n\n<ul>\n<li>When: reCAPTCHA CAPTCHA protection is enabled.<\/li>\n<li>Data sent: the visitor's reCAPTCHA response token and your site secret key.<\/li>\n<li>Endpoint: https:\/\/www.google.com\/recaptcha\/api\/siteverify<\/li>\n<li>Terms: https:\/\/policies.google.com\/terms \u2014 Privacy: https:\/\/policies.google.com\/privacy<\/li>\n<\/ul>\n\n<h4>Cloudflare Turnstile<\/h4>\n\n<ul>\n<li>When: Cloudflare Turnstile CAPTCHA protection is enabled.<\/li>\n<li>Data sent: the visitor's Turnstile response token and your site secret key.<\/li>\n<li>Endpoint: https:\/\/challenges.cloudflare.com\/turnstile\/v0\/siteverify<\/li>\n<li>Terms: https:\/\/www.cloudflare.com\/website-terms\/ \u2014 Privacy: https:\/\/www.cloudflare.com\/privacypolicy\/<\/li>\n<\/ul>\n\n<h4>WordPress.org Secret-Key (Salt) API<\/h4>\n\n<ul>\n<li>When: you request rotation of WordPress security keys\/salts.<\/li>\n<li>Data sent: a request for randomly generated salt strings (no site or user data).<\/li>\n<li>Endpoint: https:\/\/api.wordpress.org\/secret-key\/1.1\/salt\/<\/li>\n<li>Privacy: https:\/\/wordpress.org\/about\/privacy\/<\/li>\n<\/ul>\n\n<h4>WordPress.org Core Version Check<\/h4>\n\n<ul>\n<li>When: the Update Manager checks for available WordPress core updates.<\/li>\n<li>Data sent: a standard WordPress core version-check request (no user data).<\/li>\n<li>Endpoint: https:\/\/api.wordpress.org\/core\/version-check\/1.7\/<\/li>\n<li>Privacy: https:\/\/wordpress.org\/about\/privacy\/<\/li>\n<\/ul>\n\n<h4>Cloudflare API<\/h4>\n\n<ul>\n<li>When: you connect Cloudflare or deploy\/view WAF rules.<\/li>\n<li>Data sent: Cloudflare credentials\/token, selected zone\/rule data, and Cloudflare API requests needed for verification, deployment and analytics.<\/li>\n<li>Endpoint: https:\/\/api.cloudflare.com\/client\/v4\/<\/li>\n<li>Terms: https:\/\/www.cloudflare.com\/website-terms\/ \u2014 Privacy: https:\/\/www.cloudflare.com\/privacypolicy\/<\/li>\n<\/ul>\n\n<!--section=installation-->\n<p><strong>Requirements:<\/strong> WordPress 5.8+ and PHP 8.1+. HTTPS is strongly recommended for 2FA and secure sessions.<\/p>\n\n<ol>\n<li>In WordPress, go to <strong>Plugins \u2192 Add New<\/strong> and search for \"WPUltimateSecurity\".<\/li>\n<li>Click <strong>Install Now<\/strong>, then <strong>Activate<\/strong>.<\/li>\n<li>Open the <strong>Ultimate Security<\/strong> menu and follow the setup flow.<\/li>\n<\/ol>\n\n<h4>Quick Start<\/h4>\n\n<h4>Recommended first 5 minutes<\/h4>\n\n<ol>\n<li>Enable <strong>2FA<\/strong> for all administrator accounts.<\/li>\n<li>Set <strong>login attempt limits<\/strong> and a lockout duration.<\/li>\n<li>Add <strong>CAPTCHA<\/strong> (reCAPTCHA or Cloudflare Turnstile) to the login, registration and comment forms.<\/li>\n<li>Set a <strong>custom login URL<\/strong> and save it somewhere safe.<\/li>\n<li>Review the <strong>Security Score<\/strong>, <strong>Site Health<\/strong> and <strong>Test Mode<\/strong> before enabling stricter rules.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"will%20this%20slow%20down%20my%20site%3F\"><h3>Will this slow down my site?<\/h3><\/dt>\n<dd><p>It is built to stay lightweight \u2014 security checks run on login and form submission, not on every page view.<\/p><\/dd>\n<dt id=\"do%20i%20need%20any%20technical%20or%20coding%20knowledge%3F\"><h3>Do I need any technical or coding knowledge?<\/h3><\/dt>\n<dd><p>No. Defaults are safe out of the box and every setting is in plain English with a guided setup flow.<\/p><\/dd>\n<dt id=\"i%20enabled%202fa%20%2F%20a%20custom%20login%20url%20and%20locked%20myself%20out.%20how%20do%20i%20get%20back%20in%3F\"><h3>I enabled 2FA \/ a custom login URL and locked myself out. How do I get back in?<\/h3><\/dt>\n<dd><p>Disable the plugin to restore default login: via FTP\/SFTP rename the folder <code>\/wp-content\/plugins\/ultimate-security<\/code>, or over SSH\/WP-CLI run <code>wp plugin deactivate ultimate-security<\/code>. Then log in and reconfigure.<\/p><\/dd>\n<dt id=\"does%20it%20work%20with%20woocommerce%3F\"><h3>Does it work with WooCommerce?<\/h3><\/dt>\n<dd><p>CAPTCHA and login protection cover WooCommerce login and registration forms where enabled. Checkout CAPTCHA is not currently part of the verified free feature set.<\/p><\/dd>\n<dt id=\"does%20it%20work%20on%20wordpress%20multisite%3F\"><h3>Does it work on WordPress Multisite?<\/h3><\/dt>\n<dd><p>Yes, it runs on Multisite. Network-wide behaviour depends on how you configure it per site.<\/p><\/dd>\n<dt id=\"does%20the%20custom%20login%20url%20work%20with%20caching%20%2F%20cdns%3F\"><h3>Does the custom login URL work with caching \/ CDNs?<\/h3><\/dt>\n<dd><p>Yes. Exclude the login path from full-page caching (most caching plugins do this for login\/admin automatically) so the secret URL is never served from cache.<\/p><\/dd>\n<dt id=\"will%20it%20conflict%20with%20other%20security%20or%20captcha%20plugins%3F\"><h3>Will it conflict with other security or CAPTCHA plugins?<\/h3><\/dt>\n<dd><p>It can if two plugins do the same job. Pick one plugin per function (one 2FA, one CAPTCHA, one login limiter) and disable the overlapping feature in the other.<\/p><\/dd>\n<dt id=\"is%20my%20data%20private%3F%20does%20the%20plugin%20track%20me%20or%20phone%20home%3F\"><h3>Is my data private? Does the plugin track me or phone home?<\/h3><\/dt>\n<dd><p>No telemetry, no tracking, no usage data collection. It only contacts third-party services you explicitly enable (see External Services below).<\/p><\/dd>\n<dt id=\"is%20it%20gdpr-friendly%3F\"><h3>Is it GDPR-friendly?<\/h3><\/dt>\n<dd><p>Yes. The plugin is self-hosted and stores its data in your own database. The only outbound calls are the optional services you turn on (reCAPTCHA, Turnstile, WordPress.org salt API).<\/p><\/dd>\n<dt id=\"what%20happens%20to%20my%20data%20when%20i%20uninstall%3F\"><h3>What happens to my data when I uninstall?<\/h3><\/dt>\n<dd><p>You control whether plugin data is removed on uninstall via the plugin's settings.<\/p><\/dd>\n<dt id=\"what%20is%20the%20difference%20between%20free%20and%20pro%3F\"><h3>What is the difference between Free and Pro?<\/h3><\/dt>\n<dd><p>Free covers core protection: Email\/App 2FA, brute-force lockout, CAPTCHA, custom login URL, password policies, session limits, manual salt rotation, update controls, basic Security Score, Cloudflare WAF rules, Site Health, Test Mode and backup\/restore. Pro adds will add more advanced security features once it is released.<\/p><\/dd>\n<dt id=\"how%20do%20i%20get%20support%3F\"><h3>How do I get support?<\/h3><\/dt>\n<dd><p>Use the plugin support forum on WordPress.org, or visit https:\/\/www.wpultimatesecurity.com.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.20<\/h4>\n\n<ul>\n<li>New: Improved Session Management settings including concurrent login limits, session cookie hardening and more,<\/li>\n<li>New: Cloudflare Turnstile and reCAPTCHA CAPTCHA verifcation when applying their respective keys.<\/li>\n<li>Improvement: Cloudflare WAF rules function improvement.<\/li>\n<li>Improvement: Code optimization and performance improvements.<\/li>\n<\/ul>\n\n<h4>1.0.19<\/h4>\n\n<ul>\n<li>Fix: 2FA User role was not working properly.<\/li>\n<li>Fix: Login activity dashboard modal was showing wrong agent.<\/li>\n<li>Improvement: Better user friendly Server Protection Card Design<\/li>\n<li>Improvement: Code cleanup and optimization.<\/li>\n<\/ul>\n\n<h4>1.0.18<\/h4>\n\n<ul>\n<li>New: One-click Cloudflare WAF rules apply<\/li>\n<li>New: New Modal for Login activity with detailed information.<\/li>\n<li>Improvement: Code cleanup and optimization<\/li>\n<li>Fix: Login redirected URL was showing exisiting login for password reset<\/li>\n<\/ul>\n\n<h4>1.0.17<\/h4>\n\n<ul>\n<li>Fix: Minor bug fixes and stability improvements<\/li>\n<li>Improvement: Code cleanup and optimization<\/li>\n<\/ul>\n\n<h4>1.0.16<\/h4>\n\n<ul>\n<li>Improvement: Code improvements to the ovearll plugin making it snappier.<\/li>\n<\/ul>\n\n<h4>1.0.15<\/h4>\n\n<ul>\n<li>Improvement: Conflict management between applied settings.<\/li>\n<li>Improvement: UI improvements to existing settings pages. Making it more intuitive to use.<\/li>\n<li>Fix: Multiple bug fixes to dashboard. You should get more accurate results now.<\/li>\n<li>Fix: New deactivation URL was not saving after deactiviting-activating plugin.<\/li>\n<\/ul>\n\n<h4>1.0.14<\/h4>\n\n<ul>\n<li>Fix: Email 2FA codes were not being sent properly<\/li>\n<li>Fix: 2FA code page flickering effect after login<\/li>\n<\/ul>\n\n<h4>1.0.13<\/h4>\n\n<ul>\n<li>New: Completely redesigned user interface for better usability<\/li>\n<\/ul>\n\n<h4>1.0.12<\/h4>\n\n<ul>\n<li>New: Security Score meter to track your site's security level<\/li>\n<li>Improvement: Enhanced modal design for better UI\/UX<\/li>\n<\/ul>\n\n<h4>1.0.11<\/h4>\n\n<ul>\n<li>Fix: Minor UI bug fixes<\/li>\n<\/ul>\n\n<h4>1.0.10<\/h4>\n\n<ul>\n<li>Security: Removed unauthenticated AJAX actions<\/li>\n<li>Security: REST routes now require admin permission<\/li>\n<\/ul>\n\n<h4>1.0.9<\/h4>\n\n<ul>\n<li>Fix: Dashboard emergency deactivation URL display issue<\/li>\n<\/ul>\n\n<h4>1.0.8<\/h4>\n\n<ul>\n<li>Improvement: Human-readable values in activity log<\/li>\n<li>Improvement: Reduced plugin size with optimized code<\/li>\n<li>Fix: 2FA reset issue for users<\/li>\n<li>Fix: Password policy not applying to new users<\/li>\n<\/ul>\n\n<h4>1.0.7<\/h4>\n\n<ul>\n<li>New: Activity Log feature<\/li>\n<li>New: Improved dashboard design<\/li>\n<li>Fix: Nonce validation issues<\/li>\n<li>Fix: Turnstile not showing on comment forms<\/li>\n<\/ul>\n\n<h4>1.0.6<\/h4>\n\n<ul>\n<li>Fix: Custom login setup issues<\/li>\n<li>Fix: Email 2FA asking for OTP twice<\/li>\n<li>Fix: Feedback form email delivery<\/li>\n<li>Improvement: Reorganized menu navigation<\/li>\n<li>Improvement: Performance optimizations<\/li>\n<\/ul>\n\n<h4>1.0.5<\/h4>\n\n<ul>\n<li>Fix: Request logs page display issue<\/li>\n<li>Fix: URL Guard SQL query display<\/li>\n<li>Improvement: Performance optimizations<\/li>\n<\/ul>\n\n<h4>1.0.4<\/h4>\n\n<ul>\n<li>Redesigned settings page interface<\/li>\n<\/ul>","raw_excerpt":"Block hackers, bots and brute-force attacks with 2FA, CAPTCHA, login protection, session controls, security tools and more.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/222131","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=222131"}],"author":[{"embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/wpultimatesecurity"}],"wp:attachment":[{"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=222131"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=222131"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=222131"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=222131"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=222131"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=222131"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}