Tag: security scan

  • Safety Ninja PRO (Utilities)

    Safety Ninja PRO (Utilities)

    Contact us. We'll get back to you ASAP!Subscribe to our items RSS feedFollow us and be the first to get new exciting items!

    Years of industry’s best practices on security combined in one plugin! Click to test the plugin NOW

    • perform 40+ security tests including brute-force attacks
    • check your site for security vulnerabilities and holes
    • checks for Timthumb vulnerability
    • take preventive measures against attacks
    • don’t let script kiddies hack your site
    • use included code snippets for quick fixes
    • extensive help and descriptions of tests included
    • Core Scanner module – compares all core files to their master copies on wp.org
    • Malware Scanner module – makes sure your theme and plugin files are clean
    • Events Logger module – saves every single event that happens on the site, including all failed login attempts
    • Scheduled Scanner module – runs tests on its own, so you don’t have to

    Changelog

    v5.0 - November 24th, 2016
    * first release on CC
    

    Everything and anything about WordPress in one place

  • Malware Scanner add-on for Safety Ninja (Add-ons)

    Malware Scanner add-on for Safety Ninja (Add-ons)

    Contact us. We'll get back to you ASAP!Subscribe to our items RSS feedFollow us and be the first to get new exciting items!


    Security Ninja add-on

    Keep your plugin, theme and custom files in check!

    • one click scan – quickly identify problematic files
    • scan all (active and disabled) theme files
    • scan all (active and disabled) plugin files
    • scan all files uploaded to wp-content folder
    • scan options DB table
    • more than 20 tests performed on each file
    • detects malicious code even if it’s obfuscated
    • see exact parts of the file that malware scanner marked as suspicious
    • whitelist files that you have inspected and know are safe
    • optimised for large WP installations with numerous files
    • complete integration with Security Ninja’s easy-to-use GUI
    • compatible with all themes and plugins

    Demo and details

    Changelog

    v1.0 - March 4th 2015
    * initial release
    

    Is it WordPress?

  • Sensible Safety Instruments (Utilities)

    Sensible Safety Instruments (Utilities)

    Plugin Home Page
    Support Forums
    Follow on Twitter
    Video on Youtube

    Plugin Information

    Smart Security Tools is a powerful plugin for improving security of your WordPress powered website. Plugin contains collection of tweaks and tools for extra security protection along with Security Advisor that can help you determine what needs to be done. Plugin includes integration of Sucuri Free Security Scanner (shows malware on the website and blacklisting status on major security related websites). Plugin includes database based Security Log that can log different event types you can use to detemerime problems, potential attacks and exploits, IP’s used for access, referers, user agents… You can ban IP’s from Security Log.

    Security Advisor will help you get started

    Security Advisor will help you get started
    Plugin offers tips on what you need to improve on your website. Based on the status of tips on this panel, plugin will calculate security percentage. It is important to follow all recommended tips and as much as you need optional tips.

    Collection of easy to use security tweaks

    Collection of easy to use security tweaks
    General tweaks are easy to set up, and you can solve many security issues directly with these. Some of these tweaks, if active will also log security events into database.

    List of general tweaks
    • Prevent SQL injections
    • Prevent too long URL’s
    • Simple registration honeypot
    • Remove errors from login screen
    • Restrict username length
    • Remove username from comments CSS classes
    • Remove WordPress version
    • Remove RSD link
    • Remove WLW manifest link
    • Disable XML-RPC

    Collection of powerful .htaccess enhancements

    Collection of powerful .htaccess enhancements
    Most important security features are implemented using .htaccess file in the WordPress root directory. This is available only for Apache (and LiteSpeed) based web servers.

    List of .htaccess tweaks
    • Prevent WordPress installation directory browsing
    • Disable the Server Signature on server error pages
    • Deny all comments requests with no valid referer
    • Prevent access to WordPress root system files
    • Ban access to IP’s banned in Security Log
    • Ban access to additional listed IP’s
    • Limit body size of a single request and file upload size
    • Prevent access to XML-RPC due to Pingback Vulnerability
    • Disable Trace and Track request methods
    • Blacklist Query Strings using listed rules
    • Blacklist Request Strings using listed rules
    • Blacklist User Agents using listed rules

    Security Logs to track security related events
    Security Log adds two database tables to log all sorts of security related events. For each event you will get information about user (or visitor), IP, user agent, referer and other information depending on event that can help you track sources of new security probes or attacks. You can ban IP addresses through the security log panel.

    List of events types logged by plugin
    • Login
    • Logout
    • Login Error
    • Error 404
    • Registration
    • Registration Honeypot
    • SQL Injection URL
    • Too Long URL

    Other Plugin Features Included

    • Change ‘admin’ username if exists
    • Change any username
    • Export and Import settings
    • Support for Multisite WordPress mode

    System and WordPress Requirements

    • WordPress 3.2 or newer
    • PHP 5.2.4 or newer
    • Apache Web Server (for .htaccess based tweaks and tools)
    • Access to .htaccess file (if not, you need to manually add changes to it)

    Disclaimers

    • For .htaccess based tweaks and tools plugin supports only Apache (and LiteSpeed) web servers. If you use some other web server, you can only use other plugin features.
    • Make sure you read plugin documentation and all the information provided by the plugin for each tweak and tool.
    • If you make changes to blacklist .htaccess tweaks, or list of IP’s to ban, be careful with those changes, or you can even lock yourself out of the website.
    • You are using Smart Security Tools for WordPress at your own risk.

    Changelog

    Version 1.0 / 2013.11.22.
    • First version
  • 5sec Google Authenticator 2-Step Login Safety (Utilities)

    5sec Google Authenticator 2-Step Login Safety (Utilities)

    Contact us. We'll get back to you ASAP!Subscribe to our items RSS feedFollow us and be the first to get new exciting items!

    Add bank-grade security powered by Google to your site

    Each login requires a new, unique, time restrained OTP (one time password) your phone generates. Even if someone knows your password they won’t be able to login. If someone tricks you into clicking “remember password” on an unsafe computer – it won’t matter! If someone steals an old OTP – even that won’t matter because they’re valid for only 2 minutes!

    Forgot to log out? No worries!

    The auto log out feature protects your account by automatically logging you out after a preset amount of time. You won’t leave the page as the log in form will be opened in a lightbox. After you enter a new OTP you’ll still be on that page and continue doing work.

    Brute-force attacks got you pinned down? We have your back!

    Built-in IP based brute-force protection ensures ease of mind even in the worst scenarios when you’re attacked by thousands of bots. Fine tuning of the ban rules allows you to ban them from logging in or even from accessing the whole site. Don’t worry, you can easily whitelist your own IP so you don’t lock yourself out.

    Features

    • two step login process adds extra protection to your site
    • no extra SMS charges or anything simmilar
    • nobody can hack you even if they know your password
    • nobody can login to your account without your phone and a freshly generated OTP
    • per-user option for enabling/disabling two step authentication
    • protect your site from users who love to click “remember my password”
    • auto log-out feature to ensure nobody uses the admin after you do
    • complete brute-force attack protection with 5 options to fine tune ban rules
    • IP whitelist option for brute-force protection
    • mobile apps available for iPhone, iPad, Android & BlackBerry
    • if your phone dies or gets lost there’s a secret URL (uniquely generated for each site) you can use to login with only username & password
    • QR codes are automatically sent to new users; or you can always email them later via the users screen (as many users as needed can be emailed at once)
    • translation ready
    • famous 5sec concept for easy setup & usage
    • easy-to-use native WordPress GUI
    • professional & fast support
    • detailed documentation and in-line help on every step
    • more details, info & help

    Changelog

    v1.15 - October 13th 2013
    * added per-user option to enable/disable two step authentication
    * fixed a few bugs
    
    v1.1 - October 9th 2013
    * added whitelist IP option to brute-force module
    * added mass email option on users screen so that QR codes can be sent to existing users
    * fixed a few bugs
    
    v1.0 - October 5th 2013
    * initial release
    

     

    Is it WordPress?

  • 5sec Google Authenticator 2-Step Login Safety (Utilities)

    5sec Google Authenticator 2-Step Login Safety (Utilities)

    Contact us. We'll get back to you ASAP!Subscribe to our items RSS feedFollow us and be the first to get new exciting items!

    Add bank-grade security powered by Google to your site

    Each login requires a new, unique, time restrained OTP (one time password) your phone generates. Even if someone knows your password they won’t be able to login. If someone tricks you into clicking “remember password” on an unsafe computer – it won’t matter! If someone steals an old OTP – even that won’t matter because they’re valid for only 2 minutes!

    Forgot to log out? No worries!

    The auto log out feature protects your account by automatically logging you out after a preset amount of time. You won’t leave the page as the log in form will be opened in a lightbox. After you enter a new OTP you’ll still be on that page and continue doing work.

    Brute-force attacks got you pinned down? We have your back!

    Built-in IP based brute-force protection ensures ease of mind even in the worst scenarios when you’re attacked by thousands of bots. Fine tuning of the ban rules allows you to ban them from logging in or even from accessing the whole site. Don’t worry, you can easily whitelist your own IP so you don’t lock yourself out.

    Features

    • two step login process adds extra protection to your site
    • no extra SMS charges or anything simmilar
    • nobody can hack you even if they know your password
    • nobody can login to your account without your phone and a freshly generated OTP
    • per-user option for enabling/disabling two step authentication
    • protect your site from users who love to click “remember my password”
    • auto log-out feature to ensure nobody uses the admin after you do
    • complete brute-force attack protection with 5 options to fine tune ban rules
    • IP whitelist option for brute-force protection
    • mobile apps available for iPhone, iPad, Android & BlackBerry
    • if your phone dies or gets lost there’s a secret URL (uniquely generated for each site) you can use to login with only username & password
    • QR codes are automatically sent to new users; or you can always email them later via the users screen (as many users as needed can be emailed at once)
    • translation ready
    • famous 5sec concept for easy setup & usage
    • easy-to-use native WordPress GUI
    • professional & fast support
    • detailed documentation and in-line help on every step
    • more details, info & help

    Changelog

    v1.15 - October 13th 2013
    * added per-user option to enable/disable two step authentication
    * fixed a few bugs
    
    v1.1 - October 9th 2013
    * added whitelist IP option to brute-force module
    * added mass email option on users screen so that QR codes can be sent to existing users
    * fixed a few bugs
    
    v1.0 - October 5th 2013
    * initial release
    

     

    Is it WordPress?