Security Optimizer Plugin

  • All-in-one WordPress security solution
  • Free & available for all WordPress Users
  • Developed and supported by our WordPress experts
Security Optimizer Plugin

All The Security Features Your WordPress Needs In One Place

Secure Your WordPress Essentials

Protect your site on application level from the most common attacks hackers use to get to your site. Security Optimizer helps you avoid exploits of WordPress’ basic functionality

  • Hide your WordPress Version
  • Disable Themes & Plugins Editor
  • Disable RSS & ATOM feeds
  • Delete the Readme.html
Secure Your WordPress Essentials
Advanced Protection Against Hacks

Advanced Protection Against Hacks

Stay safe from malware, exploits and other malicious attacks with the Security Optimizer plugin and embrace best security practices with a few clicks.

  • Lock and protect system folders
  • Disable XML-RPC
  • Enable advanced XSS protection

Harden Your Login Security

Secure your WordPress wp-admin panel by protecting your login from unauthorized visitors, bots and other attacks that can compromise your website.

  • Limit login access & login attempts
  • Create custom login URL
  • Enable 2FA for admin & editors
  • Disable common usernames
Harden Your Login Security
Keep A Detailed Activity Log

Keep A Detailed Activity Log

Monitor your site’s visitors, pinpoint suspicious activities and prevent malicious attacks.

  • Monitor visits, bots, login attempts
  • Understand your audience better
  • Identify brute-force attacks & other
  • Block and unblock suspicious IPs

Enable Post-hack Actions

If you believe your website was compromised, the Security Optimizer plugin can help you take action immediately and prevent further damages.

  • Reinstall All Plugins
  • Force Password Reset
  • Log Out All Users
Enable Post-hack Actions

Why is Website Security Important?

Website owners tend to think that security is a complicated matter and postpone actions until they get compromised. With the Security Optimizer plugin you are one easy plugin away from top-notch WordPress security.

Prevent Reputation Damage

Users don’t trust websites that show security warnings or have been clearly hacked. A secure site gives visitors peace of mind and creates credibility and trust.

Improve SEO Rankings

Poor website security puts SEO rankings at risk. Google and other search engines punish exploited websites with lower rankings.

Avoid Traffic & Sales Loss

Vulnerabilities in a website’s code, plugins or other core features usually result in the site becoming inaccessible, loss of traffic and drop in sales.

Unlock More Security on Our Managed WordPress Hosting

Unlock More Security on Our Managed WordPress Hosting

  • Premium hosting-level security
  • Security Optimizer plugin preinstalled
  • Amazing WordPress speed solutions
  • Powered by Google Cloud infrastructure
  • Free automated WordPress transfer
  • 24/7 Expert Support

The Only WordPress Security Plugin You Need

Frequently Asked Questions

Is the Security Optimizer plugin free to use?

Yes, our comprehensive WordPress security solution comes completely free.

Is the Security Optimizer plugin compatible with other hosts?

Yes, the Security Optimizer plugin is available to all WordPress users.

Is the Security Optimizer plugin compatible with Wordfence?

The Security Optimizer was created both with securing and performance in mind from the start. Running two security plugins will simply slow down your website.

Is the Security Optimizer plugin compatible with Jetpack?

If you’re only interested in Jetpack’s security features, feel free to use the Security Optimizer plugin instead. We do not recommend using multiple security plugins because duplication of functionality may cause issues.

With which applications does the 2FA work?

Our 2FA authentication system works only with Google Authenticator. The QR code won’t work with any other application.

Is a security plugin necessary for WordPress?

The answer depends on whether you’re willing to put in the work to secure your site manually. If you’re on board with that idea, then no. If you don’t feel like you can put in the work to secure your WordPress manually, then yes, installing an all-in-one security plugin like the Security Optimizer plugin is a must.

What are the most common attacks on WordPress?

WordPress is an overall secure software, but it's also the most widely-used one for building websites. That's what makes it a common target. The leading causes for WordPress attacks include the use of unreliable plugins, outdated software and themes, and weak passwords.

Secure Your WordPress Essentials

Hide Your WordPress Version

Often, hackers scan for specific vulnerable WordPress versions, preparing for mass attacks. Our plugin will hide your WordPress version from your site’s HTML code by default so you no longer fall under these attacks.

Disable Themes & Plugins Editor

Editing code through the WordPress plugins and themes editor poses direct security risks from potential elevation of privileges and errors made by a regular site administrator. To help you avoid that the plugin will disable the themes & plugins editor by default.

Disable RSS and ATOM Feeds

RSS and ATOM feeds allow for content scraping, when bots extract content and data from a site, which can be used in attacks on your website. You can disable this functionality with a click from the plugin’s interface.

Delete the Default Readme.html

Your readme.html file can be used by attackers to compile lists of potentially vulnerable sites which can be hacked or attacked. SiteGround’s Security plugin allows you to delete the default readme.html file that comes with your WordPress core files and contains information about your website.

Advanced Protection Against Hacks

Lock and Protect System Folders

Attackers often try inserting and executing PHP files in public folders to add backdoors and compromise your site. Security Optimizer does not forbid the upload of files, but out of the box stops PHP files and malicious scripts from being executed and causing problems for your sites.

Disable XML-RPC

The XML-RPC is an old protocol used by WordPress to talk to other systems and many are using it for exploiting vulnerabilities, starting DDOS attacks and other malicious activity. That is why our Security Optimizer plugin disables this open access line to your WordPress application by default. If you use Jetpack and/or mobile apps you may want to enable the protocol from the plugin’s interface since those are valid users of the XML-RPC protocol.

Advanced Cross-Site Scripting (XSS) Protection

The cross site script vulnerability, known as XSS, allows different apps and plugins to access information in your WordPress that they shouldn’t. By default the Security Optimizer plugin enables protection against XSS by adding headers instructing browsers not to accept JS or other code injections.

Harden Your Login Security

Login Access

By default your WordPress login page can be accessed by any IP address or in other words by anyone. With the Security Optimizer plugin you can limit the access to specific IPs or range of IPs in order to prevent brute-force attacks or malicious login attempts.

Limit Login Attempts

With the Security Optimizer plugin you can set a limit to the number of times a given user can attempt to log in to your wp-admin with incorrect credentials.

Custom Login URL

Attackers often exploit the default /wp-admin login URL for WordPress. Our security plugin allows you to customize your URL and avoid these attacks.

Two-factor Authentication for Admin & Editors Users

Two-factor authentication is one of the easiest and most secure ways to protect your data against hacking and identity theft. With Security Optimizer you will start using a second password generated by an application on your smartphone in addition to your regular username and password. The same will apply for any admin & editor users.

Disable Common Usersnames

Using common usernames like ‘admin’ often leads to unauthorized access. Our security plugin will disable the creation of common usernames by default and if you already have one or more users with a weak username, it will ask you to provide new one(s).

Keep A Detailed Activity Log

Security Optimizer Plugin Activity Log

The Activity Log page of the Security Optimizer plugin contains a log of all activity events on your website for the past 12 days. These include, but are not limited to: human visits, bot crawls, registered users activity, login attempts, and more. Monitoring the Activity Log can help you better understand your site’s audience and recognise suspicious visitors or activities.

This page logs all unknown visitors, such as bots or humans who have not authenticated as registered users of your site, registered visitors, and blocked visitors. Additionally, from this page you can block or unblock any IP you decide.

Enable Post-hack Actions

Reinstall All Free Plugins

Reinstall all free plugins you currently have installed and use the same plugin versions in order to ensure that their codebase is not compromised by any attack.

Force Password Reset

If you believe that a user’s password has been compromised, you can instantly log out all active users. Once users try to log back in, they will be asked to change their password.

Log Out All Users

With the Security Optimizer plugin you can single handedly log out all active users without asking them to change their passwords, thus preventing any user from performing any more actions on your website.