{"id":66199,"date":"2017-04-07T00:23:17","date_gmt":"2017-04-07T00:23:17","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/wp-admin-protect\/"},"modified":"2026-04-23T12:45:38","modified_gmt":"2026-04-23T12:45:38","slug":"wp-admin-protect","status":"publish","type":"plugin","link":"https:\/\/te.wordpress.org\/plugins\/wp-admin-protect\/","author":15739296,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"4.0.3","stable_tag":"4.0.3","tested":"6.9.4","requires":"5.0","requires_php":"7.4","requires_plugins":null,"header_name":"Protector \u2013 Malware Removal, Firewall & Core Repair","header_author":"Marcello Ruoppolo","header_description":"Protect your WP Admin from visitors, this plugin easily change your wp-login url to hide it from users.","assets_banners_color":"656a78","last_updated":"2026-04-23 12:45:38","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/kloxstudios.com\/","header_plugin_uri":"https:\/\/kloxstudios.com\/","header_author_uri":"https:\/\/kloxstudios.com\/","rating":5,"author_block_rating":0,"active_installs":200,"downloads":5453,"num_ratings":3,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"2.6.0":{"tag":"2.6.0","author":"marcelloruoppolome","date":"2026-02-08 11:55:58"},"2.7.3":{"tag":"2.7.3","author":"marcelloruoppolome","date":"2026-02-08 12:03:05"},"3.0.0":{"tag":"3.0.0","author":"marcelloruoppolome","date":"2026-03-31 18:52:08"},"4.0.0":{"tag":"4.0.0","author":"marcelloruoppolome","date":"2026-03-31 18:52:08"},"4.0.1":{"tag":"4.0.1","author":"marcelloruoppolome","date":"2026-03-31 18:56:33"},"4.0.2":{"tag":"4.0.2","author":"marcelloruoppolome","date":"2026-04-11 09:57:17"},"4.0.3":{"tag":"4.0.3","author":"marcelloruoppolome","date":"2026-04-23 12:45:38"}},"upgrade_notice":{"4.0.0":"

Version 4.0.0 is a massive upgrade! We've transformed Protector into a full-featured security suite with a built-in Malware Scanner, Bot Honeypots, and 1-Click Site Hardening.<\/p>"},"ratings":{"1":0,"2":0,"3":0,"4":0,"5":3},"assets_icons":{"icon-128x128.jpg":{"filename":"icon-128x128.jpg","revision":1789520,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.jpg":{"filename":"icon-256x256.jpg","revision":1789520,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.jpg":{"filename":"banner-1544x500.jpg","revision":2156965,"resolution":"1544x500","location":"assets","locale":""},"banner-1800x690.jpg":{"filename":"banner-1800x690.jpg","revision":2156965,"resolution":"1800x690","location":"assets","locale":""},"banner-772x250.jpg":{"filename":"banner-772x250.jpg","revision":2156965,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["2.6.0","2.7.3","3.0.0","4.0.0","4.0.1","4.0.2","4.0.3"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3495931,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3495931,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3495931,"resolution":"3","location":"assets","locale":""},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3495931,"resolution":"4","location":"assets","locale":""},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3495931,"resolution":"5","location":"assets","locale":""},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3495931,"resolution":"6","location":"assets","locale":""}},"screenshots":{"1":"1-Click Security Dashboard:<\/strong> See your live protection status and activate shields instantly.","2":"Login Fortress:<\/strong> Configure your secret login URL and deploy invisible honeypot traps.","3":"Site Hardening:<\/strong> Fortify your WordPress installation against XSS and XML-RPC attacks with simple toggles.","4":"Advanced Protection:<\/strong> Unlock enterprise-grade tools like IP Lockouts and 2FA (Pro features).","5":"Malware Threat Scanner:<\/strong> Run deep server scans, detect infected files, and verify core integrity.","6":"Live Attack Log:<\/strong> Watch the firewall work in real-time as it blocks malicious IPs and bot networks."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[2439,1174,55021,259955,600],"plugin_category":[54],"plugin_contributors":[148963],"plugin_business_model":[],"class_list":["post-66199","plugin","type-plugin","status-publish","hentry","plugin_tags-brute-force","plugin_tags-firewall","plugin_tags-malware-scanner","plugin_tags-repair-core","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_contributors-marcelloruoppolome","plugin_committers-marcelloruoppolome","plugin_support_reps-marcelloruoppolome"],"banners":{"banner":"https:\/\/ps.w.org\/wp-admin-protect\/assets\/banner-772x250.jpg?rev=2156965","banner_2x":"https:\/\/ps.w.org\/wp-admin-protect\/assets\/banner-1544x500.jpg?rev=2156965","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/wp-admin-protect\/assets\/icon-128x128.jpg?rev=1789520","icon_2x":"https:\/\/ps.w.org\/wp-admin-protect\/assets\/icon-256x256.jpg?rev=1789520","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/wp-admin-protect\/assets\/screenshot-1.png?rev=3495931","caption":"1-Click Security Dashboard:<\/strong> See your live protection status and activate shields instantly."},{"src":"https:\/\/ps.w.org\/wp-admin-protect\/assets\/screenshot-2.png?rev=3495931","caption":"Login Fortress:<\/strong> Configure your secret login URL and deploy invisible honeypot traps."},{"src":"https:\/\/ps.w.org\/wp-admin-protect\/assets\/screenshot-3.png?rev=3495931","caption":"Site Hardening:<\/strong> Fortify your WordPress installation against XSS and XML-RPC attacks with simple toggles."},{"src":"https:\/\/ps.w.org\/wp-admin-protect\/assets\/screenshot-4.png?rev=3495931","caption":"Advanced Protection:<\/strong> Unlock enterprise-grade tools like IP Lockouts and 2FA (Pro features)."},{"src":"https:\/\/ps.w.org\/wp-admin-protect\/assets\/screenshot-5.png?rev=3495931","caption":"Malware Threat Scanner:<\/strong> Run deep server scans, detect infected files, and verify core integrity."},{"src":"https:\/\/ps.w.org\/wp-admin-protect\/assets\/screenshot-6.png?rev=3495931","caption":"Live Attack Log:<\/strong> Watch the firewall work in real-time as it blocks malicious IPs and bot networks."}],"raw_content":"\n

Every day, thousands of WordPress sites are hacked. Most security plugins offer protection, but they come with a massive cost: they slow down your server with bloated features and complex settings.<\/p>\n\n

Protector is different.<\/strong> It is a lightweight, AI-ready security layer that turns your WordPress site into a digital fortress without compromising speed. Whether you are trying to recover a hacked site or proactively defend your business, Protector delivers enterprise-grade security that anyone can configure.<\/p>\n\n

With our new 1-Click Security Overview Dashboard<\/strong>, you can activate all recommended protections and block 98% of automated attacks in under 8 seconds.<\/p>\n\n

\ud83d\udcd6 Read the Official Documentation here<\/a><\/strong><\/p>\n\n

\ud83e\udda0 Malware Threat Scanner & Auto-Repair<\/h3>\n\n

Don't just find malware; destroy it. Our deep, recursive local scanner verifies your WordPress integrity without crashing your server:\n* Core Integrity Verification:<\/strong> Cross-references all Core files against the official WordPress.org checksums.\n* Advanced Pattern Detection:<\/strong> Detects suspicious code patterns (like eval<\/code>, base64_decode<\/code>, shell_exec<\/code>) hidden in your files.\n* 1-Click Auto-Repair:<\/strong> Found a modified core file? Click \"Repair\" and Protector will automatically fetch a clean, original version directly from the official WP SVN and overwrite the infected file.<\/p>\n\n

\ud83d\udee1\ufe0f Login Fortress (Brute-Force Protection)<\/h3>\n\n

Hackers relentlessly target the wp-login.php<\/code> page. We make it disappear.\n* Secret Login URL:<\/strong> Hide wp-login.php<\/code> completely. Any unauthorized attempt will be instantly redirected to a custom URL of your choice.\n* Smart Honeypots:<\/strong> Inject invisible fields into your login and comment forms to trap and block spam\/brute-force bots automatically.\n* Block Username Scanning:<\/strong> Prevent attackers from discovering your admin usernames via ?author=1<\/code> enumeration.<\/p>\n\n

\ud83d\udd12 1-Click Site Hardening<\/h3>\n\n

Lock down common vulnerabilities instantly:\n* Security Headers:<\/strong> Protect against XSS, Clickjacking, and MIME-Sniffing attacks with a single toggle.\n* XML-RPC Control:<\/strong> Disable XML-RPC completely to eliminate one of the biggest brute-force attack vectors on WordPress.\n* Version Obfuscation:<\/strong> Hide your WordPress version from the source code so hackers can't target known exploits.\n* Restrict REST API:<\/strong> Block public access to endpoints that expose sensitive user data.<\/p>\n\n

\ud83d\udcca Live Attack Log<\/h3>\n\n

Peace of mind you can actually see. Monitor every blocked attack, triggered honeypot, and deleted malware in real-time straight from your dashboard.<\/p>\n\n

\ud83d\ude80 Upgrade to KloxStudios Pro<\/h3>\n\n

Need absolute maximum power? Protector integrates seamlessly with the KloxStudios Cloud AI. Pro users unlock Cloud AI Malware Verification for 3rd-party plugins\/themes, Automatic IP Lockouts, Instant Admin Login Alerts (Email & Webhook), and 2FA.<\/p>\n\n\n

You don't need a PhD in cybersecurity to secure your site.\n1. Upload the protector-security<\/code> folder to the \/wp-content\/plugins\/<\/code> directory (or install directly via the WP Plugin directory).\n2. Activate the plugin through the 'Plugins' menu in WordPress.\n3. Navigate to the new \"Protector\" menu in your dashboard.\n4. Click the massive yellow \"Activate Full Protection Now\"<\/strong> button on the dashboard for instant, 1-click security.<\/p>\n\n

For detailed configuration guides, visit our Official Documentation<\/a>.<\/p>\n\n\n

\n

How do I use the secret login URL?<\/h3><\/dt>\n
    \n
  1. Go to the \"Protector\" menu > \"Login Fortress\" tab.<\/li>\n
  2. Toggle the 'Change your secret login URL' option.<\/li>\n
  3. Set your 'Secret Login Term' (e.g., mysecretaccess<\/code>).<\/li>\n
  4. Save changes and use your new login URL: yoursite.com\/wp-login.php?mysecretaccess<\/code>.<\/li>\n<\/ol><\/dd>\n

    What if I forget my secret term and get locked out?<\/h3><\/dt>\n

    Don't panic! You can temporarily disable the plugin by renaming the protector-security<\/code> folder inside wp-content\/plugins\/<\/code> via FTP or your hosting File Manager. This will instantly restore the default wp-login.php<\/code> access.<\/p><\/dd>\n

    Will the Malware Scanner slow down my site?<\/h3><\/dt>\n

    No! The scanner uses AJAX-based asynchronous batch processing. This means it scans your files in small chunks, preventing server timeouts and CPU spikes, even on massive websites with thousands of files.<\/p><\/dd>\n\n<\/dl>\n\n\n

    4.0.3<\/h4>\n\n
      \n
    • Fix: Resolved an issue where the Secret Login URL feature would incorrectly redirect valid users during form submission (POST request). The secret term is now securely validated during the login process.<\/li>\n
    • Tweak: Minor internal code refactoring for authentication hooks.<\/li>\n<\/ul>\n\n

      4.0.2<\/h4>\n\n
        \n
      • Fix: Resolved a bug in the Settings API where saving one tab disabled the options in other tabs.<\/li>\n
      • Tweak: Separated option groups to improve form modularity and save actions.<\/li>\n<\/ul>\n\n

        4.0.0<\/h4>\n\n
          \n
        • Major Overhaul: Complete UI\/UX redesign with a new Security Overview Dashboard.<\/li>\n
        • New: Malware Threat Scanner (verifies WP core files and detects suspicious patterns).<\/li>\n
        • New: Auto-Repair modified Core files directly from WordPress.org SVN.<\/li>\n
        • New: Login & Comment Honeypots to trap spam and brute-force bots.<\/li>\n
        • New: Site Hardening options (Security Headers, Disable XML-RPC, Restrict REST API).<\/li>\n
        • New: Live Attack Log to monitor blocked threats in real-time.<\/li>\n
        • New: Quick Setup - Secure your site in 1-click.<\/li>\n
        • Performance: AJAX-based batch scanning to prevent server timeouts on large sites.<\/li>\n
        • Security: Added Pro Add-on architecture readiness.<\/li>\n<\/ul>\n\n

          2.7.3<\/h4>\n\n
            \n
          • Fix: Resolved \"Too Many Redirects\" error by switching to wp_redirect.<\/li>\n
          • Security: Added data sanitization and escaping for all inputs.<\/li>\n
          • Performance: Removed all external CSS\/JS dependencies (FontAwesome\/Grids).<\/li>\n<\/ul>\n\n

            2.6.0<\/h4>\n\n
              \n
            • New Security Algorithm.<\/li>\n<\/ul>\n\n

              2.5.0<\/h4>\n\n
                \n
              • Layout improvements and new security features.<\/li>\n<\/ul>","raw_excerpt":"Protect your WordPress. The ultimate lightweight security suite. Block brute-force attacks, auto-repair infected core files, hide your login URL, set …","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/te.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/66199","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/te.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/te.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/te.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=66199"}],"author":[{"embeddable":true,"href":"https:\/\/te.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/marcelloruoppolome"}],"wp:attachment":[{"href":"https:\/\/te.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=66199"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/te.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=66199"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/te.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=66199"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/te.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=66199"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/te.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=66199"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/te.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=66199"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}