UpdraftPlus
Back up, restore and migrate your WordPress website with UpdraftPlus
Identify default ‘admin’ usernames and guide users to change them to protect against brute force attacks.
Detect cases where the display name matches the username and provide guidance to improve login security.
Block unauthorised access to URLs that can reveal sensitive information such as usernames or other details.
Prevent brute force attacks by limiting the number of failed login attempts. Choose how many login attempts are allowed, set lock out durations and more.
Automatically log out users after a specified period of time. Unattended sessions are closed, reducing the risk of unauthorised access.
Review and approve new user registrations to prevent spam and fake sign-ups.
Adds 64 extra characters to WordPress salts, rotating them weekly. Makes cracking passwords virtually impossible, even if your database is stolen.
If a user is logged in who shouldn’t be, log them out or add them to a blacklist.
Require TFA for specific user roles. Supports Google Authenticator, Microsoft Authenticator, Authy and many more.
Mandate TFA for all admins or other roles after their accounts reach a specified age.
Set TFA to be required after a certain number of days on trusted devices, instead of on every login.
Adjust the TFA design to match your website’s existing layout and branding.
Generate one-time use emergency codes to regain access if you lose your TFA device.
Ensure compatibility with WordPress multisite networks and their sub-sites for consistent TFA application.
Integrate TFA with various login forms, including WooCommerce, Affiliates-WP, Elementor Pro, bbPress, and ‘Theme my Login’ without additional coding.
Scan for insecure file permissions. Click once to fix issues and safeguard critical files and folders.
Disable editing of PHP files (such as plugins and themes) via the dashboard. It’s often the first tool that attackers use as it allows for code execution.
Prevent access to files like readme.html that might reveal information about your WordPress installation.
Get notified of any file changes which occur on your system. Exclude files and folders which change as part of normal operations.
Prevent other websites from displaying your images via hotlinking and protect server bandwidth.
Perform a database backup via UpdraftPlus from AIOS. Change the default ‘WP_’ prefix to hide your WordPress database from hackers.
Deny access to the .htaccess and wp-config.php file. Disable the server signature and limit file uploads to a configurable size. Block access to the debug.log file and prevent Apache servers from listing the contents of a directory when an index.php file is not present.
PHP firewall rules prevent malicious users from exploiting well known vulnerabilities in XML-RPC. Safeguard your content by disabling RSS and atom feeds and avoid cross-site scripting (XSS) attacks.
Block fake google bots and stop bots from making POST requests by blocking IP addresses where the user-agent and referrer fields are blank.
Employ flexible blacklist rules to reduce the number of malicious URL requests that hit your website (courtesy of Perishable Press).
Blacklist (and whitelist) IP ranges and user agents and block unauthorised access to data by disabling REST API access for non-logged in requests.
Reduce the load on your server and improve the user experience by automatically blocking spam comments from bots.
Monitor the IP addresses of people or bots leaving spam comments. Choose which ones to block or block based on a configurable number of comments left.
Detect and protect against the latest malware, trojans, and spyware.
Monitors your site for blacklisting by search engines due to malicious code.
Keep track of your website’s response time to identify and address any performance issues.
Need hands-on advice and support for malware removal? Our team of genuine cyber security experts are here to help.
Checks your website’s uptime every 5 minutes and alerts you immediately if your site or server goes down.
Receive notifications about any issues with your site so you can address problems before they escalate.
Detect hackers probing your URLs via script and bots by the 404 errors they leave behind.
Set a figure for the maximum number of 404 events allowed before an IP address is blocked. Choose a time period within which the 404 events must occur (e.g. 10 404 errors within 10 minutes)
Instantly block an IP address if a 404 event includes a specific URL string.
Prevent particular IP addresses from being permanently blocked due to 404 events.
Most malicious attacks come from a handful of countries. Block most of them through country blocking!
Useful if you’re an e-commerce site and you want to block sales to some countries for shipping or tax reasons.
Whitelist IP addresses or IP ranges even if they are part of a blocked country.
Get Smart 404 error blocking, malware scanning, premium two-factor authentication features and premium support when you need it most.
Try TeamUpdraft’s full suite of WordPress plugins.
Back up, restore and migrate your WordPress website with UpdraftPlus
Speed up and optimize your WordPress website. Cache your site, clean the database and compress images
Secure your WordPress website. Comprehensive, feature rich and easy to use
Centrally manage all your WordPress websites’ plugins, updates, backups, users, pages and posts from one location