WordPress Security Plugins

Enable easily HSTS on your website.

Protects your login, xmlrpc and RSS feeds pages against DDoS attacks. Denies access to your site from certain countries via CloudFlare.

WP-WebAuthn enables passwordless login through FIDO2 and U2F devices like Passkey, FaceID or Windows Hello for your site.

Require certain users to change their passwords on a regular basis.

Lock Down Admin plugin secure your WordPress admin panel. It locks the wp-admin url and if this plugin is activated then user can't login in the …

Get instant protection against vulnerabilities disclosed by security companies.

An advanced security plugin that blocks website visitors by country, with additional features like blacklisting, logging blocked attempts, admin bypas …

This plugin blocks detected attackers or displays them a captcha to check they are not bots.

Activate automatic updates or weekly notifications for the site.

This plugin is for logging users' activities. You can check anytime who and what has changed.

A reimagining of WordPress authentication using modern security practices.

Protect your WordPress site: firewall, bot & brute-force protection, anti-spam, multi-layer CAPTCHA, optional cloud threat intel.

Create central "Enter your password" page and the password entered determine which page the user sees next.

Add a layer of security and prevent your login name from being shown in the author archive's URL.

Stop installing 7 plugins! WPOrLogin is the All-in-One Suite: Custom Login Design, Social Login (Google), Hide Login URL, Limit Attempts & reCAPTCHA.

Prevent bots from creating accounts by blacklisting domains and usernames and present people with a human friendly security question.

Plugin for configuring Content Security Policy headers for your site. Allows different CSP headers for admin, logged inn frontend and regular visitors

Staatic lets you create and deploy a streamlined static version of your WordPress site.

Malware scanning & removal, website hardening, patching vulnerabilities, real-time protection against online attacks, blacklist monitoring in a click!

Enabling this plugin allows you to set up Basic authentication on your admin page using your WordPress user name and password.

Block IPs in your gravity forms

Remove all WordPress methods from the XML-RPC API to increase security.

Hardens and protects your site by locking down login, REST API, XML‑RPC, file editor, and applying HTTP security headers.

All things Cloudflare (caching, flexible SSL, Turnstile, settings, rules, analytics, media in R2, image transforms [AVIF, WebP], secure admin area).

This plugin blocks all unauthorized and irrelevant requests through query strings and provides extended session tracking and capability audit.

REST XML-RPC Data Checker allow to check JSON REST and XML-RPC API requests and grant access permissions.

Use Cloudflare's free geolocation service to restrict access to your site's login page.

Manage all your WordPress sites in one place - updates, uptime, backups & security.

A complete WordPress security firewall: blocks IPs, bots & countries. Includes an intelligent WAF, Threat Scoring, Geo-Challenge, 2FA, and Anti-Sp …

WebAuthn authentication provider for Two Factor plugin.

Disable default WordPress registration page, remove register link and stop registration spam, without disabling user registration.

Restrict the usernames, email addresses, characters and symbols or email from specific domain names or language in registration ...

Monitor traffic and ban unwanted visitors. Block any user or IP address so they can't access your site.

Disables password strength enforcement in WooCommerce.

An authentication framework that handles authorization/communication with most popular web services.