=== SecurelyWP – all-in-one security === Contributors: mdashar, securelywp Tags: security, hardening, vulnerability scanner, captcha, system details, wordpress protection, security headers Requires at least: 5.0 Tested up to: 6.8.2 Stable tag: 1.0.6 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html SecurelyWP is a simple security plugin that protects your WordPress site right after activation—no setup needed for most features. It instantly secures your site with powerful features, scans for risks, adds CAPTCHA protection, and shows your site’s information in dashboard. == Description == SecurelyWP is a hassle-free security plugin that makes your WordPress site safer the moment you activate it. Most features work out of the box, with optional CAPTCHA configuration for enhanced form protection. It includes strong security features, a vulnerability scanner, system details, security headers, and CAPTCHA integration to keep your site secure and healthy. Why Choose SecurelyWP? * Works Out of the Box: Most security features activate automatically upon installation. * Comprehensive Protection: Guards against hacking, malicious files, and form spam. * Lightweight: Designed to run smoothly without affecting your site’s speed or performance. * Free Features: Includes vulnerability scanner, system details, security headers, and CAPTCHA to monitor and protect your site. == Features == * **Hide WordPress Version** - Why: Stops hackers from targeting weaknesses in your WordPress version. - Impact: Good protection with no effect on your site’s appearance. * **Disable PHP Execution in Uploads Folder** - Why: Prevents harmful scripts from running if someone uploads a malicious file. - Impact: Strong defense against file-based attacks. * **Prevent User Enumeration** - Why: Blocks hackers from guessing usernames through sneaky methods. - Impact: Keeps your user list safe from prying eyes. * **Detect & Warn About “admin” Username** - Why: Alerts you if your site uses the risky “admin” username. - Impact: Big security boost if you change the username. * **Disable File Editing in Dashboard** - Why: Stops anyone from modifying your site’s code through the WordPress dashboard. - Impact: Major safeguard against unauthorized code changes. * **Force HTTPS for Login & Admin** - Why: Ensures your login and admin pages use a secure connection. - Impact: Critical for keeping your credentials safe. * **Basic Brute Force Protection (Lite)** - Why: Temporarily blocks repeated failed login attempts. - Impact: Strong protection against login attacks. * **Vulnerability Scanner** - Why: Checks your plugins, themes, and WordPress core for known security issues. - Impact: Helps you find and fix risks before hackers exploit them. * **System Details** - Why: Shows important info about your site to monitor its health. - Impact: Keeps you informed about your site’s status. * **Security Headers** - Why: Adds HTTP headers to improve your site’s security. - Impact: Strengthens your site’s defense with minimal setup. * **CAPTCHA Protection (Cloudflare Turnstile)** - Why: Adds CAPTCHA to prevent spam and bot submissions. - Impact: Enhances form security with user-friendly CAPTCHA. **Supported Forms, Plugins & Multisite for CAPTCHA:** - Core WordPress: Login, Registration, Lost Password, Comment - E-commerce & Membership: WooCommerce Checkout, MemberPress, Ultimate Member, WP-Members - Form Plugins: WPForms, Gravity Forms, Contact Form 7 (CF7), Formidable Forms, Forminator, Elementor Pro, Easy Digital Downloads (EDD), Mailchimp for WordPress - Community / Forums: BuddyPress, bbPress - Multisite: Multisite Signup Forms == How to Set Up CAPTCHA with Cloudflare Turnstile == 1. **Sign Up for Cloudflare:** Go to https://www.cloudflare.com/ and create a free account or log in. 2. **Add Your Site:** Click "Add a Site" in the dashboard and enter your domain. 3. **Access Turnstile:** Navigate to the "Turnstile" section in the Cloudflare dashboard. 4. **Create a Turnstile Widget:** - Click "Add Widget" - Provide a name (e.g., "SecurelyWP CAPTCHA") - Add Hostnames (Enter your domain name, e.g., example.com) → Click "Add" - Scroll down and choose the newly created hostname, then click "Add" - Choose the widget type ("Managed") 5. **Get Your Keys:** Copy the Site Key and Secret Key provided by Cloudflare. 6. **Add Keys to SecurelyWP:** Go to SecurelyWP > CAPTCHA Settings in WordPress → paste keys → enable CAPTCHA for desired forms. 7. **Test Your CAPTCHA:** Visit a form to ensure the CAPTCHA widget appears and works correctly. == Installation == 1. **Download and Install:** - Go to "Plugins" > "Add New," search for "SecurelyWP," click "Install Now" and "Activate." - Or upload the plugin ZIP file via "Plugins" > "Add New" > "Upload Plugin." 2. **Automatic Protection:** Most features start protecting your site immediately upon activation. 3. **Optional CAPTCHA Setup:** Go to SecurelyWP > CAPTCHA Settings and add your Cloudflare Turnstile site and secret keys. 4. **Check Dashboard:** Visit "SecurelyWP" to view site health, scan for risks, or configure CAPTCHA settings. == Frequently Asked Questions == = Do I need to configure anything after installing SecurelyWP? = Most features work automatically. For CAPTCHA, add Cloudflare Turnstile site and secret keys. = Will this plugin slow down my site? = No, SecurelyWP is lightweight and won’t affect performance. = Does it work with my theme or other plugins? = Yes, SecurelyWP works with any theme and most plugins, including all supported forms listed above for CAPTCHA integration. = What if my site doesn’t have HTTPS? = "Force HTTPS" requires an SSL certificate. Other features work fine without HTTPS. = How often does the vulnerability scanner run? = It runs automatically in the background and can be checked anytime from the SecurelyWP menu. = Can I use SecurelyWP on a multisite? = Yes, including multisite signup forms for CAPTCHA. = Where do I get Cloudflare Turnstile keys? = Sign up at Cloudflare, add your site, and create a Turnstile widget. See "How to Set Up CAPTCHA" above. == Screenshots == 1. **Dashboard:** Overview of your site’s security status, including CAPTCHA protection. 2. **Vulnerability Scanner:** View scan results to identify and fix risks. 3. **System Details:** Clear report of your site’s version, themes, and more. 4. **Security Headers:** Overview of active HTTP security headers. 5. **CAPTCHA Settings:** Configure Cloudflare Turnstile and enable CAPTCHA for forms. == Changelog == = 1.0.6 = * Added CAPTCHA Protection feature using Cloudflare Turnstile for forms (login, registration, comments, WooCommerce, and more). = 1.0.5 = * Added Security Headers feature with industry-standard HTTP headers enabled by default. = 1.0.4 = * Added Hide WordPress Version * Added Disable PHP Execution in Uploads Folder * Added Prevent User Enumeration * Added Detect & Warn About “admin” Username * Added Disable File Editing in Dashboard * Added Force HTTPS for Login & Admin * Added Basic Brute Force Protection * Added Vulnerability Scanner * Added System Details * Major features released