=== Ultimate Security - Firewall, Login Security, 2FA Protection & More === Contributors: wpultimatesecurity Tags: security, firewall, two-factor authentication, login security, malware protection Requires at least: 5.8 Tested up to: 6.8.2 Requires PHP: 8.1 Stable tag: 1.0.16 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Complete WordPress security plugin with firewall, 2FA, brute force protection, login security, CAPTCHA, IP blocking, activity monitoring and more. == Description == **Ultimate Security** is a comprehensive WordPress security plugin that protects your website from hackers, brute force attacks, malware, and unauthorized access. With an easy-to-use interface and powerful security features, you can secure your WordPress site in minutes. https://www.youtube.com/watch?v=g8qy4Ayr1Ko = Why Choose Ultimate Security? = * **All-in-One Security** - Firewall, login protection, 2FA, and monitoring in one plugin * **Lightweight & Fast** - Performance-optimized, adds less than 0.1s to page load * **Privacy-First** - Your data stays on YOUR server * **Modular Design** - Enable only the features you need * **No Recurring Fees** - One-time purchase for Pro features = The WordPress Security Problem = Over 90,000 WordPress sites are hacked every day. Most attacks target: * Weak login credentials (brute force attacks) * Outdated plugins and themes * Vulnerable admin access points * Exposed WordPress configurations **Ultimate Security addresses all of these vulnerabilities.** --- == FREE FEATURES == = Two-Factor Authentication (2FA) = Add an extra layer of login security: * **Email OTP** - Receive one-time passwords via email * **Authenticator Apps** - Support for Google Authenticator, Authy, Microsoft Authenticator (TOTP/HOTP) * **2FA Overview Dashboard** - Monitor 2FA status across your site = Login Security & Hardening = Protect your WordPress login: * **Custom Login URL** - Hide wp-admin and wp-login.php from attackers * **Password Policy Enforcement** - Require strong passwords for all users * **Session Management** - Control active login sessions * **Login Attempt Limits** - Block brute force attacks automatically = Bot Protection & CAPTCHA = Stop spam and automated attacks: * **Google reCAPTCHA** - v2 and v3 support for forms * **Cloudflare Turnstile** - Privacy-friendly CAPTCHA alternative * **Apply to Multiple Forms** - Login, registration, comments, WooCommerce checkout = Firewall & Request Filtering = Monitor and block malicious requests: * **URL Guard** - Monitor all incoming requests * **Request History Logs** - Track suspicious activity * **SQL Injection Protection** - Block common attack patterns * **XSS Attack Prevention** - Filter malicious scripts = IP Address Management = Control site access by IP: * **IP Whitelist/Blacklist** - Allow or block specific IP addresses * **IP Range Support** - Block entire IP ranges * **IPv6 Support** - Full support for IPv6 addresses = WordPress Hardening = Apply security best practices: * **Security Keys Rotation** - Update WordPress salts from official API * **Update Settings Manager** - Configure auto-update behavior * **Site Health Dashboard** - Monitor WordPress security status = Monitoring & Tools = Stay informed about your site security: * **Security Score** - Track your site's security level * **Site Health Overview** - Diagnose issues quickly * **Test Mode** - Preview security rules before enforcing * **Backup & Restore** - Export/import your security settings --- == What Users Are Saying == > "After installing Ultimate Security, brute force attempts dropped to zero." - **Sarah M., Agency Owner** > "Finally, a security plugin that doesn't require a security degree to configure." - **Mike T., Small Business Owner** == Installation == = Automatic Installation = 1. Go to Plugins > Add New in your WordPress admin 2. Search for "WPUltimateSecurity" 3. Click "Install Now" then "Activate" 4. Navigate to **Ultimate Security** in your admin menu 5. Follow the setup wizard to configure your security settings = Manual Installation = 1. Download the plugin ZIP file 2. Go to Plugins > Add New > Upload Plugin 3. Choose the ZIP file and click "Install Now" 4. Activate the plugin 5. Configure settings under **Ultimate Security** menu = Quick Start (3 Minutes) = 1. **Enable 2FA** - Add two-factor authentication for admin accounts 2. **Set Login Limits** - Configure brute force protection 3. **Add CAPTCHA** - Protect forms from bots 4. **Review Security Score** - Check your security status --- == Frequently Asked Questions == = What makes Ultimate Security different from other security plugins? = Ultimate Security is designed to be lightweight, modular, and privacy-focused. Unlike bloated alternatives, you only enable what you need. Your security data stays on your server - we don't require external accounts or recurring subscriptions. = Will this plugin slow down my website? = No. Ultimate Security is performance-optimized and adds less than 0.1 seconds to page load times. Most users see no measurable impact on their site speed. = Is Ultimate Security compatible with WooCommerce? = Yes! Ultimate Security is fully tested with WooCommerce. The CAPTCHA features work on checkout and login forms, and the address blacklist helps prevent fraudulent orders. = Can I use this with other security plugins like Wordfence or Sucuri? = Yes, but we recommend disabling overlapping features to prevent conflicts. For example, if using Wordfence firewall, disable the URL Guard feature in Ultimate Security. = What if I get locked out of my site? = You can regain access by: 1. Via FTP/SFTP: Rename the `/wp-content/plugins/ultimate-security` folder 2. Via cPanel: Deactivate the plugin through File Manager 3. Via SSH: Run `wp plugin deactivate ultimate-security` = Do I need technical knowledge to use this plugin? = Not at all! The setup wizard guides you through configuration. Advanced users can access detailed settings, but it's not required for basic protection. = Can I use Ultimate Security on multiple sites? = Absolutely. The free version has no license restrictions. Use it on unlimited sites. = Does Ultimate Security protect against malware? = Ultimate Security focuses on preventing attacks through login security, firewall rules, and access control. For malware scanning and removal we are working on briging something that is AI powered. = How does the 2FA email verification work? = When enabled, users receive a one-time password (OTP) via email after entering their username and password. The OTP expires after a configurable time period for security. = Is there customer support available? = Free users can get support through the WordPress.org support forums. --- == External Services == This plugin connects to external services in specific circumstances: = Cloudflare Turnstile = * **When:** Only when Turnstile CAPTCHA is enabled and a form is submitted * **What's sent:** Response token and your site's secret key * **Service URL:** https://challenges.cloudflare.com/turnstile/v0/siteverify * **Privacy Policy:** https://www.cloudflare.com/privacypolicy/ = Google reCAPTCHA = * **When:** Only when reCAPTCHA is enabled and a form is submitted * **What's sent:** Response token and your site's secret key * **Service URL:** https://www.google.com/recaptcha/api/siteverify * **Privacy Policy:** https://policies.google.com/privacy = WordPress.org Salt API = * **When:** Only when you manually request new security keys * **What's sent:** Request for random salt strings * **Service URL:** https://api.wordpress.org/secret-key/1.1/salt/ --- == Changelog == = 1.0.16 = * Improvement: Code improvements to the ovearll plugin making it snappier. = 1.0.15 = * Improvement: Conflict management between applied settings. * Improvement: UI improvements to existing settings pages. Making it more intuitive to use. * Fix: Multiple bug fixes to dashboard. You should get more accurate results now. * Fix: New deactivation URL was not saving after deactiviting-activating plugin. = 1.0.14 = * Fix: Email 2FA codes were not being sent properly * Fix: 2FA code page flickering effect after login = 1.0.13 = * New: Completely redesigned user interface for better usability = 1.0.12 = * New: Security Score meter to track your site's security level * Improvement: Enhanced modal design for better UI/UX = 1.0.11 = * Fix: Minor UI bug fixes = 1.0.10 = * Security: Removed unauthenticated AJAX actions * Security: REST routes now require admin permission = 1.0.9 = * Fix: Dashboard emergency deactivation URL display issue = 1.0.8 = * New: IPv6 support for IP restrictions * Improvement: Human-readable values in activity log * Improvement: Reduced plugin size with optimized code * Fix: 2FA reset issue for users * Fix: Password policy not applying to new users = 1.0.7 = * New: Activity Log feature * New: Improved dashboard design * Fix: Nonce validation issues * Fix: Turnstile not showing on comment forms = 1.0.6 = * Fix: Custom login setup issues * Fix: Email 2FA asking for OTP twice * Fix: Feedback form email delivery * Improvement: Reorganized menu navigation * Improvement: Performance optimizations = 1.0.5 = * Fix: Request logs page display issue * Fix: URL Guard SQL query display * Improvement: Performance optimizations = 1.0.4 = * Redesigned settings page interface --- == Upgrade Notice == = 1.0.14 = This update fixes critical issues with Email 2FA delivery. Update recommended for all users. = 1.0.10 = Important security update. All users should update immediately.