Description
Every day, thousands of WordPress sites are hacked. Most security plugins offer protection, but they come with a massive cost: they slow down your server with bloated features and complex settings.
Protector is different. It is a lightweight, AI-ready security layer that turns your WordPress site into a digital fortress without compromising speed. Whether you are trying to recover a hacked site or proactively defend your business, Protector delivers enterprise-grade security that anyone can configure.
With our new 1-Click Security Overview Dashboard, you can activate all recommended protections and block 98% of automated attacks in under 8 seconds.
📖 Read the Official Documentation here
🦠 Malware Threat Scanner & Auto-Repair
Don’t just find malware; destroy it. Our deep, recursive local scanner verifies your WordPress integrity without crashing your server:
* Core Integrity Verification: Cross-references all Core files against the official WordPress.org checksums.
* Advanced Pattern Detection: Detects suspicious code patterns (like eval, base64_decode, shell_exec) hidden in your files.
* 1-Click Auto-Repair: Found a modified core file? Click « Repair » and Protector will automatically fetch a clean, original version directly from the official WP SVN and overwrite the infected file.
🛡️ Login Fortress (Brute-Force Protection)
Hackers relentlessly target the wp-login.php page. We make it disappear.
* Secret Login URL: Hide wp-login.php completely. Any unauthorized attempt will be instantly redirected to a custom URL of your choice.
* Smart Honeypots: Inject invisible fields into your login and comment forms to trap and block spam/brute-force bots automatically.
* Block Username Scanning: Prevent attackers from discovering your admin usernames via ?author=1 enumeration.
🔒 1-Click Site Hardening
Lock down common vulnerabilities instantly:
* Security Headers: Protect against XSS, Clickjacking, and MIME-Sniffing attacks with a single toggle.
* XML-RPC Control: Disable XML-RPC completely to eliminate one of the biggest brute-force attack vectors on WordPress.
* Version Obfuscation: Hide your WordPress version from the source code so hackers can’t target known exploits.
* Restrict REST API: Block public access to endpoints that expose sensitive user data.
📊 Live Attack Log
Peace of mind you can actually see. Monitor every blocked attack, triggered honeypot, and deleted malware in real-time straight from your dashboard.
🚀 Upgrade to KloxStudios Pro
Need absolute maximum power? Protector integrates seamlessly with the KloxStudios Cloud AI. Pro users unlock Cloud AI Malware Verification for 3rd-party plugins/themes, Automatic IP Lockouts, Instant Admin Login Alerts (Email & Webhook), and 2FA.
Captures d’écrans
1-Click Security Dashboard: See your live protection status and activate shields instantly. 
Login Fortress: Configure your secret login URL and deploy invisible honeypot traps. 
Site Hardening: Fortify your WordPress installation against XSS and XML-RPC attacks with simple toggles. 
Advanced Protection: Unlock enterprise-grade tools like IP Lockouts and 2FA (Pro features). 
Malware Threat Scanner: Run deep server scans, detect infected files, and verify core integrity. 
Live Attack Log: Watch the firewall work in real-time as it blocks malicious IPs and bot networks.
Installation
You don’t need a PhD in cybersecurity to secure your site.
1. Upload the protector-security folder to the /wp-content/plugins/ directory (or install directly via the WP Plugin directory).
2. Activate the plugin through the ‘Plugins’ menu in WordPress.
3. Navigate to the new « Protector » menu in your dashboard.
4. Click the massive yellow « Activate Full Protection Now » button on the dashboard for instant, 1-click security.
For detailed configuration guides, visit our Official Documentation.
FAQ
-
How do I use the secret login URL?
-
- Go to the « Protector » menu > « Login Fortress » tab.
- Toggle the ‘Change your secret login URL’ option.
- Set your ‘Secret Login Term’ (e.g.,
mysecretaccess). - Save changes and use your new login URL:
yoursite.com/wp-login.php?mysecretaccess.
-
What if I forget my secret term and get locked out?
-
Don’t panic! You can temporarily disable the plugin by renaming the
protector-securityfolder insidewp-content/plugins/via FTP or your hosting File Manager. This will instantly restore the defaultwp-login.phpaccess. -
Will the Malware Scanner slow down my site?
-
No! The scanner uses AJAX-based asynchronous batch processing. This means it scans your files in small chunks, preventing server timeouts and CPU spikes, even on massive websites with thousands of files.
Avis
Contributeurs/contributrices & développeurs/développeuses
« Protector – Malware Removal, Firewall & Core Repair » est un logiciel libre. Les personnes suivantes ont contribué à cette extension.
Contributeurs
Traduisez « Protector – Malware Removal, Firewall & Core Repair » dans votre langue.
Le développement vous intéresse ?
Parcourir le code, consulter le SVN dépôt, ou s’inscrire au journal de développement par RSS.
Journal des modifications
4.0.3
- Fix: Resolved an issue where the Secret Login URL feature would incorrectly redirect valid users during form submission (POST request). The secret term is now securely validated during the login process.
- Tweak: Minor internal code refactoring for authentication hooks.
4.0.2
- Fix: Resolved a bug in the Settings API where saving one tab disabled the options in other tabs.
- Tweak: Separated option groups to improve form modularity and save actions.
4.0.0
- Major Overhaul: Complete UI/UX redesign with a new Security Overview Dashboard.
- New: Malware Threat Scanner (verifies WP core files and detects suspicious patterns).
- New: Auto-Repair modified Core files directly from WordPress.org SVN.
- New: Login & Comment Honeypots to trap spam and brute-force bots.
- New: Site Hardening options (Security Headers, Disable XML-RPC, Restrict REST API).
- New: Live Attack Log to monitor blocked threats in real-time.
- New: Quick Setup – Secure your site in 1-click.
- Performance: AJAX-based batch scanning to prevent server timeouts on large sites.
- Security: Added Pro Add-on architecture readiness.
2.7.3
- Fix: Resolved « Too Many Redirects » error by switching to wp_redirect.
- Security: Added data sanitization and escaping for all inputs.
- Performance: Removed all external CSS/JS dependencies (FontAwesome/Grids).
2.6.0
- New Security Algorithm.
2.5.0
- Layout improvements and new security features.