=== 🛡️ Ultimate Security - Complete WordPress Protection Without the Complexity === Contributors: programmelab Tags: Security, IP restriction, country restriction, firewall Requires at least: 5.4 Tested up to: 6.8.2 Requires PHP: 7.0 Stable tag: 1.0.2 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html All-in-one WordPress security: 2FA, brute force protection, session control, IP blocking, site hardening and more == Description == Stop hackers before they even knock on your door. Ultimate Security transforms your WordPress site into a fortress. https://www.youtube.com/watch?v=g8qy4Ayr1Ko 🚨 The Problem Every WordPress Site Faces Did you know that 90,000 WordPress sites are hacked every minute? Most security plugins either overwhelm you with complexity or lock essential features behind expensive paywalls. You shouldn't have to choose between security and simplicity. ✅ The Solution: Ultimate Security Ultimate Security is a WordPress security plugin that gives you website-level protection with beginner-friendly controls. Built by WordPress professionals who were tired of bloated, subscription-based alternatives. ✨ Set up complete protection in under 3 minutes ✨ Zero ongoing costs—own your security forever ✨ Your data stays on YOUR server ✨ Modular design—activate only what you need ✨ Performance-optimized—won't slow down your site ✅ Login Fortress - Stop Brute Force Attacks Cold - Smart rate limiting blocks attackers after failed attempts - Two-factor authentication (2FA) adds military-grade security - CAPTCHA stops bots without annoying users - Implement Cloudflare Turnstile with the easiest configuration - Login URL masking hides your admin area completely - Session Control Center - Know Who's In Your House ✅ Take command of every active session on your site: - Real-time session monitoring shows who's logged in right now - One-click session termination kicks out suspicious users instantly - Automatic session timeouts log out inactive users ✅ Access Shield - Your Digital Bouncer: - Control who gets in and who stays out: - IP allowlisting for trusted team members - Custom access rules for ultimate flexibility - WordPress Hardening - Close Every Back Door ✅ Eliminate common attack vectors with one-click hardening: - Disable common WordPress weak spots to prevent attacks - Restrict API to protect privacy of your site - Block user enumeration to hide usernames - A full suite of recommendations to get you started - Security Intelligence - Knowledge is Power ✅ Stay informed with comprehensive logging and reporting: - Visual dashboard shows WordPress status in real-time - Detailed activity logs track every security event - Email alerts for critical security incidents 📊 Results from Our Users "After installing Ultimate Security, brute force attempts dropped to my longshot." - Sarah M., Agency Owner "Finally, a security plugin that doesn't require you to be a developer to configure." - Mike T., Small Business Owner "The session management alone is worth it." - Jennifer K., E-commerce Manager 🚀 Quick Start Guide - Installation (2 minutes) - Upload the plugin files to /wp-content/plugins/ultimate-security - Activate the plugin through the 'Plugins' menu - Navigate to Ultimate Security in your admin menu - Configure the security settings as per your requirements 🔐 Whether you're a beginner or a seasoned admin, this plugin gives you a modular, lightweight, and privacy-first way to take back control of your site's security. 💬 Need Help? Got a question? Need help using the plugin? Ask your questions directly in the plugin support section. --- 🔗 External Services Disclosure Cloudflare Turnstile What is sent: The visitor’s Turnstile response token and your site’s secret key. When it’s sent: Only when a user submits a form protected by Turnstile (login, registration, comment, etc.). Service used: Cloudflare Turnstile Verification API — https://challenges.cloudflare.com/turnstile/v0/siteverify Data sent: Token string and secret key; Cloudflare may record the visitor’s IP address, user‑agent, and behavioural signals per their policy. Privacy Policy: https://www.cloudflare.com/privacypolicy/ Google reCAPTCHA What is sent: The visitor’s reCAPTCHA response token and your site’s secret key. When it’s sent: Only when a user submits a form protected by reCAPTCHA. Service used: Google reCAPTCHA API — https://www.google.com/recaptcha/api/siteverify Data sent: Token string and secret key; Google may collect device, browser, and usage data as described in their policy. Privacy Policy: https://policies.google.com/privacy Privacy Policy The restricted IP information is stored on your server. No information is transmitted to third parties or remote server locations. == Installation == 1. Upload the plugin files to the /wp-content/plugins/ directory, or install the plugin through the WordPress plugins screen directly. 2. Activate the plugin through the ˜Plugins™ screen in WordPress. 3. Go to the dashboard -> "Ultimate Security" and you will find the customization options. 4. Customize the configuration options and apply the settings. == Frequently Asked Questions == = What is Ultimate Security? Ultimate Security is a WordPress plugin that allows website admins to easily configure website security best practices. = Will this slow down my site? No. Ultimate Security is performance-optimized and adds less than 0.1s to page load times. Most users see no measurable impact. = Is it compatible with my theme/plugins? Yes. We've tested with 100+ popular themes and plugins. The modular design means you can disable any feature that conflicts. = Do I need technical knowledge Not at all. The setup wizard handles everything. Advanced users can dive into detailed configurations, but it's not required. = What about updates and support? We provide support via WordPress.org forums. = Can I use this on client sites? Absolutely. No license restrictions. Use on unlimited sites. = Is Ultimate Security compatible with WooCommerce? Ultimate Security is tested to work effectively with WooCommerce and its features. While we aim for complete compatibility, if you encounter any issues, our support team is available to assist you. = Can I use it alongside Wordfence or Sucuri? = Yes, but you should disable duplicate modules (e.g., rate‑limiting) to prevent double blocking. = How do I regain access if locked out by the firewall? = Via SSH or file manager (FTP/sFTP) of your WordPress site, deactivate the plugin, or rename the plugin folder. == Screenshots == == Changelog == = 1.0.0 = * Initial release. = 1.0.1 = * Fixed multiple with our security settings * Bug fixes * UI and UX improvements