Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner…
Premium WordPress Security - 100% FREE: Firewall, 2FA, Security Headers, Login and Malware Protection, File Monitor, Security Audit & more
5(7 reviews)
·200 active installs·Updated 6 days agoAs of April 2026, Vigilant is a WordPress 2FA plugin with 200 active installations and a 5/5 rating from 7 reviews. It has been downloaded 3.2K+ times in total. Requires WordPress 6.2+ and PHP 7.4+. Available on WordPress.org since 2026. Actively maintained — updated within the last month. Support resolution rate: 100%. Top alternative: Wordfence Security – Firewall, Malware….
5/57 reviews
200active installs
100%resolved
2 monthssince 2026
Overview
Premium Security. Zero Cost.
Vigilant provides enterprise-level WordPress security features completely free. No premium version, no upsells, no hidden features behind paywalls.
Protect your site with a complete security suite: firewall, two-factor authentication, brute force protection, security headers, file integrity monitoring, malware detection, user management, security audit logging, under attack mode and much more.
Instant Protection
Once activated, Vigilant immediately applies essential security measures:
- Firewall rules against common attacks (SQL injection, XSS, file inclusion)
- Security headers for browser protection
- Login attempt monitoring
- XML-RPC blocking
- WordPress version hiding
- Sensitive file protection (.htaccess, wp-config.php)
- Automatic backup of your existing configurat…
Screenshots
Ratings & Reviews
57 reviews
5 ★
7
4 ★
0
3 ★
0
2 ★
0
1 ★
0
Compatibility
| WordPress | 6.2+ requiredTested up to 7.0 |
| PHP | 7.4+ required |
Top Alternatives to Vigilant – 100% Free Security Suite:…
Frequently Asked Questions
Changelog
1.9.0
- Removed: Performance settings section from WP Hardening (post revisions, autosave interval, trash days, memory limit, auto updates). These are outside the scope of a security plugin and could cause conflicts with hosting configurations.
- Removed: CONCATENATE_SCRIPTS, WP_POST_REVISIONS, AUTOSAVE_INTERVAL, EMPTY_TRASH_DAYS, WP_MEMORY_LIMIT, WP_MAX_MEMORY_LIMIT, and WP_AUTO_UPDATE_CORE from wp-config.php managed constants. Vigilante no longer comments out or overwrites these constants.
- Fix: wp-config.php constants with multiple occurrences (e.g. duplicate WP_DEBUG defines) are now all properly commented. Previously only the first occurrence was handled, leaving duplicates active and causing conflicts.
- Fix: WP_DEBUG is now explicitly set to false in wp-config.php when debug mode is disabled, instead of relying on WordPress implicit defaults.
- Improved: Updated promotional banner with latest plugin and service catalog.
…and 1 more changes
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.