Really Simple Security Pro delivers essential WordPress security, without sacrificing website performance and user experience. Harden WordPress at it’s core with the proper presets. WordPress hardening effectively secures your site through a combination of security checks and security through obscurity.
Really Simple Security Pro SSL Plugin Features
- Disable ‘Anyone can register’
- Disable the built-in file editors
- Prevent code execution in the uploads folder
- Hide WordPress version
- Prevent login feedback
- Disable directory browsing
- Disable user enumeration
- Block the username ‘admin’
- Disable XML-RPC
- Prevent identical login and display names
- Disable HTTP methods
- Rename and randomize database prefix
- Change debug.log file location
- Disable application passwords
- Restrict creation of administrator roles
- Granular XML-RPC limitation
- File Permissions check
- Custom Login URL
- Convenient learning mode automates configuration
- Only allow relevant XML-RPC methods
- Be aware of early signs that your site might be compromised.
- Receive Email warnings and easily review detected changes.
- Integrated with commonly used plugins and themes.
- Email login
- Authenticator App (TOTP)
- Enforce 2FA and enable methods per user role.
- Convenient 2FA onboarding sequence via the WP login screen.
- Temporarily block IP addresses and usernames.
- Limit login possibilities to relevant geographic regions.
- Allow users to unblock themselves using a Captcha.
- Enforce strong Passwords.
- Enforce frequent password change.
- Compromised password check via Have I Been PWND.
- Scans for vulnerabilities twice a day.
- Immediately scans newly uploaded themes and plugins.
- Email warning prior to updating.
- Retries for several days for a security patch to become available.
- Deactivate and quarantines affected plugins or themes.
- Integrates with the force-update measure.
- Email notifications prior to Quarantine.
- Integrated with WordPress, plugins and themes.
- No resource-intensive scanning or WAF functionality.
- Plug and play: no manual configuration needed.
- Block unwanted bots and scans.
- Save essential server resources.
- Integrated with your Captcha provider of choice.
- Block traffic from irrelevant regions.
- Ensure that the website is always loaded over https.
- Prevent manipulation of data originating from, or sent to your website.
- Further enforce HSTS via the HSTS preload list.
- Prevent Cross Site Request Forgery (CSRF) attacks.
- Prevent Clickjacking attacks.
- Prevents ‘MIME type sniffing’.
- Instructs the browser to use the MIME type as declared by the server.
- Use learning mode to automatically configure this header.
- Even if malicious scripts are injected, the browser will not load them.
- Gain full control over the resources loaded by your website.
- Prevent leakage of possibly sensitive data via URL parameters.
- For privacy concerns you can choose not to add a referrer at all.
- Prevent misuse of browser features such as GEO location, camera, etc.
- Limit features to be used only by your domain, not by third parties.
- Advanced feature, only suitable for specific use-cases.
- Powerful isolation of information exchange between other websites.
- Requires the other party to configure CORS headers as well.
- Free Let’s Encrypt certificate generation.
- Autorenewal if allowed by your hosting provider.
- Integrated with cPanel, Plesk and most hosting providers.
- Update the site URL and enforce SSL.
- Proper 301 redirect to https.
- Integrated with most-used plugins and WP configurations.
- Scan your site for mixed content.
- Automatically fix 99% of mixed content.
- Receive suggested fixes for any remaining issues.
link not available